Asp.net Forms Authentication Ticket Expiration

Hello B P,

Indeed, RadAjax handles the session timeout and when the session of the authorized user expires they will be redirected to the login page.
For your convenience I am attaching a sample project so you could see how it works. Check it out and let me know if any questions arise.

Regards,
Iana
the Telerik team

Thanks lana!

I will check out the project and let you know if I have any questions.  I sure appreciate it!

Greetings

I have a question with respect to this topic - I am using form authentication and declaring user credentials in the web.config file ( since my application is limited to a few number of users 7 - I didnt feel the need to use Sqlmembership provider)

I have some Telerik ajaxsified pages in a master page. Post authentication, I give user access to some of these pages. The authentication works well, however, after some ajax requests my users are logged out. This behavior is only ocurring in the production server.

I have tried many things to keep the user login, like using sliding expiration set to false and machinekey on the web.config file. I even use  FormsAuthentication.RedirectFromLoginPage(userName.Text, true);

However, my website keeps login me out after some ajax calls

Do you have any idea of what i might be doing wrong?

ps - my login form has not been ajaxified, it is a normal asp login control

Hello Sergio,

I suggest that you enable back the sliding expiration and additionally increase the session time.
However can you specify if the users are logged out after they have been logged for the same time when the unexpected behavior is observed? Or are there any particular actions they performed? Additionally, does this happen just after the ajax request or after the page is idle for some time?
To isolate the issue further you can temporary disable ajax and confirm the issue does not persist.

Best wishes,
Iana
the Telerik team

Thanks for your response Iana

I did some testing and I noticed a few things - The loggout behavior is more frequent when the user interact with a RadGrid, I increase the TimeOut Session to a very large number, yet, the master page stills logs me out. Say for instance if i were to use the paging or filter cabilities of a RadGrid - In some cases, it shows me a loading panel for my Ajex Request and then It kicks me out.

This does not happen everytime time the user interact with the RadGrid, However. but it is very frequent. I wonder if my ajax request is somehow overwritting my session. My Web.Config file almost completely emulates the one in the above radajaxandAuthentication file but with a larger timeout of course.

I even change my authentication to SqlMembership Provider in an attempt to make it better. Nevertheless, the problem persist.

Is there a best practice documentation for mixing login controls, telerik controls and master pages?

I appreciate your help

Greetings

It seemed that this was not an authentication problem. Using fiddler I notice that my application generates a WebResources.axd? link error as well as ScriptResources.axd. For some reason my page ajaxsification is not fully render. This what was making my user to get boot out.

Some Documentation stated this as a solution


Another proposed solution was the utilization of the RadStyleSheetManager given that it is said to decrease the number of WebResources.axd requests. However, after using both approach my probelm still persist.

My content pages are using some ajaxcontroltoolkit controls in combination with telerik controls. Most of the scriptmanagers called into my content pages are Ajaxcontroltoolkit managers. Consequently, I call the RadAjaxmanager to ajaxify the rad controls.
I added Scriptmanager to each content page, so no use of scriptproxy.

I was probably naive in thinking that the two controls will work on a production envairoment with no problem. but I must say the app run very smooth on my computer. ( Yeah, am not the first one saying that.... :-) )

Does the telerik team has another posible solution alternative for this problem?

Please let me know

Hi Sergio,

Reading your previous post my first assumption was that the issue is cause due to an error in the application. However I am not sure if this could be a server-side or client-side one. Is there any error message you can share for further reference?

Additionally, does it makes any difference if you modify the code in the web.config as below makes any difference:


You can also check the below blog posts and try the suggestions provided there:

http://blogs.telerik.com/AtanasKorchev/Posts/08-07-18/Web_Resources_demystified_Part_3_Troubleshooting.aspx
http://blogs.telerik.com/veselinvasilev/posts/10-03-16/common_reasons_for_the_lsquo_sys_is_undefined_rsquo_error_in_asp_net_ajax_applications.aspx

Regards,
Iana
the Telerik team

Sorry for what I write on this old topic but I had the same question. I use RadGrid with lot of controls that update grid, somethink like this:

            <telerik:AjaxSetting AjaxControlID="combo or treview or checkbox or listbox...">
                <UpdatedControls>
                    <telerik:AjaxUpdatedControl ControlID="MainRadGrid" LoadingPanelID="RadAjaxLoadingPanel1" />
                </UpdatedControls>

and thats works perfectly. The problem is when I stand on this page long enough to session expires. After it expires, every controls trigers RadAjaxLoadingPanel1 like something is working but no efect. In other words, every controls no longer works until I reload entire page and session continue because "remember me" is checked. Why ajaxified controls dont work when session expires?  In my opinion AjaxControl should reconnect session if "remember me" is checked or redirect to login page if not.

    <authentication mode="Forms">
      <forms loginUrl="login.aspx" protection="None" ticketCompatibilityMode="Framework40" timeout="43829" name="PEauth" slidingExpiration="true" />
    </authentication>

Hello Sergio,

Indeed, the expected behavior in this case is the user to be redirected to the login page. However, can you handle the OnAsyncPostBackError event of the ScriptManager and see if the issue can be handled there?

Regards,
Iana
the Telerik team

Why redirection to login page if persistent forms-authentication is used (option "remember me" is checked)?

Hi Gosha

You know I had a similar problem, My application was sending some Async Calls but yet the session was timing out. The application work just fine in my computer, but when I placed it in the hosting environment the problems started.

Does this sound familiar? After trying some many other venues, I changed the Machine Key and all of the sudden the problems went away. Now the application abides by the value of the timeout property in the forms tag.

Try this before adding any additional code to your site.. I really hope this helps.. I remember this being a very frustrating problem.. Below is an example:


Sergio

I know for that, I use <forms loginUrl="login.aspx" protection="None" ...> tag. Later I will mess with protection="All" and MachineKey.

So, "remember me" works both on local iis and remote iis. If session expired, browser automaticaly re-connect and show page. Problem is when i use Ajax request, then browsing just dont work (read my previous post). Every Ajaxified control that I try does not work. The only way to solve make mu forms react to commands is to refresh entire page and then all controls normally works.

Therefore, how to make Ajaxt Control to re-connect expired session just in the same manner like page refresh does? It is stupid to say my clients: "if you do not use an application more than 20 minutes all the controls will stop working and you must refresh the entire page to make them working!".

Hello Sergio,

The default behavior when the session expires is redirection to the login page. Ajax could not know if you have the remember me option checked or not. However if without ajax the application is behaving as you desired, it should work with ajax either. But for some reason after session expires in your case, the default flow is aborted. To isolate why this happens, I suggest that you check if any error is thrown by handling the previously mentioned event. Can you check that out?

All the best,
Iana
the Telerik team