Vbulletin Authentication Issues Constantly losing session - session

I have a Vbulletin forum which somewhat randomly seems to be losing session authentication information somehow. I log into the site directly from home page as admin and navigate to another page, and all appears like i never logged in, the login information is missing. Has anyone else experienced this problem with vbulletin. Im running VB5 Connect.
Cheers
V

I believe after a long time of trial and error that there must be an issue with the way the my Elastic Load Balancer was configured. I had been hosting the vbulletin service on EC2 behind an ELB. I now have the site setup directly by the server IP without load balancing and seems to be working ok. Unfortunately I was not able to get any information from the people at vbulletin so i've now beefed up the server and left it without load balancing. Perhaps something for someone else if they encounter this.
Cheers

Related

Why is intertactive Broker Client Web API fails due to proxy remote host setting?

The Interactive Borker (IB) has a setting for the proxyRemoteHost which is like this "ib.abcd.com". This config won't work unless it's changed to "X.ib.abcd.com", where X = [1-5]. We need to specify a server to make it to work. Although this looks good for DEV purpose, in product we don't wanna specify the server instead use the base URL.
The Interactive Broker team has been troubleshooting this issue for a while and not able to pin point any reason. I really appreciate if anyone can help me understand probable causes behind this issue, so I can give more input for the relevant team to fix this issue. I can't add the logs due to some sensitive information in them. In logs, we can see the SSO authentication always fails while using proxyRemoteHost setting as base URL ("api.abcd.com") but works when we specify a server ("X.api.abcd.com"). No further info in the logs that mentions any reasons behind the failure.
We have tested this on latest Chrome and Firefox with CORS enabled. Also, once in a blue moon, it works fine with the base URL which totally surprises me.

Windows authentication box pops up with integrated authentication on web page

I am running two Windows server 2016s with IIS 10.0.14393. One server for staging purposes, and one for production.
The application has one "front-end app" and one "back-end REST api" running on the same IIS server. The front end communicates with the backend (suprise!). The difficulty I am facing is that the staging server works as expected, i.e no "Sign in" box appears when entering the front-end web page (React). However, on the production server this box pops-up.
When the page is loaded, there is javascript that fetches some information from the API, and it seems that this async fetch is causing the pop-up to occur (the request is in pending mode until login).
I have studied the configuration of IIS on the two servers but can't seem to find any obvious differences.
Both instances have both windows authentication and anonymous authentication turned on for both front-end and backe-end. I need this as the API has different types of authentication for the endpoints.
Anyone that has solved a similar issue?
Thanks
If someone experiences a similar issue the following link may help: https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password
In my case I was sending the request to the api with the full domain url. The problem was fixed by just using the machine name (and port in my case) when sending the request. If the whole domain with punctuation is used, the system believes that the request is meant for the Internet and not the intranet, and will not include any credentials.
Another, and probably more robust solution, is to add the site in question to: Internet properties -> security -> Local intranet -> sites -> advanced.

Can't authenticate to YouTube Data API anymore

We have two sites setup using the same API Key for uploading videos, one is the public server, another is on my local machine.
Even though they both use exactly the same credentials, the one on the public server is not working anymore (we're using https://github.com/laplacesdemon/django-youtube), throwing an error that credentials are incorrect.
Weirdly, I don't know where can be the problem.
There was one thing on our server, though, we changed the location so the IP address has changed.
Might it be this?
The IP list on the Server Key settings on Google Console is empty, and on the APIs requests graph I can see requests but can't find any log associated with them or something like this to see what's wrong.
Anyway, I guess the access is somehow blocked and there is no way to unblock it.
If anyone experiencing same issue, just create a new YouTube account! The only way of solving it, apparently.

ASP.Net windows authentication seems not working

I have a web application with Windows Authentication enabled. It is working only with localhost though I have set Bindings. Ping to IP and hostname returns result.
Any help would be appreciated
Have set authentication to windows and impersonate to true. NTLM has been moved up.
Also tried adding the site to Intranet and Trusted Site list. Windows authentication is enabled in IE as well.
Both the server and client is on the same domain ... in fact it is not at all working in server itself.
Any help would be appreciated.
With the detail you've given it is a bit hard to give concrete advice so I'll give you a method I've used over the years to try and track down where the issues is.
With the current setup put an image on your webserver and try to retrieve it in the browser using the exact address. Do this on the server itself first and if that works then do it on a client machine.
If it works on server but not on client then there could be a client browser issue/a network issue/a dns issue.
If it doesn't work on the server then change the file level and IIS permissions to anonymous for just that image and the folder / website it is in. Then test the URL on the server in a browser and on a client in a browser.
If it works you've got a permissions issue with NTLM.
Hope this helps you narrow things down.
Dorje

Logged out of applications intermittently

I have a siteminder protected portal which has links to many applications that are also protected by siteminder. SSO is implemented between the portal and the applications.
The issue is that when we login to the portal and browse through the applications, it happens sometimes that we suddenly get logged off from the portal for no reason ( no time out, it can happen even for as less as 1 minute).
Issue is reported for a small group of users and it happens on IE as well as Firefox browsers and it happens randomly.
1.Local system time on the policy servers, proxy servers and the user's machine are in sync
2. additionally when I check with Fiddler on the cookies are still there , but we still get logged off from the portal.
Any ideas for this?
Are you using a persistent session store? This may happen if the validation period is not setup properly.
This may also happen if one of the policy servers has a different encryption key from the others. If you can enabled the trace logs on the web agent, it should give you a decent idea about the reason the cookie is being rejected.

Resources