I have a simple MVC3 app in .NET 4.0 framework which does not use sessions. It uses windows integration (AD groups) for authentication. It is deployed on 2 servers (both Windows 2003 and IIS 6). To get MVC3 to work under IIS 6 I have a workaround wherein I added a wildcard map. The app works fine on both the machines when I access them directly.
I would like to use a HW load balancer so that I can rotate between both the servers seamlessly. And since my app does not have any sessions this should be fairly easy (I hope). What I would like to do is make sure the app is running on the server before LB sends the request to that app. It could be as simple as checking if keepalive.htm file exists in that app. Since the number of users for this particular app is very low I do not want to device a very complicated solution. I tried implementing the keepalive solution but I keep getting 401 error. Even after I made the file readable by everyone and gave it anonymous access (so no authentication required) it still gives me the same error. I have a feeling that my workaround to get MVC3 to work for IIS 6 is getting in the way.
Any ideas on how to load balance a simple MVC3 app so that Loadbalancer can check if the app is up before forwarding the request?
Thanks for the help.
Related
I'm developing a GraphQL API on Laravel for mobile and web applications. One of the frontend developer asking me to disable CORS on the server side because he cannot work with the API due to CORS problem. The Vue application on his localhost is making requests to my Test API which is on a URL.
From what I understand this isn't problem for the server side, CORS is s security measure for the server. I believe for development Vue developer need to handle this problem with adding a proxy to his localhost.
You are both responsible to get the application done and pointing fingers at one another does not solve this problem. This is not a technical problem.
Adding a proxy to the frontend development environment is one way to solve this problem. Another way is to whitelist the domain they are working on, or even putting a wildcard in there as the frontend developer suggested. CORS is a security feature, but it is meaningless for a development environment that does not contain any production data. Being able to get a development environment up and running without jumping through a lot of hoops helps productivity.
Work together. Your responsibility is to create an application, and without a frontend you are also failing at your task of delivering that application.
I am running two Windows server 2016s with IIS 10.0.14393. One server for staging purposes, and one for production.
The application has one "front-end app" and one "back-end REST api" running on the same IIS server. The front end communicates with the backend (suprise!). The difficulty I am facing is that the staging server works as expected, i.e no "Sign in" box appears when entering the front-end web page (React). However, on the production server this box pops-up.
When the page is loaded, there is javascript that fetches some information from the API, and it seems that this async fetch is causing the pop-up to occur (the request is in pending mode until login).
I have studied the configuration of IIS on the two servers but can't seem to find any obvious differences.
Both instances have both windows authentication and anonymous authentication turned on for both front-end and backe-end. I need this as the API has different types of authentication for the endpoints.
Anyone that has solved a similar issue?
Thanks
If someone experiences a similar issue the following link may help: https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password
In my case I was sending the request to the api with the full domain url. The problem was fixed by just using the machine name (and port in my case) when sending the request. If the whole domain with punctuation is used, the system believes that the request is meant for the Internet and not the intranet, and will not include any credentials.
Another, and probably more robust solution, is to add the site in question to: Internet properties -> security -> Local intranet -> sites -> advanced.
I'm trying to create a simple Xamarin application that would need to use a local ADFS to identity the user. Indeed, I wrote an internal web application in ASP.NET Core but the client would like to have a light version as a mobile app, therefore, I need to authenticate the user the same way I do it for the web application: using ADFS 2019 + OAuth/OpenIdConnect.
However, I did some researches on Google and I find nothing talking about that specific case. Most articles concern Azure but I don't want to use Azure, I want to use a local ADFS.
Can anyone provide me with a link or some idea about the way to achieve this?
There's a set of good articles here that cover ADFS and OIDC.
The libraries are the same as the Azure ones - just the parameters are different.
I have deployed a ASP.NET MVC 4 w/ SignalR application of mine which is working fine on all clients, except one. When using Chrome Dev tools to debug the page I see that the SignalR transport method is ServerSentEvents and that the SignalR GET requests have a status of 'Cancelled'. This is the case in both Chrome Latest & IE 9 Browsers.
This problem is specific to a single client. A few things I have tried are:
Disabling Windows Firewall
Adding my site to Trusted Sites with
Security settings 'Low'.
As a bit of a background on the client.. they are part of a corporate network running Windows 7. Another computer on the same network had the same issue, however, this was fixed by adding my site to 'Trusted Sites'.
AVG Internet Security was blocking these requests. Disabling 'Online Shield' meant the app returned to normal working order.
I am developing an MVC 3 Canvas app. Is it possible to debug locally rather than hosting it somewhere?
Thanks
I am developing some app in PHP at the moment, but I guess the language doesn't matter. Just set the app address to your local development address. The page is loaded in an iframe, so your computer maps it to whatever it thinks is the correct ip. Facebook doesn't care about where the page is hosted.
However, the communication of the API with facebook will be a bit slower than between Facebook and your production server. So don't worry if the App seems to be very slow.