Problem with Forms Authentication Cookie & Server 2003

Something strange is happening on my web site since my hosting provider
upgraded to Server 2003 a few weeks ago.

I use forms authentication in my asp.net application, with essentially
the following c# code-behind on my login page:

If (FormsAuthentication.Authenticate(UserName.Text, UserPass.Text))
FormsAuthentication.RedirectFromLoginPage(UserName.Text, true);

Note that the createPersistentCookie parameter is set to true.

In addition, my web.config has the following authentication section:

<authentication mode="Forms">
<forms loginUrl="login.aspx" name="LOGINCOOKIE" path="/"
protection="All" requireSSL="true" timeout="43200"/>
</authentication>

(The timeout above is in minutes -- 43200 minutes works out to 30 days
by my calculations.)

Prior to the Server 2003 upgrade, I could log in to my web site once
and the cookie would last for somewhere around 30 to 45 days.

But ever since the upgrade to Server 2003, I get prompted to log in
very erratically -- sometimes once a day, sometimes several times a day
and sometimes once every few days. I've verified that the LOGINCOOKIE
is being passed in the request, so it's not being deleted from my
browser.

Any ideas what's going on here? Seems to me that there's a problem with
the persistent nature of the cookie, or (more likely) some special
setting in IIS isn't configured properly under Server 2003. I see that
there's a slidingExpiration parameter that can be added to the <forms>
tag but I don't want to use that - I want the app to make me log in
once every 30 days or so.

Thanks for any pointers you can offer!

-Marty
ggmt@xxxxxxxxx

.

Relevant Pages

  • Re: IIS 6 Integrated Authentication and IE 6 - security credential
    ... My server is in a domain. ... :> NTLM authentication by setting the NTAuthenticationProviders metabase ... :>>> If I reconfigure the web site so that it runns in an application ... :>>> associated with the default Network Service identity then the request ...
    (microsoft.public.inetserver.iis.security)
  • Re: OWA and RWW not accessible.
    ... In Authentication and Access Control... ... Is all of this correct on your SBS server? ... Open the Web site home page, and then look for links to the information ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot upgrade Default Web Site extensions for Frontpage
    ... it's a problem with your SBS 2003 installation then maybe the SBS newsgroup ... Is there any easy simple and safe way to upgrade the Default Web Site from ... I have an SBS2003 server up and running and am trying to add several areas ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: OWA and RWW not accessible.
    ... "Integrated Windows Authentication" should be checkmarked ... Is all of this correct on your SBS server? ... Open the Web site home page, and then look for links to the information ... CEICW and create a new web server certificate but that didnt seem to work. ...
    (microsoft.public.windows.server.sbs)
  • Re: Integrated windows authentication wont work - Problem solved!
    ... Integrated authentication is connection-based, thus ... > If the server can not be reached you'll see "Can not find server or DNS ... I have an IIS web site with Anonymous ... authentication" for one folder inside this web site. ...
    (microsoft.public.inetserver.iis.security)