Dear all,
I'm using asp.net membership to manage authentication, i use the standard login page found in account folder, and inside the folder i want only allowed users to access i have configuration file with this content:
<configuration><system.web><customErrors mode="RemoteOnly" defaultRedirect="~/error.html"/><authorization><allow roles="Employee" /><deny users="*" /></authorization></system.web></configuration>
<div class="post-text" itemprop="description">
This is pretty standard method I've been using for a long time, the problem i'm facing here is after a user log in, he/she navigates to any page in the folder and this works fine, but once he navigates again to another page, or refresh the same page, he will be redirected to the log in page and need to re-enter his username & password even though the timeout for forms authentications did not pass.
Note: this i dont face this issue in the developement enviroment, only in live, and i don't use SSL.
Any help would be appreciated, Thanks.
</div>