problem with authentication timeout, some help please?

Topics: ASP.NET 2.0
Jun 19, 2007 at 1:30 PM
Edited Jun 19, 2007 at 1:56 PM
I have blogengine installed in a subdirectory of another asp.net website. the blogengine directory is setup as an application in IIS. Everything seems to work/act fine until I log in.

What's happening is that the authentication ticket seems to get reset everytime I create or edit a post. I'm fairly sure the same thing would probably happen if I was signing up for an account, or making a comment, etc.

I have the authentication timeout set on both the root level website, and the blogengine site to 1000000

I'm wondering if the web.config in the main site's root directory isn't overriding the web.config in the blogengine application directory?

It does let me login to blogengine, it just boots me back to sign in after doing 1 insert or update.

Here is the authentication section from the web.config in the subdirectory application

<authentication mode="Forms">
<forms timeout="1000000" name=".AUXBLOGENGINE" protection="All" slidingExpiration="true" loginUrl="/DevBlog/login.aspx"/>
</authentication>



Here is the authentication from the root level web.config

<authentication mode="Forms">
<forms timeout="10000000" name="AuthSN" loginUrl="~/Admin/login.aspx?state=dev" protection="All">
</forms>
</authentication>

Has anyone else had a similar problem, either in blog engine or somewhere else? thanks in advance for any help you can offer.

Coordinator
Jun 19, 2007 at 2:21 PM
I think it's because of the main site's web.config that is interfering.
Jun 19, 2007 at 6:16 PM
I have tried to recreate this but I just can't seem to produce the situation. Provide some more details please ....

Are you running this on IIS 6 and Windows XP?
Is the subdirectory that BlogEngine resides in within a directory that has already required authentication with the root application?
Can you give the details of the directory structure so I can see where everything sits?
What's the membership provider for your root application and does it use the asp:Login control or do you manually authenticate via FormsAuthentication.Authenticate()?
Does the root application set the security on folders via <location> tag in the root web.config or via web.config files in each directory?
Jun 19, 2007 at 6:52 PM
Are you running this on IIS 6 and Windows XP?
- This is running on IIS 6 on windows server 2003

Is the subdirectory that BlogEngine resides in within a directory that has already required authentication with the root application?
- no, the root application only requires authentication on a folder called "admin" off of the root of the site

Can you give the details of the directory structure so I can see where everything sits?
- There's the root of the website, then the blogengine is located in a subdirectory called "DevBlog" that is marked as an application in IIS

What's the membership provider for your root application and does it use the asp:Login control or do you manually authenticate via
- on the root website it's not using the membership provider, since i am the only person accessing it, i'm just checking for a certain user/pass combo hardcoded in a codebehind and doing formsauthentication.authenticate() when the values match.

Does the root application set the security on folders via <location> tag in the root web.config or via web.config files in each directory?
- the root application sets security based on the <location>tag in the root web.config. the only thing that has it's own web.config is the blog engine application (which is the reason I specified the folder it is in as an application so that it would read from the proper web.config.

thanks for your help so far.
Jun 19, 2007 at 11:15 PM
I also meant to ask if you were using Firefox or Internet Explorer (6 or 7)? Have you tried it in both IE and Firefox with the same results?
Jun 20, 2007 at 8:53 AM
Have you tried isolating BlogEngine installation from your root site into separate IIS host? Maybe the problem is caused by something else, not the root web.config.
Jun 20, 2007 at 1:09 PM
chrixian: It does the same thing in both browsers

lesha: no not yet, mainly because I'd really like to get it working this way. I could try it just to confirm that it's the web.configs causing the issue. Though if it were doing it when running as the root site, I would have thought someone else would be having this trouble too.
Jun 21, 2007 at 3:42 AM
Start with this http://support.microsoft.com/kb/910439