Re: Forms Authentication

From: Svein Terje Gaup (stgaup_at_broadpark.no.spam)
Date: 05/31/04 

Date: Mon, 31 May 2004 00:14:47 +0200

Regarding your second issue, the one with the persist that doesn't work. I
stumbled into the same issue working my way through this example:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp

The example itself does not offer persisance of the logon cookie, so I tried
to extend it. The only way to set any kind of persistance is by setting it
inside the Global.asax.cs "Application_AuthnenticateRequest" event handler.

In the Logon-button click-event handler, I create a xml document which I
store inside the FormsAuthenticationTicket. The xml document contains a
value indicating wether to persist the cookie or not. If true, I set the
"Expiration" of the cookie to 365 days from now, and then replace updated
values into the cookie:

//Reset the expiration of the cookie
if(persist) {
authCookie.Expires = DateTime.Now.AddDays(365); }
//Replace updated cookie into Response
Context.Response.Cookies.Set(authCookie);

You may download the complete code from here:
http://www.geocities.com/gaupen/NETStuff.htm
The example is called "GenericPrincipalApp".

Your first problem is trickier, and I'm sorry to say I can't offer you much
help from the description you have given. What do you mean by "a multiple
control id"? Do you have the exact error message? Could you perhaps show
some code samples?

Perhaps you could check for a valid authentication cookie in
Application_AuthnenticateRequest, and do a "FormsAuthentication.Logout()" if
there isn't one.

Sincerely
Svein Terje Gaup

"Tony" <questions@resolutionsnet.co.uk> wrote in message
news:bbbbb773.0405290212.71bb6f74@posting.google.com...
> I wonder if anyone can help.
>
> We have web application using Forms Authentication that works
> perfectly ok in all environments, but in the production environment
> the forms authentication isn't timing out and returning the user to a
> login screen. Instead it tries to load the requested page and falls
> over on a multiple control id. Remember these errors don't happen in
> the Development and Testing environments.
>
> Another interesting point is, if I set the persistence of the cookie
> to true it doesn't write the cookie. The application continues to
> work, but obviously doesn't remember the user on a return (as the
> cookie isn't there). This happens in all environments.
>
> Event logs show no indication of the worker process being recycled and
> everthing seems to be ok.
>
> Any ideas or suggestions?

Quantcast