Prevent ASP.NET Forms Authentication from Timing Out on a Shared Hosting


I’m hosting a website on a shared hosting server. This site uses Forms Authentication to generate the session cookie that authenticates my users. Everything worked fine with the site, including authentication, until I tried to make it so my authentication cookies didn’t expire every 20 minutes, which is the default expiration setting for Forms Authentication


I have set following settings to my web.config


 <authentication mode="Forms"  >
      <forms loginUrl="~/Account/LogOn" timeout="2880"  />
    </authentication>

but even though the user log outs from the system in 2 mins its irritating to user.


To solve the issue we need to set machine key into the web.config file. To generate the machine key use following code snippet.


using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;

namespace keygenerator
{
    class Program
    {
        static void Main(string[] argv)
        {
           
             int   len = Convert.ToInt32(Console.ReadLine());
            byte[] buff = new byte[len / 2];
            RNGCryptoServiceProvider rng = new
                                    RNGCryptoServiceProvider();
            rng.GetBytes(buff);
            StringBuilder sb = new StringBuilder(len);
            for (int i = 0; i < buff.Length; i++)
                sb.Append(string.Format("{0:X2}", buff[i]));
            Console.WriteLine(sb);
            Console.ReadLine();
        }
    }
}


create console application and copy above code into it and run the application. First input the 64 as value and capy the key and rerun the application and put 32 as value and copy the generated key. and configure the web.config file as below tag.

 <machineKey validationKey="Copy 64 Value key here"
decryptionKey="Copy 32 Value key here"
validation="SHA1"
decryption="AES" />

Hope this post you helpful!!!!

Comments