Re: Forms Authentication Ticket Reissue
From: Hernan de Lahitte (hernan_at_lagash.com)
Date: 03/30/05
- Next message: Wayne Carlaw: "Cancelling Authentication Request"
- Previous message: Brock Allen: "Re: redirecting to main page"
- In reply to: Stefan Leyhane: "Forms Authentication Ticket Reissue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Mar 2005 13:46:13 -0300
What path do you have configured in the path attribute in Forms
configuration ? (the default "/" perhaps?)
The ticket renewal will use the same path that you have configured in your
forms config section or the ccokiepath parameter in RedirectFromLoginPage
method:
RedirectFromLoginPage(string userName, bool createPersistentCookie, string
strCookiePath)
This article (http://www.codeproject.com/aspnet/aspnetsinglesignon.asp) may
be of help as well.
-- Hernan de Lahitte http://weblogs.aspnet/hernandl "Stefan Leyhane" <sleyhane@gmail.com> wrote in message news:b3f9a06e.0503280932.e2adb59@posting.google.com... > When using Forms Authentication with the SlidingExpiration attribute > set to 'true', the authentication ticket is reissued sometime after > half of the timeout value specified has elapsed. > > From the documentation: > "To prevent compromised performance, and to avoid multiple browser > warnings for users that have cookie warnings turned on, the cookie is > updated when more than half the specified time has elapsed." > > How is it possible to trap the ticket reissue? I have not been able > to find an event where I can catch it (even the Application_EndRequest > event). > > Some more details: I'm using forms authentication with role-based > security in a manner very close to the way it is documented many > places such as at > "http://weblogs.asp.net/cazzu/archive/2004/07/21/FormsAuthRoles.aspx". > I'm storing the user's roles in the user data of the authentication > ticket. > > I have the added complication that I need to explicitly set the domain > on the authentication cookie since I share it with some other > applications running in other subdomains. For example, if my > application is running in 'dev.xyz.com', the cookie domain gets set to > 'xyz.com'. When the authentication ticket is reissued a cookie with > the 'dev.xyz.com' is being created instead -- causing all sorts of > problems. > > Any help is appreciated. Thanks, > > Stefan > > -- > Stefan Leyhane
- Next message: Wayne Carlaw: "Cancelling Authentication Request"
- Previous message: Brock Allen: "Re: redirecting to main page"
- In reply to: Stefan Leyhane: "Forms Authentication Ticket Reissue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
