variable login timeouts

Rita Mikusch asked on May 15, 2019 19:56

HI,

I would like users logging in from the local company network to STAY logged in (or at least to have a LONG timeout), and I would like users logging in from anywhere else to have a login timout of 30 minutes.

I could check the client IP to see from WHERE the user is logging in from ... users logging in from the local company network will always have specific internal IP addresses.

Is there an easy way to do this? The HARD WAY would be to add custom authentication code that checks the users IP, and how long they've been inactive ... and using that info to force them to log in again.

But I was hoping there might be specific session or forms authentication settings I could use to do this? For example, how exactly does the "stay signed in on this computer" work? What if I only made that option available to users at a specific IP address? (Okay I tried this, but users that checked-off "stay signed in on this computer" didn't stay logged in ... but maybe I did it wrong??)

Thank you.

Correct Answer

Peter Mogilnitski answered on May 15, 2019 21:07

search for session state in your web config:

<sessionState ... timeout="20 />

you can do it pro grammatically as well by setting Session.Timeout = 10;, but technically speaking authentication with local users should be done using active directory. So in this case they dont have to enter password

0 votesVote for this answer Unmark Correct answer

   Please, sign in to be able to submit a new answer.