.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
Forms Security and .Net Service Packs
Messages   Related Types
This message was discovered on ASPFriends.com 'aspngsec' list.


Julian Voelcker
I have noticed that each time I upgrade .Net with a new service pack on
my server I find that all the users that are using Forms security and
cookies to remember their logins have to re-login to the site.

Do any of you know why this is happening and how to avoid it?

Cheers,

Julian Voelcker
The Virtual World (UK) Limited
Cirencester, United Kingdom
Reply to this message...
 
    
Alex Dresko
I really don't see why that's a problem. If I'm not mistaken, the login
cookie is invalidated every time the IIS service is restarted. I would
assume this is done because of security reasons. Regardless, it's not
like Microsoft creates a .NET service pack every other week so I
wouldn't expect it to be much of a problem.

Alex Dresko
Three Point Oh!

-----Original Message-----
From: Julian Voelcker [mailto:Click here to reveal e-mail address]
Sent: Wednesday, August 14, 2002 10:25 AM
To: aspngsec
Subject: [aspngsec] Forms Security and .Net Service Packs

I have noticed that each time I upgrade .Net with a new service pack on
my server I find that all the users that are using Forms security and
cookies to remember their logins have to re-login to the site.

Do any of you know why this is happening and how to avoid it?

Cheers,

Julian Voelcker
The Virtual World (UK) Limited
Cirencester, United Kingdom

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
    
Daniel Kent
Are you using autogenerated <machineKey> values?

Applying the service pack might be restarting your application and thus
creating new <machineKey> values. When this happens, existing users'
authentication tickets will be invalidated.

You could try setting explicit values for the <machineKey> attributes- that
way you can maintain them across application restarts.

I hope this helps.

Dan.
Professional ASP.NET Security - out this month!
http://www.amazon.com/exec/obidos/ASIN/1861006209

-----Original Message-----
From: Julian Voelcker [mailto:Click here to reveal e-mail address]
Sent: 14 August 2002 15:25
To: aspngsec
Subject: [aspngsec] Forms Security and .Net Service Packs

I have noticed that each time I upgrade .Net with a new service pack on
my server I find that all the users that are using Forms security and
cookies to remember their logins have to re-login to the site.

Do any of you know why this is happening and how to avoid it?

Cheers,

Julian Voelcker
The Virtual World (UK) Limited
Cirencester, United Kingdom

| [aspngsec] member Click here to reveal e-mail address = YOUR ID
| http://www.asplists.com/asplists/aspngsec.asp = JOIN/QUIT
| http://www.asplists.com/search = SEARCH Archives
Reply to this message...
 
 




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification