views:

29

answers:

1

Hello,

I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism...

It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in.

However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me:

"Web.config file is to configure your website. Please do not change it if you don't know what you are doing"

Frustrating answer indeed...

To be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none.

I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting? What should I do...

Thanks for you help!

A: 

Just a shot in the dark but did you define a machinekey? If your hosting provider is using a web farm and a request is made on a different server than the user was authenticated on then the auth ticket would fail and force them to reauthenticate.

Mike
Thank you so very much sir! That was right on the money !
David Laplante