ServiceStack google OpenID suddenly not logging in - asp.net

Got a site still in dev that uses ServiceStack's Open ID implementation to sign in users. It's been working fine all this time, suddenly today morning Google's OpenID login started failing, Facebook still authenticates fine. No error is thrown, just redirects back to the default url with this appended to it:
#f=Unknown
On my localhost it works flawlessly, both Google and FB login ok, only in production does it fail. I have tried quite a lot:
Re-verified each and every file in my asp.net bin folder compared with local and production, no difference.
Re-routed the production domain name to my localhost (in the hosts file), in hopes to step through the creation of the session. No luck, still signs in flawlessly.
Connected via remote desktop to the server and tried logging in on it as localhost, fails. (yea, WTH?).
Is there a way I can get a log of what is going on as the authentication is happening? or does anyone have an idea of what could be the issue?
On a side note: I recently changed dns settings for the domain name and moved it to this new server, but that was around 3-4 days ago, and it's been working fine all this time, until today morning. Also noticed that a reverse DNS lookup on my IP resolves to a different domain, investigating that right now.
UPDATE
This issue reared it's ugly head again this morning. I'm not sure what could be causing it but I suspect windows automatic time synchronization to be somehow throwing things off. I'm turning it off and going to keep an eye on things to see if it returns. Also, this issue seems to throw my SSL settings into chaos, i have to manually reset IIS's SSL bindings in order for things to work, even WebDeply is affected. Very strange.
UPDATE 2
Issue happened again today. I'm now suspecting it's somehow related to IIS's web deploy feature cause it happened immediately after I published my site. Also now realised that I don't need to reboot, a simple iisreset seems to fix it. Will keep monitoring.
FINAL UPDATE
I finally found the culprit. Time. My virtual server was gaining time very fast and every few days it would be ahead of most other servers and so the authentication would fail. The limit seemed to be around 3-5minutes, within that range, the authentication works okay. More than that, it fails. To get around it, simply enable time syncing and it should not re-appear.

You can check your production server clock. The OpenID request synch with the internet time in order to validate the request. If the clock is off or it was off for a while just reboot and the problem will be solved.

Related

Getting an INET_E_DOWNLOAD_FAILURE Error and connection to website was reset

The connection to the website was reset.
Error Code: INET_E_DOWNLOAD_FAILURE
I have a C# web application running on our internal IIS 10 Server and the site uses Windows Authentication. Our networking team setup everything needed to get to the site from the Internet. I get the above error when connecting from the Internet and have the site listed in Local Sites.
I have users with laptops that sometimes work in the office and on the road. So, we've added the url to Security - Local Sites so they aren't required to enter a login an password each time they go to the site. This works fine until they hit the road where they get the above error.
If I remove the site from Local sites or added it to trusted sites, it works. It works if they use Chrome, but not IE or Edge. It also works if the VPN in, but they don't want to do that.
The message is very vague and I've tried a variety of things based on research I've been doing, but no luck. One suggestion was to setup the Developers tools and capture the error, but this also proved to be of no value, unless I'm doing something wrong.
The message returns quickly, so it's not timing out. I've also checked Event Logs and not finding any related messages.
I've tested this using different Custom Security Levels - Automatic Login with Current User, etc.
Please let me know if you have other suggestions or if I can supply additional information.
VS 2017, C#, IIS 10, .Net 4.6

ZF3 - ZfcUser cant take identity from session

I have very strange problem. I use ZfcUser as authentication module. I made a lot of projects on lot of different environments using ZF3 and ZfcUser module. I have nevere experienced such kind of problem which I will explain bellow. In my current project I cant login into system on production server. I succesfuly log from local env, or other test environments.
I try to investigate whats going on. I went to login page on production, entered my credentials and system redirects me to home page. No errors, no warnings... notihnig. But I was not logged in. I check the identity from the framework (identity()) - it was null. I thought that may be it is server issue with the php sessions. I checked the sessions on server. It appears that the problem was not there.
The framework succesfully stored the data it needs in sessions. I found the Zend_Auth key, the identity key and the value for logged user. It seems that with php sessions everything is OK.
I am powerless and cant even think about what is going on here and where is the problem. No errors are thrown. I trace the execution of code on local and production environment. Everything is same. The frameworks seems to work properly. But the IDENTITY is allways null
Found the problem.
So, the site was runing under a subdomain. Let say sub.domain.tld. This site is different from main domain which is domain.tld. In the programm code, the favicon of application was requested form the domain.tld not from the sub.domain.tld.
As a result when you hit the http://sub.domain.tld the browser stores two PHPSESSID cookies. One under sub.domain and another under domain.tld which couses Chrome to messed up
Interesting is that, Firefox and IE didnt messed with the sessions and the site was working porperly. I dont say that Crhome is guilty. Obviously the programm code was cousing the problem. But Chrome recognize that one domain is sub domain of the other
Thats why, when I was trying to run project on different environments as local setup or different domain e.g. test.different-domain.tld, ther were again two PHPSESSID cookies set, but in this time Chrome didnt messed up with the sessions becouse test.different-domain.tld is not recognized as subdomain of domain.tld
Very small and silly mistake, but cousing big problems

ASP.NET Initial Load in Production - IPrinciple Isnt Set

I've got a situation that I'm a little confused by as I cannot replicate it on any of my other environments.
The site is still in development and therefore has practically no traffic other than the two of us working on it. So if the site is in a dormant state (all IIS instances closed etc) when I first log in the IPrinciple doesn't get set correctly (in time?) and so subsequent security checks obviously fail. I can then immediately go back to the login page, perform an identical log in and all is fine.
This also occurs irrespective of which user I test with so it's not specific to an account.
I can then log in and log out with any user accounts and this never occurs again. This never occurs in Development on my local machine and I also have an instance of the system in my local IIS instance I use as a faux staging environment. I only ever see this on an idle Production environment.
What can I do to prevent this situation from ever occurring? Is this also suggesting there maybe an issue elsewhere?
After having done a bit of experimentation it turned out that the problem was only manifesting in Google Chrome. All other browsers were performing as expected.
The solution was actually an oversight on my part. It seems Google Chrome has stricter rules around how cookies are dealt with in relation to domains.
Setting the domain attribute on the authentication cookie fixed the issue and now Google Chrome also logs in as expected.

Session timeout after some seconds in Umbraco

I have created an site on Umbraco 7.1.6 it was working perfect in Visual studio 2012; when I deployed it to my hosting space I found a problem that it redirects me to login screen again and again just after some seconds. I have set keep user login to true and increased timeout but no improvement.
When I searched for that problem I found some links:
https://github.com/umbraco/Umbraco-CMS/compare/release-7.1.6...7.2.0
http://issues.umbraco.org/issue/U4-3845
https://github.com/Umbraco/Umbraco-CMS/commit/c936aaa51753862914591b753f7f2d7be7749cf7
First link provide me file but I do not know how to updated my current site.
In console I am getting an error.
GET http://example.com/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds 401 (Unauthorized) angular.min.js:106(anonymous function) angular.min.js:106o angular.min.js:102g angular.min.js:100i angular.min.js:79i angular.min.js:79(anonymous function) angular.min.js:80e.$eval angular.min.js:92e.$digest angular.min.js:90e.$apply angular.min.js:92safeApply umbraco.services.js:58(anonymous function) umbraco.services.js:6773(anonymous function) angular.min.js:108e angular.min.js:31(anonymous function)
I just experienced the exact same symptoms. A site ran just fine locally, using IIS Express, worked fine when deployed to Azure WebSites, but when I ran on a Windows Shared Hosting environment, the back office session would timeout somewhere between a couple seconds and a couple minutes.
I'd get a pop-up authentication window often but not always on the GetRemainingTimeoutSeconds url.
I filed a ticket, and the provider was able to replicate the issue. They said the site was running in full trust.
After enabling 32 bit application support - the issue is resolved.
Thanks to everyone, especially to #Morten Oc who commented.
It's properly something on the hosting. Have you tried other Umbraco installations on hosterpk? Also, try to set the login time (in webconfig) to 0.
I found out a solution that it was due to hosting environment (permissions), I deployed on client's hosting and it works perfectly.
Additionally if you do not have full trust hosting then it would not be able to maintain its session, you would have to configure session to managed in database.
For more info how to configure please refer to this post:
https://www.saotn.org/configure-sqlserver-sessionstate-for-umbraco/

Suspected loss of session state in IIS 6

I have an ASP.NET web site that responds with multiple skins depending on the domain that it is accessed via.
The problem is that authentication and some other features seem to suffer random glitches where the user is sent back to the log in screen, or other session controlled values appear to have been lost - but only when accessed via one of the domains. The other domain does not suffer the same issue.
On our test system, the issues DOES NOT exist when accessing via any domain. On live, the issue will happen at varying times during the session, even with identical steps followed. It is for these reasons that I don't think it is a bug in the application software.
On the live system, where the issue is, two websites are set up in IIS, each with bindings to the required domain. One accesses the site through a virtual directory at http://mysite.com/myvirtualdir, the other accesses the site at the root path at http://myalternatesite.com/. I don't think that the virtual directory is the issue however.
I've now solved my problem, though still not sure what the exact cause was.
I opened up website properties for the two websites in IIS, the one that worked and the one that didn't and compared properties.
For anyone else trouble shooting this issue, these are the steps that I took, in order of how likely I think they were to be the cause of the issue.
Second website was using Default app pool. There is nothing particular about the Default app pool settings on this server that would cause session to be lost from what I can see, but I have now changed to use the same app pool as the site that was working all along.
Disabled windows authentication to match the working website.
Changed default documents so that only the required document was listed.
Limited connections to 500 to match the working website.
Hope this is of use to somebody else.

Resources