Loosing authentication when using SQLServer for storing authentication

StackOverflow https://stackoverflow.com/questions/15404166

Question

I was using InProc mode for storing sessions in my mvc3 aplication, but because of the restarting of IIS about every 20 minutes, a changed storing authentication to SQLServer. Connection to database is fine, the session are storing, but authentication doesnt last very long its lost after the restart

Webconfig

<sessionState mode="SQLServer" timeout="2880" allowCustomSqlDatabase="true"
    sqlConnectionString="data source=mydatasource;initial catalog=mydb;user id=userid;password=password;
integrated security=False;MultipleActiveResultSets=True;"
cookieless="true" />

<authentication mode="Forms">
        <forms loginUrl="~/Account/Login" timeout="2880" slidingExpiration="true" protection="All" cookieless="UseCookies"/>
    </authentication>

Screenshot of my database

Was it helpful?

Solution 2

Ok, I finally found out what was the real problem. I had random generator for machineKey, and when the IIS was restarted new machineKey was generated so I couldnt decrypt the auth cookie. The solution is simple -> use static key if you have low level security site

OTHER TIPS

Authentication and Session are 2 completely different things:

  1. Forms Authentication
  2. ASP.NET Session

It is very important to make the distinction between those. The first is used to track authenticated users on your website. It is configured in the <authentication> section in your web.config where you could specify the timeout and validity of the cookie.

ASP.NET Session on the other hand could be used independently. of forms authentication. In your example you seem to be using both in your application. So make sure that they both have the same timeout value.

From what I can see you have set the timeout for your ASP.NET Session to be 2880. Make sure that your forms authentication cookie is also configured to the same amount:

<authentication mode="Forms">
    <forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>

If you are not using forms authentication but some other mechanism to track your authenticated users, then the problem might be somewhere else.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top