I've created a web site with ASP.NET 2.0 and I'm using a session variable to determine if a user has filled out an age verification form. Everything works as expected (I can read the session variable on all pages) until a user goes to a virtual directory. When they do so, the page can't read the session variable.
After much research, I've so far done the following.
Turn on the ASP.NET State Service
Added a sessionState node to my web.config files, changing the mode to StateServer (for the web site and virtual directory).
<sessionState
mode="StateServer"
cookieless="false"
timeout="20"
stateConnectionString="tcpip=127.0.0.1:42424"
/>
Generated a new machineKey and added it to both the site and the virtual directory...
<machineKey
validationKey="...128..."
decryptionKey="...64..."
validation="SHA1"
decryption="AES"
/>
Created a new application pool and made sure both the web site and it's virtual directory are using the same application pool.
If I write out the session id <%= Session.SessionId %> it is the same on pages in and out of the virtual directory (it's the same throughout the site). I just can't get that session variable! Does anyone know what else I can try to get this to work??
Thanks.
Different virtual directory = different application and applications don't share session data between them. Perhaps a redesign of your applications to avoid this?
Here is a possible solution to sharing session data between ASP.NET applications.
Passing session data between ASP.NET Applications
From everything I can tell, it's not possible to do what I wanted to do. What's worse, I decided to use cookies instead of session variables, thinking that since cookies are created and maintained by the client and based on the domain, that would work. Unfortunately, somehow when created with C#/ASP.NET even cookies can't be shared. So I had to use C# to insert Javascript to create cookies so I could do what I wanted. End result is an inelegant solution to what should be a simple problem (IMHO).
Related
I need to share asp.net session between 2 websites on same IIS.
I created a custom session db and hijacked the stored procedure to return same appID regardless of app or url.
I created a connection string for the db in web.config:
< add name="dbConnSession" connectionString="server=xx.xxx.xx.xx.;database=ASPNETSession;User Id=xxx;Password=xxx" providerName="System.Data.SqlClient" />
Then I defined session state:
< sessionState allowCustomSqlDatabase="true" cookieless="AutoDetect" mode="SQLServer" sqlCommandTimeout="10" sqlConnectionString="dbConnSession" timeout="120" sqlConnectionRetryInterval="2" />
I developed the sites on my Win7 machine with IIS7 and login system works perfectly. I can login from 1 site, go to other site and stay logged in.
I moved 2 sites into the web server (windows 2012 with IIS8.5) and the shared session does not work. Sites simply does not share the session. I set a session value on one site and try to see it on the other and session value returns as null. The very same test page works on IIS7.
Does anyone know why IIS8.5 has trouble with something works on IIS7?
You need to add a machine key that's the same to both web config files.
If goes in system.web and looks something like this:
<machineKey validationKey="[your key]" decryptionKey="[dec key]" validation="SHA1" />
There are a few tools if you Google it that will create one for you.
There are a few reasons why you need this key, mostly because the servers might have different paths to the folder where you code lies or different IIS settings.
I am trying to run two web application using the same ASP.NET membership provider database that comes with MVC3. So two web app runs side by side and they both has the same connection to the same membership databse. The problem now is, I can only login at one app and get automatically log out at the other. However, the feature I want is, if I log into either one, I get automatically log into the other.
I was wondering what the trick is to enable this feature.
thanks a lot
If you are using Forms Authentication users are tracked with cookies. Cookies are by default restricted only to the application that emitted them. And because of this the other application cannot see the authentication cookie created by the first. So for example if you have the two applications hosted respectively on foo.example.com and bar.example.com you could set the domain property of the cookie in web.config of both applications to example.com:
<forms
loginUrl="/login/index.mcp"
requireSSL="true"
protection="All"
timeout="120"
domain="example.com"
/>
This way the cookie will be shared among those two applications and you will be able to achieve Single Sign On.
Finanlly I fixed it.
My application runs under the same domain so domain is not a problem (But Thank you very much, Darin).
The problem is:
IIS by default generate differnt machine key for differnt web application. So I have to specify the same machine key in web.config explicitly~!
I am working on two ASP.NET websites. Both use custom authentication process based on forms authentication with:
<authentication mode="Forms">
<forms cookieless="UseCookies"/>
</authentication>
set in Web.config.
When I compile the first website, it always remembers my credentials I've entered before, like expected.
When I compile the second website, each time it forgets completely all credentials I've entered a minute before, and .ASPXAUTH cookie is not here nevermore.
What can cause the second website to do so? Where to start to search for the resolution of this problem?
Perhaps when the 2nd site recompiles some class or other object changes that is stored in the session so the application has to restart the session, but in the first site the only thing being stored in the session are standard .net objects that havn't been recompiled. Is this causing a real world problem, it is fairly usual to lose your session state when you recompile a website, but this does not cause any problems i the wild unless you are updating your live code several times a day and kicking users of the system.
I'm currently using the asp.net membership provider (with logins stored in db) to protect certain pages of my site. However, I also have non .aspx resources I wish to protect - word docs, excel spreadsheets, pdfs, etc. Is this even possible? If so how would I go about doing this?
thanks!
If you are running IIS 7 under the integrated pipeline (the default setup), all requests go through IIS. This means you have to do nothing other than setup your web.config. You'll need to do one little thing though, put the following attribute on the modules node under system.webServer:
<modules runAllManagedModulesForAllRequests="true" />
This ensures that the forms authentication modules run for your static content.
I have an aspnet webapp which has worked very well up until now.
I was recently asked to explore ways of making it scale better.
I found that seperation of database and Webapp would help.
Further I was told that if I changed my session providing mechanism to SQLServer, I would be able to duplicate the Web Stack to several machines which could each call back to the state server allowing the load to be distirbuted better.
This sounds logical. So I created an ASPState database using ASPNet_RegSQL.exe as detailed in many locations across the web and changed the web.config on my app from:
<sessionState mode="InProc" cookieless="false" timeout="20" />
To:
<sessionState mode="SQLServer"
sqlConnectionString="Server=SomeSQLServer;user=SomeUser;password=SomePassword"
cookieless="false" timeout="20" />
Then I addressed my app, which presented me with its logon screen and I duly logged in.
Once in I was presented, with a page that was not with the page I was expecting.
I can change the sessionstate back and forth. This problem goes away and then comes back based on which set of configuration I use.
Why is this happening?
Nice error Dude :)
Probably a red-herring, but what are you storing in Session state?
When you move from InProc to SQL Server, the stuff you store in SQL must be Serializable (I think)
Use Fiddler to see what's really going on over the wire. To me it looks like your app is sending back an image when the browser is expecting HTML.