Need some ASP.NET (VB) Forms authentication help

J

joblo37pam

2[H]4U
Joined
Jun 28, 2002
Messages
2,211
I have a web app that uses the asp.net membership provider for authentication. It was working great, but I just moved to a new VPS host (upgraded from 2003 to 2008R2), and now the authentication timeout settings are not working correctly and users have to re-login every few minutes of inactivity. I haven't been able to pin down exactly how long it takes. I also have a SBS2008 (nonr2) that I am using to test code before I publish it, and everything is working correctly there.

Here is the authentication code in the root web.config:
Code: 
<authentication mode="Forms">
     <forms loginUrl="~/users/login.aspx" timeout="10080"/>
</authentication>

From what I can see, all of the IIS settings are the same, except that the R2 VPS is using IIS 7.5 and the test box is 7.0

The app is running in it's own dedicated pool that only recycles every night at midnight (I realize that this negates the 7 day timeout in the code above). The .aspxauth cookies that are set locally show the correct 7 day expiration, so it should work, right?

The only relevant info I've been able to stir up myself doesn't have a resolution: here

Any help or suggestions would be appreciated. I'm a self-taught, part-time coder, so I'm at your mercy. Thanks.

Edit: The timeout is currently around 5 minutes
 
Last edited:
There may be some differences between the (global) Web.Config and the Machine.Config files on the new host that weren't in place on the old host. I doubt a host would give out either of those files (at least not in full), but you should at least be able to send what your *.config files are on your dev machine, and ask the host if their configs are set any different.
 
This is a VPS, so I have full control over it. I haven't found anything in there that would lead me to expect this behavior. Any settings in particular I should look at?

I did find that the worker process for the App Pool was set to timeout after 5 minutes. The event log actually shows the user account logging off after the inactivity. I bumped it to 15, and the page responded accordingly. However, the test server is also set to 5 minutes and doesn't reset the client authentication.
 
I switched the application pool to run under the 'network service' account, and it seems to be working correctly, but I will have to wait to know for sure. What am I opening myself up to by doing this?
 
joblo37pam said:
I switched the application pool to run under the 'network service' account, and it seems to be working correctly, but I will have to wait to know for sure. What am I opening myself up to by doing this?
Click to expand...
What account was it running under before?
 
PTNL said:
What account was it running under before?
Click to expand...

A separate dedicated account. I have a plesk control panel installed on the host, and that is the way plesk creates dedicated app pools, but even the defaultapppool doesn't run under network service anymore in 7.5, it uses it's own 'applicationpoolidentity'.
 
You must log in or register to reply here.
Back
Top