Every aspnet web application I try to run locally just doesn't keep sessions anymore.
Somehow, this happens on both VS 2013 & 2015 with different projects. I haven't touched anything, one morning I found out that after a redirect every session data is lost.
These applications are still working on production and dev environments.
A proxy server or firewall on the web server side is stripping out the
cookie. It may be that the user is correctly storing and sending the
session cookie, but that the hardware on the web server's side is
stripping out the cookie before it can be read by the ASP or ASP.NET
engine, causing the server to generate a new SessionID and a new
cookie for the user on each request.
Related
I have LoadBalanced WebServers in .Net. When a user logs in into the website, we are not sure if his next request goes to the same webserver. So will storing asp.net session in SqlServer DB solve the issue of recognizing the user when request switches between servers .
As per below link, OutProc session is suitable for Load balanced servers.
https://www.c-sharpcorner.com/forums/inproc-session-state-out-proc-session-state-in-asp-net
I have an ASP.net 4.5.2 app using the token authentication and authorization. This works as expected.
However, I now want to use two servers. So the user could get switched from one server to the other. The issue with this is that when the user is switched, the new server sends a 401 Unauthorized response until the user log in again.
Is there a way to make both servers accept the token?
The main purpose of this is for failover. If server 1 goes down, I can route the traffic to the second one. I have tested this and it works, except the user is forced to log in again.
The machine key must be the same for all servers serving the app.
Here is how to create the machine key in IIS.
Then copy that same key to the other servers.
I have an ASP.NET Application which runs an multiple Web Servers in Azure (these are all virtual machines and not Azure Websites).
If a user logs himself in (currently forms authentication) everything is fine but if he clicks on a link he might get redirected to another server in the server group where the session cookie is not set.
How could that be solved in azure so that a user is logged in on all machines or is there a way to "bind" a user to a specific server so that he won't jump between the servers?
Thanks for your help!
metabolic
You have to change the session state to be saved in an external persistence solution, like SQL Server or Redis, instead of InProc (which means in memory) which is the setting you have now. The steps to do that are described here for SQL Server. Then if someone ends up in a different server, he'll still be authenticated as the session will be loaded from the persistence solution.
We have deployed our Asp.Net webforms app on Azure platform, the app is being served by two web servers load balanced. Asp.Net session is managed by memcashed.
Generally app works fine but randomly it gets hanged, if we try to reload the app, request is not getting processed by the browser, no error at all, continuous loading.
Only way to make the app work again is by DELETING COOKIES for this specific app from the browser.
This happens in Firefox as well as in Chrome so does not seem to be a browser specific issue.
Cookies in particular is not that heavy, there are only 3 cookies, 1 being asp.net session cookie and two other for persisting user credentials.
App is about real-time chat service so it polls web server at each 4 seconds.
We have already referred one similar issue but that does not help.
If it happens randomly it looks like it caused by load balanced configuration. From my experience the most common reason for issues with load balanced farm - different machineKey values.
Try to check you have the same machineKey value in web.config for both servers.
I have been tasked with getting a asp.net (vb.net) talking to an analysis services engine on our production servers. The web server is a separate machine from the web server. The web server runs as the IUSR_ user. The application (of course) works on the development machine which has both IIS and Analysis services on it. The problem I see appears to be a permissions error (returned in the browser by the asp.net app):
An existing connection was forcibly closed by the remote host ....
it is described in a similar post here: http://www.mydatabasesupport.com/forums/sqlserver-olap/201903-existing-connection-forcibly-closed-remote-host.html
I am not a system admin, nor am I an expert in analysis services (why have I been tasked with this you ask? because other people haven't been able to get it working and it has fallen on me). Anyway, I could use some help ... I have tried creating and adding the user (IUSR_) to the sql server and added that user to the role. While that worked on my local machine, it did not work in our production environment where the sql and web servers are separate.
tia,
Don
well after some fiddling i came up with something that works. its probably not a huge security concern because this server is not visible to the public internet; it is visible only to a couple iis servers (it is not on our lan) - this is, however, a 'brute-force', non-secure solution (in some environments anyway) ...
ON THE IIS SERVER: added this to the connection string in web config: SSPI=anonymous; this turns on an unauthenticated access request.
ON THE SQL SERVER: in analysis services, right click on the server. under "general" go near the bottom to "Security\RequireClientAuthentication" and change it to False
same page, select "security" on the left (instead of general). Add "ANONYMOUS LOGIN" to the list of users
get out of the server properties. right click on the CubeViewer role in the cube and choose properties. Add ANONYMOUS LOGIN to the list of users.
so, i have unauthenticated access from our iis server to the sql server.
i'd still be interested in seeing a more secure solution - oh, and i forgot to mention, there is no domain ... these are two servers on the same subnet with only regular logins.