hi every body ,i need help ,,,,i'm beginner in asp.net , i host my first web,and i face a security problem . i used Forms Authentication in my web config file ,in my web pages i use report viwer, the problem is when i go to report page then return to other page the content of session changes so it open wronge page ,this is my config file. <?xml version="1.0"?> <configuration> <connectionStrings> <add name="dbConnectionString1" connectionString="Data Source=tcp:===== ;Initial Catalog======;User ID=-----;Password=---;Integrated Security=False;" providerName="System.Data.SqlClient" /> </connectionStrings> <machineKey validationKey="859620317CEB125AB1DCC6BF967992A875BE672215EA2C3FE4800366F2F05EECD2AAE5C12F21B31C78331653EE0DC49C4A226A5E6655CDDF37EF2E68B9960D20" decryptionKey="10F75DA0E4CD692DA3AEADEA9501D4A14844540AE6D578351323931EF7F6E069" validation="SHA1" decryption="AES" /> <system.web> <sessionState mode="InProc" cookieless="false" timeout="40" /> </system.web> <system.web> <httpHandlers> <add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false" /> </httpHandlers> <trust level="Full"/> <httpRuntime maxQueryStringLength="4096" /> <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"> <assemblies> <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /> <add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" /> </assemblies> <buildProviders> <add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </buildProviders> </compilation> </system.web> <system.webServer> <handlers> <add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </handlers> <validation validateIntegratedModeConfiguration="false" /> </system.webServer> <system.web> <authentication mode="Forms"> <forms loginUrl="default.aspx" protection="All" timeout="30" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> <location path="Images"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> <location path="default.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="Reserved.ReportViewerWebControl.axd"> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </location> <system.web> <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"> <namespaces> <clear /> <add namespace="System" /> <add namespace="System.Collections" /> <add namespace="System.Collections.Generic" /> <add namespace="System.Collections.Specialized" /> <add namespace="System.Configuration" /> <add namespace="System.Text" /> <add namespace="System.Text.RegularExpressions" /> <add namespace="System.Linq" /> <add namespace="System.Xml.Linq" /> <add namespace="System.Web" /> <add namespace="System.Web.Caching" /> <add namespace="System.Web.SessionState" /> <add namespace="System.Web.Security" /> <add namespace="System.Web.Profile" /> <add namespace="System.Web.UI" /> <add namespace="System.Web.UI.WebControls" /> <add namespace="System.Web.UI.WebControls.WebParts" /> <add namespace="System.Web.UI.HtmlControls" /> </namespaces> </pages> </system.web> </configuration>
Could you please provide a bit more detail and provide any steps or links so what we can see the issue on our end?
my question is i want some body show me web config file for asp.net web site that include ReportViewer and Forms Authentication
Try looking at these links. http://odetocode.com/articles/428.aspx http://msdn.microsoft.com/en-us/library/ms251661(v=vs.80).aspx
the proplem is not solved. when i navigate the web after 3 or 4 the content of session is empty although i set the session time out in web config 30 minutes
Our servers are configured to recycle application pool automatically after 20 minutes of inactivity. The sessions will be lost upon recycling no matter what timeout property in your web.config is set to unless you are using sql session state. You may want to consider installing and using sql session state, so your sessions will be preserved after the application pool is recycled. Please see the following Knowledge Base article for more details.
