2

I use OWIN for Form-authentication for Single Page Application application developed using ASP.NET Web API and AngluarJS 1.5.8. We have a load balancer and web farm which consists of 4 servers.

The problem is that user is logged off by ASP.NET before timeout(30 minutes) automatically. I mean aspxauth expires before 30 minutes.

I've read that this is necessary to have the same machineKey at all nodes of web farm to prevent logoff. And I've created the same machine key, but problem of logoff still exists.

<system.web>
  <authentication mode="Forms">
     <forms loginUrl="~/Account/Login" timeout="30" ticketCompatibilityMode="Framework40" 
         protection="All" />
  </authentication>

  <compilation targetFramework="4.5.1" />
  <httpRuntime targetFramework="4.5.1" />
  <sessionState mode="Off" />
  <machineKey decryption="AES"  
      decryptionKey="123GHJKYUILM"                 
      validationKey="0FDFFGFG456HGGHCFKL" />     
</system.web>

What can be a reason of expiring aspxcookie before timeout(30 minutes)? I mean users become logged off.

StepUp
  • 36,391
  • 15
  • 88
  • 148
  • 1
    OWIN authentication has its own configuration which is configured in the Startup.Auth.cs class, the normal configuration is related to the old membership authentication, check your own startup file and see what is the time there, check this answer to know how https://stackoverflow.com/questions/22944783/how-to-set-timeout-for-owincontext-in-mvc-5 – Haitham Shaddad Jan 18 '17 at 10:24
  • @HaithamShaddad so do not I need any conditions of `OWIN` in `web.config`? – StepUp Jan 18 '17 at 11:31
  • 1
    OWIN doesn't depend on web.config, so yes, no need for web.config – Haitham Shaddad Jan 18 '17 at 15:23

0 Answers0