1

This is probably a very simple problem but I cant see the solution and its really beginning to bug me!

I have a simple ASP.Net MVC2 application which is intended as a learning aid which requires users to log in by providing username and password. These are authenticated against a DB using a membership provider was created and configured using the aspnet_regsql tool.

The web config looks like this (which I think is right... maybe not sure about the forms authentication bit however):

<authentication mode="Forms">
  <forms loginUrl="~/Account/LogOn" timeout="2380"/>
</authentication>
<membership>
  <providers>
    <clear />
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
  </providers>
</membership>
<profile>
  <providers>
    <clear />
    <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
  </providers>
</profile>
<roleManager enabled="false">
  <providers>
    <clear />
    <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
    <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
  </providers>
</roleManager>

The code in the view which performs the log procedure looks like this:

public ActionResult LogOn()
{
    return View();
}

[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
    if (ModelState.IsValid){
        if (MembershipService.ValidateUser(model.UserName, model.Password)){
            FormsService.SignIn(model.UserName, model.RememberMe);
            if (!String.IsNullOrEmpty(returnUrl)){
                return Redirect(returnUrl);
            }
            else{
                return RedirectToAction("Index", "Home");
            }
        }
        else{   
            ModelState.AddModelError("", "The user name or password provided is incorrect.");
        }
    }

    // If we got this far, something failed, redisplay form
    return View(model);
}

And each method in the controller which requires security applied is tagged like so:

[Authorize]
public ActionResult New() {
  return View();
}

[Authorize]
[HttpPost]
public ActionResult New(FormCollection collection) {
    //do something...
}

I have also tagged the controller class with [Authorize] also.

However, when I log in to the site by creating a new item or editing an existing item I get logged out very quickly after logging in.

Do private methods in the controller also need to marked with [Authorize] and would this cause someone to get logged out?

Thanks for your help,

Morris

Morrislgn
  • 3,717
  • 4
  • 24
  • 26
  • Are you getting logged out quickly in a development environment or a production environment or when in debug mode? – Nick Larsen Apr 17 '11 at 23:34
  • Hi, sorry for taking to long to come back to you on this. I didnt realise you had posted this comment. It is a prod environment. But I was wondering if it is to with my webconfig set up or is it more likely IIS? – Morrislgn May 24 '11 at 07:36

0 Answers0