To achieve your goal, you can implement form authentication and adjust the session-timeout accordingly.
<configuration>
<system.web>
<sessionState timeout="10"></sessionState>
</system.web>
</configuration>
This configuration will set the session timeout to 10 minutes. If a request is made before the 10-minute mark, the timeout will be extended to a total of 10 minutes.
For more information, you can visit:
How to set session timeout in web.config
If you only want the session to last for exactly 10 minutes, you can include slidingExpiration="false"
in your web.config file.
For additional insights, check out:
More details
As explained on MSDN:
When the SlidingExpiration is set to true, the authentication
cookie's validity period is reset to the expiration Timeout property value if the user
browses the site after half of the timeout has passed. For example, with an expiration of 20
minutes using sliding expiration, a user might receive a cookie set to expire at 2:20 PM by visiting the site at 2:00 PM. The expiration is updated only if the user returns after 2:10 PM. If the user visits the site at 2:09 PM, the cookie isn't updated since half the expiration time hasn't elapsed. If the user returns after 12 more minutes, at 2:21 PM, the cookie will have expired.