Windows Authentication Timeout IIS7 - session

I am using Windows Authentication to assist in preventing access to a website. This site is not hosted within my network, meaning that the first time I try to access it I have to enter my windows credentials for that server. All this works great.
My problem lies with the timeout. If I use Anonymous Authentication and Forms Authentication, IIS seems to correctly use the session timeout/form timeout value of 20 minutes.
However, when I am using Windows Authentication it seems to timeout much sooner than 20 minutes. I have not found a way to increase the Windows Authentication timeout value. I need it to be about 20 minutes.
My App Pool settings are set to never recycle the App Pool, so I know it's not timing out due to an App Pool refresh.
This is an ASP.NET MVC 4 website in-case that is a question.
Any ideas on how to increase the timeout of Windows Authentication in IIS7?

Related

How do we change AppPool idle timeout in Plesk WebAdmin (Shared Hosting)?

I have a website that is hosted on Plesk in Shared Hosting. The session keeps on timing out because the app pool recycles after 5 minutes (even though session timeout is set to 30 min). The effect of session timeout is exaggerated because current user activity is quite low and for users testing the app, the session keeps on timing out every 5 minutes.
On plesk web hosting panel, I can see the AppPool settings but they are disabled. Is there a way to change this setting?
Unfortunately no you cannot change this. I heard that you can set up your webapp to ping periodically to try and keep it alive:
https://www.godaddy.com/community/Developer-Cloud-Portal/IIS-Application-Pool-Idle-Timeout/td-p/9158
Can you prevent your ASP.NET application from shutting down?
If you can't change IIS settings, you can use an external uptime monitor service to continuously query your website with GET requests, which will also keep it alive. Most uptime monitors don't send actual requests, however the Availability feature in Application Insights does and works perfectly for this.
I wrote more about it here.
It's possible in Plesk for Plesk admin and customers/resellers:
Permissions to manage IIS pool settings are granted on a service plan level. Contact Plesk admin to change permissions on a service plan that your domain is assigned.
If you login to Plesk under an 'admin' user, make sure your Plesk is opened in a Service Provider view as this view allows editing Service Plans.

Logged out of applications intermittently

I have a siteminder protected portal which has links to many applications that are also protected by siteminder. SSO is implemented between the portal and the applications.
The issue is that when we login to the portal and browse through the applications, it happens sometimes that we suddenly get logged off from the portal for no reason ( no time out, it can happen even for as less as 1 minute).
Issue is reported for a small group of users and it happens on IE as well as Firefox browsers and it happens randomly.
1.Local system time on the policy servers, proxy servers and the user's machine are in sync
2. additionally when I check with Fiddler on the cookies are still there , but we still get logged off from the portal.
Any ideas for this?
Are you using a persistent session store? This may happen if the validation period is not setup properly.
This may also happen if one of the policy servers has a different encryption key from the others. If you can enabled the trace logs on the web agent, it should give you a decent idea about the reason the cookie is being rejected.

Loadbalancing simple MVC3 app

I have a simple MVC3 app in .NET 4.0 framework which does not use sessions. It uses windows integration (AD groups) for authentication. It is deployed on 2 servers (both Windows 2003 and IIS 6). To get MVC3 to work under IIS 6 I have a workaround wherein I added a wildcard map. The app works fine on both the machines when I access them directly.
I would like to use a HW load balancer so that I can rotate between both the servers seamlessly. And since my app does not have any sessions this should be fairly easy (I hope). What I would like to do is make sure the app is running on the server before LB sends the request to that app. It could be as simple as checking if keepalive.htm file exists in that app. Since the number of users for this particular app is very low I do not want to device a very complicated solution. I tried implementing the keepalive solution but I keep getting 401 error. Even after I made the file readable by everyone and gave it anonymous access (so no authentication required) it still gives me the same error. I have a feeling that my workaround to get MVC3 to work for IIS 6 is getting in the way.
Any ideas on how to load balance a simple MVC3 app so that Loadbalancer can check if the app is up before forwarding the request?
Thanks for the help.

How to change SharePoint Windows Authentication prompt times for login?

In my environment, my SharePoint 2010 is running on Windows Server 2008 R2 with IIS7. The expected behavior after adding SPNs was that the user was prompted 3 times by default. How to configure the prompt times? maybe 2 or 5 times?
It is decided in the browser, not in the server. Server returns HTTP401 status code in all of these requests, browser decides if the user should retry or not.
Anyway, when you have SPNs set up, passwords should work from the first time. It is worth rebooting the server after SPN setup.

SharePoint web service reference, WSS 3.0, Visual Studio 2010, Authentication

When trying to access SharePoint WSS 3.0 server using the web services API the software service we are developing will hang anywhere between 30-60 seconds when making any call (pick anyone of them, it doesn't matter) against the server for the first time. After this first call is made , each request thereafter is very quick.
This happens on both the local dev install of SharePoint, or against the production SharePoint environment, same results no matter what we try.
When accessing the SharePoint site (both local dev and production) via a web browser using the same log in credentials used with the WSS API there is zero lag time during the authentication process.
This is the code being used via C# to authenticate to SharePoint WSS:
_lists = new Lists
{
Credentials = new NetworkCredential(UserName, Password, Domain),
Url = string.Format("{0}/_vti_bin/Lists.asmx", BaseUrl),
UseDefaultCredentials = false
}; // Reference the list object.
Once the code hits the line below it hangs for 30-60 seconds.
the GetList(string listName)
_lists.GetList("TestList");
Any call thereafter is extremely fast.
One last note. When trying to access the service via Visual Studio, we receive the popup dialog to enter credentials, Discovery Credentials, and it will not authenticate, but we are able to retrieve the list of services. This occurs on both the production and test environments.
Please see images in order of events for adding a web service:
Add Web service:
Next we get three dialog for list, error and meta data and none of them validate.
Close Up for First screen:
We finally hit cancel.
And can see the calls we can make against the service:
Anyone have any ideas?
After about 4 days of searching I came across a clue.
The clue was to change the authentication in the Central Admin of SharePoint to allow anonymous in addition to the Windows authentication mode.
Once that change was made it seems that might have been the fix. The response time went from 30-60 seconds to 1-4. It isn't a 100%, but it allows us to keep developing at a quicker rate.
I hope this might help someone facing the same issues. It was a nightmare. I have no hair left.
Update: This is not a 100% fix.

Resources