Showing posts with label Alternate Access Mapping. Show all posts
Showing posts with label Alternate Access Mapping. Show all posts

Tuesday, August 19, 2014

Prompting continuously for credential after setting Alternate Access Mapping


I have created a web application in SharePoint & also set the “Alternate Access Mapping” for the web application like:



Zone

URL

Host Header in IIS

Default


sharepoint2010

Intranet

http://sharepoint2010.mydomain.com

sharepoint2010.mydomain.com

Internet



Custom

 

 

Extranet

 

 

 

When I login to http://www.mysharepoint2010.com, it allow me to login. But just after this login, I won’t be able to use my default url (http://sharepoint2010). It prompts me for credentials so many times & won’t allow me to login to the url http://sharepoint2010.

When I reset my iis then it allow me to login to http://sharepoint2010. But when again I login to http://www.mysharepoint2010.comand then again I want to use url http://sharepoint2010. It won’t allow me to use this url.

I have done some R & D and found that SharePoint uses Session-Based-Authentication and default claim token has 10 hours life time.

This cached token is used for all subsequent requests. So the end user will not really be able to access the site until next day.

You can see the default time by using this power shell command:



PS C:\Users\gaurav> $sts = Get-SPSecurityTokenServiceConfig

 

PS C:\Users\gaurav> $sts.WindowsTokenLifetime

 

 

Days              : 0

Hours             : 10

Minutes           : 0

Seconds           : 0

Milliseconds      : 0

Ticks             : 360000000000

TotalDays         : 0.416666666666667

TotalHours        : 10

TotalMinutes      : 600

TotalSeconds      : 36000

TotalMilliseconds : 36000000

 

 

 

PS C:\Users\gaurav> $sts.FormsTokenLifetime

 

 

Days              : 0

Hours             : 10

Minutes           : 0

Seconds           : 0

Milliseconds      : 0

Ticks             : 360000000000

TotalDays         : 0.416666666666667

TotalHours        : 10

TotalMinutes      : 600

TotalSeconds      : 36000

TotalMilliseconds : 36000000

 

When I set this 10 hours to 1 minute, It works for me. Now I can login to url http://www.mysharepoint2010.comand then I am able to use the default url http://sharepoint2010as well.

Here is the powershell command :



$sts = Get-SPSecurityTokenServiceConfig


$sts.WindowsTokenLifetime = (New-TimeSpan –minutes 1)

$sts.FormsTokenLifetime = (New-TimeSpan -minutes 1)

$sts.Update()

Iisreset
 


 

Here is output :



PS C:\Users\gaurav> $sts = Get-SPSecurityTokenServiceConfig

 

PS C:\Users\gaurav> $sts.WindowsTokenLifetime

 

 

Days              : 0

Hours             : 0

Minutes           : 1

Seconds           : 0

Milliseconds      : 0

Ticks             : 600000000

TotalDays         : 0.000694444444444444

TotalHours        : 0.0166666666666667

TotalMinutes      : 1

TotalSeconds      : 60

TotalMilliseconds : 60000

 

 

 

PS C:\Users\gaurav> $sts.FormsTokenLifetime

 

 

Days              : 0

Hours             : 0

Minutes           : 1

Seconds           : 0

Milliseconds      : 0

Ticks             : 600000000

TotalDays         : 0.000694444444444444

TotalHours        : 0.0166666666666667

TotalMinutes      : 1

TotalSeconds      : 60

TotalMilliseconds : 60000


Here I am setting 1 minute life for token.