I’m writing an ASP.NET web application that will be using forms auth. I would like users to have a login that is valid only from a given start date to a given end date. It’s easy enough to flip the IsApproved flag to turn the login on or off, but that requires an outside source to determine when to do so.
The question: is there a simple method that I’m missing that’s already built into the system, or will enabling such a time-window require at least some customization on my part (either by writing a custom provider, or writing a helper app that tracks the necessary data)?
I’m fine with the customization work if necessary, but I’d like to ensure that I don’t do it if I don’t have to.
Set
on the tag in the web.config.
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.slidingexpiration.aspx
also covered here: http://www.asp.net/security/tutorials/forms-authentication-configuration-and-advanced-topics-cs (Scroll to the Specifying the Ticket’s Timeout Value section.)
and a caveat here:
http://weblogs.asp.net/owscott/archive/2006/07/15/Forms-Authentication-Timeout.aspx