tags:

views:

37

answers:

1
+1  Q: 

How do I stop ASP.net forms authentication / session from renewing in setInterval ajax web service call?

I have a control that i've written that has a javascript component and a web service component. The problem i'm having is that the javascript is set to do:

setInterval(this._checkAlertsHandler, this._messageCheckInterval * 1000);

This calls a function which makes a webservice call like so:

Alert.SiteAlertService.GetAlerts(this._receivedAlertsHandler, this._errorReceivedAlertsHandler);

So this is using the web service javascript proxy methods to access the web service. The issue is that our application has forms authentication and a timeout value, so if the user is idle for too long it will log them out.

My webservice call apparently sends the cookie which includes the session and the forms authentication key to the web service. The asp.net webservice then automatically renews the session AND the forms authentication. Everytime the javascript hits the web service it basically keeps the user alive. I do not want this behavior, this should just circumvent that, so that even though this js is hitting the web service to check for new messages, if the user hasn't done a postback on our application (and is effectively idle) it will still log them out. This isn't happening :(

What i would like to happen is this interval call to the web service does not renew any authentication (the session renewal i can get around by using an application level variable with dictionary key/value for the users session id, so i dont have to use any session level variables).

How do i do this / change my web service / or control to work like the way i want it?

A: 

You could exclude your webservice from forms authentication:

<location path="yourwebservice.asmx">
    <system.web>
        <authorization>
            <allow users="?"/>
        <authorization>
    </system.web>
</location>

But you probably need the information about the user, so you could configure the webservice to use forms authentication, but deactivate SlidingExpiration:

<location path="yourwebservice.asmx">
    <system.web>
        <authentication mode="Forms">
            <forms slidingExpiration="false"></forms>
        </authentication>
    </system.web>
</location>

Be sure to test what happens if the forms cookie is expired. Maybe you'll have to redefine the loginurl, too.

marapet  2010-06-23 17:55:22
I tried this, added it into my Web.config in the base of my application.It appears that when my javascript hits the webservice, it's still renewing it... - i have the timeout set to 1 minute on the site, and once it gets to the wire, it NORMALLY, without this javascript running will refresh and put you back to the login page. But with the javascript running and hitting the web service, it refreshes, and still keeps you logged in.The web service it hits also uses EnableSession=true on the WebMethods and also has IRequireSessionSate on the class object.Could the session be the culprit here?
lslow00  2010-06-23 19:48:42
I just tried hooking it up to a web service that was pretty bare bones, has no session references, etc. just a simple function returning hello world. The slidingExpiration doesn't seem to be turned off when it hits the service, because it will never log the user out.
lslow00  2010-06-23 20:47:13
I could really use an answer to this as it's completely destroying our applications idle logout mechanism
lslow00  2010-06-24 14:30:32
I didn't get around to set up a test project yet - a temporary workaround could be to host the webservice on a subdomain (= no cookie)
marapet  2010-06-24 14:39:19
Thanks for getting back to me, hmm, i don't know if this is a viable option unfortunately.
lslow00  2010-06-24 17:00:28

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?