asp.net - .ASPXROLES membership roles cookie expiry -

-

using asp.net 2.0, forms authentication. test, configured roles cookie in web.config :

<rolemanager enabled="true" cacherolesincookie="true" cookiename=".aspxroles" cookietimeout="2"></rolemanager>

i wanted see happen when cached role cookie expired. using fiddler, after 2 minutes had elapsed, see raw value of role cookie had changed.

i expecting on expiry, asp.net re-read roles information database, , repopulate cookie same value. question is, why raw value of cookie change after expiry ? cookie value not human-readable (base 64 encoded and/or encrypted ?), can't tell if information in same, although application still seems work fine.

edit :

it looks each time roles encrypted , cached in cookie, gets different raw value.

e.g. if run following code :

    roleprincipal rp = (roleprincipal) user;     string str = rp.toencryptedticket();     label1.text = str;

you different value each time. behavior seems normal.

well aspxroles cookie pertains role queries on user. unless you're doing things roles cause function differently (web.config auth?) you're not going see expiring cookie.

can share web.config , basic pages you're using test this?

have tried particular configuration see changes after expiration?

<location path="img/logo.png">     <system.web>         <authorization>             <deny users="?"/>             <allow roles="canseelogo"/>         </authorization>     </system.web> </location>

based on question edit:

in web.config under <configuration><system.web> have key:

<machinekey decryption="aes" decryptionkey="{64bits random hex}" validation="sha1" validationkey="{128 bits random hex}"/>

i'm curious if set "manually" if you'll have changing encrypted string. also, set default in c:\windows\microsoft.net\framework\etc folders, can redefine (obviously) in web.config override per application. allows share same cookie cross-app within domain.

link generate random hex strings

https://www.grc.com/passwords.htm

concat first result 2 page refreshes second one. removing web.config key later doesn't impact app negatively (of course wouldn't)


Comments

Post a Comment

Popular posts from this blog

android - Spacing between the stars of a rating bar? -

-
ho can set spacing beween stars? thats ratingbar: ratingbar = (ratingbar) inflater.inflate(r.layout.ratingbar, null); ratingbar.setlayoutparams(new layoutparams(layoutparams.wrap_content, layoutparams.wrap_content)); the layout: <?xml version="1.0" encoding="utf-8"?> <ratingbar xmlns:android="http://schemas.android.com/apk/res/android" style="@style/mystyle" android:layout_alignparentright="true" android:layout_height="19dp" android:layout_width="wrap_content" android:numstars="5"> </ratingbar> the style: <style name="mystyle" parent="@android:style/widget.ratingbar"> <item name="android:progressdrawable">@drawable/android_r2_ratingstar_yellow</item> <item name="android:indeterminatedrawable">@drawable/android_r2_ratingstar_grey</item> </style> thanks, cheers you have ...
Read more

c# - How to execute a particular part of code asynchronously in a class -

-
i creating speech recognition engine that's going respond user commands.i have created button enable , disable speech recognition per user convenience.i have used dispose() of speech engine disable speech recoginition.here code private void button1_click(object sender, routedeventargs e) { engineon = !engineon; if (engineon) { speechengine = speech.createspeechengine(); //speech class creates , returns new speech engine. speechengine.audiolevelupdated += new eventhandler<audiolevelupdatedeventargs>(speechengine_audiolevelupdated); // use system's default microphone speechengine.setinputtodefaultaudiodevice(); speechengine.loadgrammar(new dictationgrammar()); // start listening speechengine.recognizeasync(recognizemode.multiple); } else { speechclass.myengine.dispose(); } } but disposal of speech obj...
Read more

c# - Asterisk click to call -

-
maybe of may know how achieve this. want this: click on link/button my phone rings, pick asterisk dials number me recipient phone rings i'm using asterisk 1.2 . i tried dial out . can make call 1 side. thanks in advance. you can use call files . read: asterisk auto-dial out . i have made simple cgi script called via web server creates call file (remember use temp directory) , moves /var/spool/asterisk/outgoing , asterisk rest of work. user perspective works described. remember normalize phone numbers (on web pages can have spaces, hyphens etc, while in call file must dialable numbers).
Read more