Specifying ASP.NET Forms Authentication Timeout in Code
Microsoft’s Forms Authentication is the preferred mechanism to get login and security up-and-running on ASP.NET applications. In fact, it comes enabled by default in ASP.NET MVC projects.
Typically, you’d configure the timeout via IIS, or by directly editing the
web.config for the application.
<!-- Example Web Config --> <authentication mode="Forms"> <forms name=".ASPXAUTH" loginUrl="Login.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" /> </authentication>
By default, your MVC application calls
FormsAuthentication.SetAuthCookie(), which sets a cookie using the timeout declared in your
web.config file. This is good for setting a default timeout, but there may be certain cases where you’d like a longer timeout per user role or some other criteria.
In these cases, you can use a
FormsAuthenticationTicket object to specify your own expiration...
Continue reading →