I'd like to have the application at example.com use In Proc. And all other applications (example.com/app1, example.com/other_app, etc) use SQL state. Is this possible? I have created distinct application pools for each application.
I added a <location> element to all of my web.configs:
<location path="." inheritInChildApplications="false" allowOverride="false">
<system.web>
<sessionState />
</system.web>
</location>
This seems to keep everything separate now. I can now use "In Proc" in my parent app and "SQL session" in child apps and not lose any session data. (A complex object was lost in the parent app because (I think) it was somehow inheriting the session state from children web.configs.)
Should just work with multiple applications. This setting is per application.
Haven't you tried this?
Related
We're trying to leverage Azures deployment slots for an Umbraco site we've built.
By default Umbraco uses a DSN defined in the connectionStrings sections of the web.config and we want it to use the connection string for the deployment slot it's sitting in.
What we've tried
Azure deployment slots put all defined app settings (and connection strings) into environment variables and to access them we can use Environment.GetEnvironmentVariable() which works but there doesn't seem to be a way to tell Umbraco to do this.
So in OnApplicationInitialized() (in /App_Code/Core/UmbracoAppStart.cs) we loaded the connectionstring section from the web.config, grabbed the connstr from env vars, added the DSN to the connectionstring section and saved.
The correct connection string is grabbed and stored but this seems to recycle the app (due to a web.config change) and thus we just get timeouts. (Or Umbraco XML cache errors, or it takes 20 mins to load the page).
I know you can store the appsettings and connectionstrings sections in separate files. But the file attribute (that doesn't cause a recycle if the referenced file is changed) doesn't work on the connectionStrings section - only the configSource attribute and that DOES recycle if changed.
(from: ASP.NET web.config: configSource vs. file attributes)
Help
Has anyone found a way around this?
We simply need to get Umbraco to use the deployment slot connection string - not the one in webconfig.
I'm even willing to copy and paste blindly at the moment without understanding how it works - and I hate doing that :). But that's what happens when people agree when the client wants to go live just before Christmas...
You don't need to do any code to use Azure connection string or the app settings. Just give them the same keys/names as you have on your web.config and they will be used instead.
So if you have this on your web config:
<add name="umbracoDbDSN" connectionString="Server={server};Initial Catalog={db};Persist Security Info=False;User ID={user};Password={password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=300;" providerName="System.Data.SqlClient" />
Your slot configuration should be this:
To replace an app setting just use the same key. So for this:
<add key="umbracoUseSSL" value="false" />
You'd use this:
If you want the setting to be slot specific you have to activate the Slot setting checkbox.
I was considering using <sessionState mode="InProc" timeout="45" /> because some users are repeatedly logging in, and I would like to save them some time. However, before I add this to my web.config file, I wanted to make sure there would be no side affects.
I read up on sessionState versions, although I already am fairly aware of what goes on, I was curious to know what the default setting for an asp.net mvc 3 application was as there is no defined sessionState inside of my system.web at this time.
I know that the application has access to Session["key"] without the declaration, although I try to avoid putting that type of load on the Session. I would assume that there is a setting in IIS 7 which my application is inheriting (This application is on a shared hosting environment).
I understand that there could be issues if I was using a dedicated database or server for the Session, but this is just a basic setup as far as that goes, nothing fancy.
Is there a default sessionState for asp.net mvc 3? Is it just being inherited? Will there be side affects from overriding it in my web.config if it is defined elsewhere in IIS?
As of now the default Timeout = 20 minutes.
These are the default values for .Net Framework 4. I think they don't change because of MVC 3.
The accepted answer is correct, but possibly the OP is actually meaning to ask about authentication timeout which would be 30 minutes.
I know this is old but though it important to clarify that session state has nothing to do with authentication. The OP does not state what form of authentication is in use. Assuming Forms Authentication, then the default timeout for that is 30 minutes and is controlled in the <authentication...<forms element in web.config. I have found it best to have your authentication timeout set to less than your session timeout when using in-proc session. I tend to use out of process session as a preference, as it preserves session data from app-pool recycles.
I am fairly green at ASP.NET coding, even though I have done very basic tasks for a while.
Recently, I have been assigned our company's website, so I am learning more of the details.
I downloaded the project from Source Safe, and I am making changes in the code.
A co-worker and I were looking at the Web.config file, and noticed this under the <configuration> section:
<appSettings>
<add key="HR_EMAIL" value="myEmailAddress#work.com"/>
<add key="APP_MODE" value="TEST"/>
<!-- PROD is the production value for ssl pages -->
<add key="HR_EMAIL_SITE_A" value="myEmailAddress#work.com"/>
<add key="HR_EMAIL_SITE_B" value="myEmailAddress#work.com"/>
</appSettings>
where myEmailAddress#work.com used to list my actual email address.
My co-worker said, "Oh, you've changed it and removed my email address."
Uh, no I have not! I could care less if these people email me!
I'm guessing something configured on my local machine (maybe in machine.config) went in and updated these values whenever I rebuilt the project.
I have used a walkthrough recently published by Microsoft (Walkthrough: Creating a Web Site with Membership and User Login), but it was in a different project.
What changed these values? Surely I did not do this in my sleep!
Chances are that someone committed these values to source control.
You got the latest value - possibly your workmate has not updated this file in a while.
Take a look at the file history in Source Safe to see what happened with this value.
section, as the name suggests, is specific to application to store custom settings. Before ASP .NET 2, this section was used to store things like connection string used by the web application.
In you case, I am guessing that, you have an admin site/system that is writing out your email adress to app.config.
I have seen another scenario, where setting will be updated by the build/release script.
You'll likely find that due to differences in enviroments, in most cases you don't deploy a web.config from enviroment to enviroment. You wouldn't want test settings, like connection strings, emails, etc getting propigated to production.
When you're likely finiding is the config in VSS is a local testing copy and the production copy has different values.
I've read about the New Membership and Session providers, and the information in this article is that just changing the connectionStrings the database would build itself magically in my SQL Azure Database.
So, I first changed my connection to:
<add name="Project" connectionString="Server=tcp:xxxxxxxx.database.windows.net,xxxx;Database=xxxxx;User ID=xxxxxxxxxxx;Password=xxxxxxxxxxx;Trusted_Connection=False;Encrypt=True;" providerName="System.Data.SqlClient" />
When I tried to debug my app with the emulator, I got the error:
EFProviders require MultipleActiveResultSets=True for System.Data.SqlClient connection strings.
I researched about this error and realized that it was something related to Entity Framework. I tried to make an Entity Framework connection string with no success. In addtion, I read somewhere that SQL Azure doesn't support MultipleActiveResultSets.
So, I have 2 questions:
Is it true that if I run the application and register any user via website interface the Membership and Session tables, views and procedures will magically build in my SQL Azure database?
What am I missing to make my app run?
Detail: I didn't add any new item in Models folder. It's only AccountModels class, as it generates from MVC3 template.
Fortunatelly now I have the 2 answers:
Yes, it's true and very easy!
The mistake I did first time it was try to put MultipleActiveResultsSet as a new attribute in the connectionString line. The code have to be like this:
<add name="Project" connectionString="Server=tcp:xxxxxxxx.database.windows.net,xxxx;Database=xxxxx;User ID=xxxxxxxxxxx;Password=xxxxxxxxxxx;Trusted_Connection=False;Encrypt=True;**MultipleActiveResultSets=True**" providerName="System.Data.SqlClient" />
Edited
Now I found out other way to do that with AppFabric Caching for Session State. Just follow this tutorial.
I'm developing an ASP.NET MVC intranet website which needs to have a few different user roles (admin, editor, writer, etc.) and the backend uses SQL Server. I read this post by scottgu about role-based security and used that as a starting point. The steps I followed were:
Configured a DB using the asp_regsql.exe application
Set the authentication mode to windows
<authentication mode = "Window" />
Added a connection string entry to the Web.config,
<connectionStrings>
<add name="SqlRoleManagerConnection"
connectionString="Data Source=localhost; Initial Catalog=aspservicedb; Integrated Security=SSPI;" />
</connectionStrings>
Added a roleManager entry to the Web.config section,
<roleManager enabled="true" defaultProvider="sqlRoleManager">
<providers>
<clear />
<add name="sqlRoleManager" type="System.Web.Security.SqlRoleProvider"
connectionStringName="SqlRoleManagerConnection"
applicationName="MyApplication" />
</providers>
</roleManager>
Added some role code into the Application_Start() method of the Global.asax.cs file,
if (!Roles.RoleExists("Editor"))
{
Roles.CreateRole("Editor");
}
if (!Roles.RoleExists("Writer"))
{
Roles.CreateRole("Writer");
}
if (!Roles.RoleExists("SiteAdmin"))
{
Roles.CreateRole("SiteAdmin");
Roles.AddUserToRole("MYCOMPUTER\\Matt", "SiteAdmin");
}
Modified my controllers to use the roles:
[Authorize(Roles = "SiteAdmin")]
public class SiteAdminController : Controller
{
.
.
.
}
And this all seems to work at this point but I'm wondering if there is a better approach to handing roles or if there are problems with this approach. It's easy to convince oneself that the approach is a good one because it worked but I'd like to take a different approach now rather than later if this isn't the best approach to solving the problem. Elsewhere I'd read someone say this was "hack" but never really qualified why he wouldn't solve the problem this way. Your thoughts? Do you have a better what to solve this?
In some of my production MVC apps, I simply use the built in sql role provider. It works out of the box, your MVC3 templates will be configured to use it already. Simply open up the admin site from within Visual Studio and manage the security and add your roles, users, users to roles, etc and thats it. Do not use your web.config to manage what roles have access to what URIs, this has been recommended over and over to stay away from in MVC as more than one uri could potentially get to a single route, so you use (as you did) the Authorize attribute in conjunction with the automatic role management, and thats all you need. It's pretty simple.
Well there are two alternatives worth mentioning:
Configure your role based security right in the web config. This centralizes your security configuration, though it must be updated to mirror your paths / routing, so there's a bit of manual maintenance involved
Configure your role based security in the database and create custom Action Filter to read, cache, and apply these roles based on the logged in user. This is dynamic but a little more involved because you'll probably have to create an admin screen to edit the configuration.
Let me know if you need examples of these and I can link you.