By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,359 Members | 2,261 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,359 IT Pros & Developers. It's quick & easy.

need two authentication timeouts for internal and external users

P: n/a
I have an ASP.NET 2.0 web app using forms authentication and an ASP.NET
Membership database. Internal users access the app from the intranet, but
they are authenticated by the membership module. External users access the
app over SSL from the internet and are also authenticated the same way.

I would like to have a different authentication timeout value for each. I
want 720 minutes for internal users, so they can leave the app open all day
and only have to log in once. I want 30 minutes for external users.

I know I can set session timeout values to be different for each user by
setting Session.Timeout. Can I do something similar with the authentication
cookie? I surmise I could then force an external user to have a shorter
value, or cause an internal user to have a longer value. If I can set it this
way, where would I do it?

I considered deploying the app twice, but all other aspects of security are
working and I'd rather not have the extra maintenance.

Thanks in advance,
Ray
May 14 '07 #1
Share this Question
Share on Google+
1 Reply


P: n/a
To set the cookie timeout, IIS Manager can be used. However, It is not
possible to set different cookie timeouts using IIS Manager. To solve your
problem, I will advise you to generate the tickets manually using
FormsAuthenticationTicket class.

Depending on the domain from where users are logged in, you can set
different timeouts using Expiration attribute of the
FormsAuthenticationTicket class.

Hope it helps.
--
Vishwajit MCSD, .NET Architect
"T Ray Humphrey" wrote:
I have an ASP.NET 2.0 web app using forms authentication and an ASP.NET
Membership database. Internal users access the app from the intranet, but
they are authenticated by the membership module. External users access the
app over SSL from the internet and are also authenticated the same way.

I would like to have a different authentication timeout value for each. I
want 720 minutes for internal users, so they can leave the app open all day
and only have to log in once. I want 30 minutes for external users.

I know I can set session timeout values to be different for each user by
setting Session.Timeout. Can I do something similar with the authentication
cookie? I surmise I could then force an external user to have a shorter
value, or cause an internal user to have a longer value. If I can set it this
way, where would I do it?

I considered deploying the app twice, but all other aspects of security are
working and I'd rather not have the extra maintenance.

Thanks in advance,
Ray
May 14 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.