Membership Database

Discussion in 'General troubleshooting' started by R4VEN, Oct 12, 2010.

  1. I'm teaching myself ASP.NET 4 & VWDE 2010 through a project site I'm building on a site I have through Winhost, I've had a problem which has plagued me for months and I can't solve it.

    I have created a membership database by using an article Ray linked me which was god sent, however I can't seem to keep the connection to the database open. When a user logs in they stay logged in for only a short period of time before they get logged out.

    This isn't from having a low value entered in the connection strings because this happens erratically.

    I've tried to fix the problem with info found on however I just haven't been able to find a way around this problem. Is it likely to be a problem in the connection string? I feel like it may stem from me being unable to include the 'User Instance' in the connections string.

    For reference I'm using the following connection string which allows users to login but doesn't seem to maintain the connection:

    <add name="ApplicationServices" connectionString="Data;Integrated Security=False;Initial Catalog=DB_8868_users;User ID=DB_8868_users_user;Password=password1;" providerName="System.Data.SqlClient" />
    Last edited by a moderator: Oct 14, 2015
  2. Ray


    What is the session timeout value you implemented?

    <sessionState timeout= />
  3. I don't currently have a sessionState element implemented in my web.config file. I stripped it right back to nothing in an attempt to isolate the problem.

    Previously I had tried different mode like Inproc & cookieless etc but I haven't seemed to be successful yet.

    <?xml version="1.0"?>
      For more information on how to configure your ASP.NET application, please visit
        <add name="ApplicationServices" connectionString="Data;Integrated Security=True;Initial Catalog=DB_8868_users;User ID=DB_8868_users_user;Password=password1;" providerName="System.Data.SqlClient" />
        <customErrors mode="Off" />
    		<compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>
    		<authentication mode="Forms">
    			<forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
    				<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
    				<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
    		<roleManager enabled="false">
    				<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
    				<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
    		<modules runAllManagedModulesForAllRequests="true"/>
    Last edited by a moderator: Oct 14, 2015
  4. Ray


    Last edited by a moderator: Oct 14, 2015
  5. I added the sessionState attribute into my web.config file and it still hasn't solved the problem.

    <sessionState timeout="30" />

    I'm suspicious it's in the connection string maybe.

    connectionString="Data;Integrated Security=False;Initial Catalog=DB_8868_users;User ID=DB_8868_users_user;Password=password1;"

    Are ASP.NET user databases required to be connected to as user instances?

    Thank you so much for your replies so far. :)

    Also when I test my web site on my home computer it never logs me out, it's only when I view my web pages on the server that the errors occur. I don't know if this is significant. :/
    Last edited by a moderator: Oct 14, 2015
  6. Ray


    I suspect that your web application maybe getting recycled by our system.

    There are 3 conditions set on the server that if your applications reaches these thresholds, our system will recycle the application pool. This is to protect the server and all other accounts we host on that server. This helps ensure that no single web application consumes all of the servers resources and crashes the other accounts. The conditions are....

    1) More than 20 minutes of idle time (no http request in 20 minutes)
    2) The application uses more than 100 MB memory
    3) The application uses more than 75% of CPU time

    You may want to look at using SQL Session to store your sessions.
    Last edited by a moderator: Oct 14, 2015
  7. I feel like you may be onto something. My site definately doesn't break the first condition when I'm testing, my whole site is 25MB at largest so I don't know about 2 and I'm not too sure about 3.

    I tried to use SQL Sessions before at one point but was unsuccessful. The KB articles are gold I'll try that as soon as I get some time.

    Exam week. :O

    I created the support ticket and received an email saying the database schema was created. I then went to my web.config file and changed the sessionstate element to the following as per the KB article:

    < sessionState
    allowCustomSqlDatabase = "true"
    sqlConnectionString="data Source=<SQLSERVERNAME>;database=<SQLDATABASENAME>;user id=<SQLUSER>;password=<SQLPASSWORD>"

    After some testing though the problem definately persists. Just to check, is the database I'm meant to link to as the datasource the new MS SQL database I was told to create in the tutorial or the ASPNETDB? I filled in the details for the ASPNETDB in the connectionstring because it's the connection to that datasource which keeps being severed, I don't really understand what creating the additional MS SQL database was for.

    The connectionstring points to the database which I was emailed to say the schema was created for, just to clarify.

    I didn't receive any errors, the site was able to run and log in which was a good sign I hope. :)
  8. Ray


    I'm a little confused on what you mean by this. Are you trying to connect to a SQL Express database for your SQL session? Give us a full copy of the connection string and how your SQL session is setup.
  9. Code:
    <sessionState timeout="30"
                      sqlConnectionString ="data;database=DB_8868_users; user id=DB_8868_users_user;password=password1"
    I also connect to the database using the following setting.

        <add name="ApplicationServices" connectionString="Data;Integrated Security=False;Initial Catalog=DB_8868_users;User ID=DB_8868_users_user;Password=password1;" providerName="System.Data.SqlClient" />
    Last edited by a moderator: Oct 14, 2015
  10. Ray


    Do you also have any viewstate and/or cookies working in the background of your application? Remember, only the session is stored off the web server. Viewstate stay with the web server. If your application permits try disabling viewstate on your application.
  11. I disabled viewstate by adding the following code to my web.config:

    <pages enableViewState="false">

    However the problem still persists.

    I haven't used cookies at all so far that I'm aware of and haven't done anything else to the view state. On my regular pages the error happens after I change pages a few times but I created two pages containing nothing except links to each other and was able to go back and forth between these two blank pages about 40 times before I was logged out.

    Does the fact that the error takes longer to appear when flicking between two blank pages indicate anything?
  12. Ray


    Do you have URL you can send us and a way to replicate the problem on our end so we can test it out for you?
  13. Same problem

    I have same problem - my athorisation reset his own in 40-45 sec after login.
    At my local computer there is no problem at all. It seems to me Winhost has a problem with IIS settings.

    Last edited by a moderator: Oct 14, 2015
  14. You can make one if you want or use this one.

    Username: test
    password: testtest
  15. Ray


    Your application is definitely being recycled due to memory usage. I suggest you optimize your application so that it doesn't consume a lot of the servers memory. Normal websites should only be using less then 100 MB of the servers memory.

    Also remember that the session can only be saved off the web servers. But there are other objects that are on the web server to make forms authentication work correctly. Such as Machinekey which is part of viewstate and cookies. If these are lost due to the applications recycling, it can log you off the forms authentication. Unfortunately we cannot do anything about that because that is how you coded your web application. The best solution is optimizing your web site to consume less the 100 mb of the servers memory.
  16. Hmmm.... I assumed because my website was under 10MB it wouldn't use over 100MB of resources. Thank you so much for your persistance with the problem I dismissed that before due to my inexperience.

    I'll do some research into making my pages consume less resources. I suspect that my attempt to condense many sections of code into a single page may be causing this. I'll do some research into how to fix this.

    Is there any way to moniter how much of the server memory an application is using?

    Thank you so much once again for your persistance with this matter. :)
  17. Ray


    I'm afraid not. In order for you to monitor the server we will need to give you admin rights to the server. And because this is a shared hosting environment, we simply cannot give you that.
  18. I know this is a little old, but in case this helps anyone else i found a solution here:

    which allows sessions to survive application pool recycles and stopped my users being logged out every few minutes...

    In case the post dies the jist of it is to add specific machine keys to the web config to stop them being regenerated when the application restarts:

    where decryptionKey and validationKey are hex strings of length depending on the algorithm (with AES: 64 digits and SHA1: 128, for other algorithms check MSDN).

    These keys should be cryptographically generated, and .NET has the types to do this which can be used from PowerShell:

    $rng = New-Object "System.Security.Cryptography.RNGCryptoServiceProvider"
    $bytes = [Array]::CreateInstance([byte], 16)
    $bytes | ForEach-Object -begin { $s = "" } -process { $s = $s + ("{0:X2}" -f $_) } -end { $s}
    For AES use the above array length, for SHA1 use a length of 64.

Share This Page