c# - ASP.NET MVC3 Forms Authentication Expiring Prematurely -


we have online assessment platform built mvc3. runs in iis on single dedicated server running windows server 2012 r2 on have full control. users have been reporting "getting logged out" during assessments.this problem many of our assessments have time constraints , logging in costs users valuable seconds.

i have been unable replicate issue during testing, have confirmed consulting our logs last 2 months ~15-20% of users have log in @ point during assessment. 10 months prior <2% had log in.

i have compared our current code base how 3 months ago, , nothing remotely related logging in , authentication has been changed. knowledge no settings on server have been changed.

there many hundreds of files, , thousands of lines of code in application, try , share relevant bits in hope can me resolve this. if there information have missed, leave comment , add possible.

from web.config:

<authentication mode="forms">   <forms loginurl="~/login/" timeout="300" slidingexpiration="true" /> </authentication>

this how create auth cookie:

guid user_id = /* lookup id username after verification */ string user_role = /* csv specifying roles user has */ datetime expiry = datetime.now.addhours(5); formsauthenticationticket authticket = new formsauthenticationticket(1, user_id.tostring(), datetime.now, expiry, false, user_role, "/"); httpcookie cookie = new httpcookie(formsauthentication.formscookiename, formsauthentication.encrypt(authticket)); cookie.expires = expiry;  httpcontext.current.response.cookies.add(cookie);

we user custom implementation of authorizeattribute restrict access actions this:

public class mycontroller : controller {     [customauthorize(roles = "myrole")]     public actionresult myaction()     {         // stuff         return view();     } }

which defined follows:

[attributeusage(attributetargets.method | attributetargets.class, inherited = true, allowmultiple = true)] public class customauthorizeattribute : authorizeattribute {     public override void onauthorization(authorizationcontext filtercontext)     {         string cookiename = formsauthentication.formscookiename;          if (!filtercontext.httpcontext.user.identity.isauthenticated ||             filtercontext.httpcontext.request.cookies == null ||             filtercontext.httpcontext.request.cookies[cookiename] == null         )         {             handleunauthorizedrequest(filtercontext);             return;         }          var authcookie = filtercontext.httpcontext.request.cookies[cookiename];         var authticket = formsauthentication.decrypt(authcookie.value);         string[] roles = authticket.userdata.split(',');          var useridentity = new genericidentity(authticket.name);         var userprincipal = new genericprincipal(useridentity, roles);          filtercontext.httpcontext.user = userprincipal;         base.onauthorization(filtercontext);     } }

this has been setup last 3 years, , has been last 2 months have been problematic. can see cookie set expire 5 hours after creation. users have been typically pretty vague reports, , looking @ our logs amount of time between initial login , having login again ranges anywhere between few minutes , couple of hours. have had on server @ think relevant settings , can't see thing may cause problem:

iis settings

the thing can think of cause them "logged out" authentication cookie expire prematurely (or deleted guess). talking thousands of users, hundreds of companies. many using own pcs rather provided work. if 1 has ideas @ love hear them.

since use response.add rather setcookie plus define fixed expiry date makes cookies persistent, chances users have forms cookies issued twice, if log in within these 5 hours twice.

i check if doesn't confuse forms auth module. 1 of such multiple cookies expire @ point of time , sliding expiration forces reissued. possibly opens scenario there multiple cookies in single request, of them expired.

my advice use http debugger check , replace code thst possibly makes duplicates of auth cookies.


-

Comments

Post a Comment

Popular posts from this blog

unity3d - Rotate an object to face an opposite direction -

i have object , b. when click on object b, rotates object b (a faces b). b doesn't face a. need following : when faces b, need face opposite direction. have code rotating @ b. how rotate face opposite direction after that? vector3 targetdirection = target - transform.position; float step = speed * time.deltatime; vector3 newdirection = vector3.rotatetowards (turretdome.transform.forward, targetdirection, step, 0.0f); turretdome.transform.rotation = quaternion.lookrotation (newdirection); you object facing object b, want inverse direction of object after that? objecta.transform.rotation = quaternion.inverse(objecta.transform.rotation) but lets assume example turretdome object a, (negate direction): turretdome.transform.rotation = quaternion.lookrotation (-newdirection); naturally, both of these snippets not show how smoothen rotation, seem know how use time.deltatime. just incase unsure, quaternion.lerp this
Read more

angular - Is it possible to get native element for formControl? -

i've got angular2 reactive form . created formcontrol s , assigned input fields by [formcontrol]=... . understand creates nativeelement <-> formcontrol link. my question: possible nativeelement formcontrol ? wanna myformcontrol.nativeelement.focus() i can share 1 terrible solution works me. in reactive forms can use either 1) formcontroldirective ts mycontrol = new formcontrol('') template <input type="text" [formcontrol]="mycontrol"> or 2) formcontrolname ts myform: formgroup; constructor(private fb: formbuilder) {} ngoninit() { this.myform = this.fb.group({ foo: '' }); } template <form [formgroup]="myform"> <input type="text" formcontrolname="foo"> </form> so these directives write patch like 1) formcontroldirective const originformcontrolngonchanges = formcontroldirective.prototype.ngonchanges; formcontroldirective.proto
Read more

javascript - Why jQuery Select box change event is now working? -

i working on product filters user select select box according his/her preference not getting selected value user in jquery. html code:- <select name="product_filter" id="product_filter"> <option value="price_low_first">price : low high</option> <option value="price_high_first">price : high low</option> <option value="latest">latest</option> <option value="popular">most popular</option> </select> jquery code: $(function () { $("#product_filter").change(function () { alert("hi") var selectedtext = $(this).find("option:selected").text(); var selectedvalue = $(this).val(); alert("selected text: " + selectedtext + " value: " + selectedvalue); }); }); hi believe code perfect. once please check jquery.min.js
Read more