Setup:
The main application is a classic ASP running on app-pool v2.0
Reporting application was added later on which was written in .Net 2.0 framework. The classic form model with aspx pages. The application was configured as an application under the main website (from 1)
The Reporting application is now to rewritten using MVC 3, and will be deployed similarly on the IIS as an Application under the classic asp website.
Problem,
The login page on the Classic ASP website stores the session ID on a cookie. This cookie is read every time Authentication is required. The MVC application needs to read this cookie but the System.Web.HttpContext.Current.Response.Cookies collection doesn't have it. The application (from 2) which needs to be replaced can however easily read it.
Things I have tried,
Made sure that the cookie exists by looking at the cookie collection for the main application (from IE8>Tools>Developer Tools> Cache> View Cookie Information).
Removed the IsolateApps setting from the the machine key.
Made sure the new application is using the same app pool, don't think if that will really cause an issue here.
Appreciate any help with this, Many thanks in advance.
Surya
You are probably not using the same cookie to fetch values in MVC, check the below link
http://www.codeproject.com/Articles/30723/Handle-session-variable-problems-between-classic-A
Related
I am currently using Oracle Application Express to design a demo application cause I am new to it.
The problem that I have is the following
create a work space that works 100%
create an application with pages and data in the application
when I work on a page that I have made in the application I can create it and insert info but when I want to save it then says session has expired but I have not left it alone I am still in the application
can anyone help me with it
I have run into this a few times while developing applications that do not require any authentication. If you are on a page that is "public" (does not require authentication) and try to launch a modal window that requires authentication, you will get an error that shows your session has expired (even though it hasn't). You can fix this by setting the page security on the page that is the modal window to "Page is Public". I have created a demo application on apex.oracle.com to demonstrate.
My solution directory has ASP.Net 4 web-forms project, that at present has all the development of my website.
The plan is migrate some of the existing front-end to ASP.Net5/MVC6 web application. And for that to happen, I have added ASP.NET 5 empty web application to the existing solution directory. The reason I have decided to use blank template is so that I can add all the required capabilities myself, and understand the flow better.
Capabilities like MVC, Session, Caching, Logging etc.
I have added MVC capabilities. And to add Session related capabilities I have followed the steps given in the below documentation,
https://docs.asp.net/en/latest/fundamentals/app-state.html#installing-and-configuring-session
After this, I am able to add the access the Session in my controller class. I can put some values in the session and can access it in view to verify Session is operating fine.
Both of my web applications (ASP.Net 4 and ASP.Net 5) would be running side by side, and I want to enable user to navigate back and forth with a single sign on. That effectively means, they to share same session.
And hence, I am looking for a way to access SessionID from the Session, so that I can check whether the value is same for both the websites, however there is no method that gives me SessionID...
Can someone explain why it is so and how to retrieve unique session identity?
I have asp.net mvc3 application with forms authentication. But the our client request AD authentication as well. But the mvc3 app is hosted outside the clients network. What are the possible solutions for this.
Get permission to access the clients network from remote server.
Get an API to access the active directory data from webserver.
If we choose opt one how could we access active directory for authentication from outside the client network. I anybody have any idea or better options please let me know. Thanks in advance.
My guess is that the Microsoft security products can support this out of the box but I'm not sure how so I suggest that you direct your question to whoever supplies your client with their Microsoft product support.
If you'd rather build a solution so that you've got more control over how it works a quick search found an interesting approach at https://support.freshservice.com/support/solutions/articles/169196-setting-up-active-directory-single-sign-on-sso-for-remote-authentication where they created a simple ASP.Net web site that used AD authentication for sign-on. MVC 5 can build a WebApi site that does that just by creating a new project in Visual Studio with the right options.
That site wouldn't have to do anything except confirm that the credentials supplied were valid or not. Your application would ask the user to enter login / password details, then send a (properly secured) web request to the authentication site to determine whether they're valid. As long as you keep the communication between your server and the client web service tightly secured this should do what you need without much fuss. That approach removes the need for your server to communicate directly with the client's AD server.
I am developing a SharePoint app that communicates with social feeds such as Twitter, Facebook (the user has to sign in ofcourse through the App using OAUTH). My problem is that everytime I deploy the app (using VS) it generates a new url and I need to keep registering this url with the community sites (Twitter, Facebook). Is there another way to overcome this problem.
I guess you are talking about the App Web wich is created every time the application is deployed (url has a form like that https://prefix-id.tenantdomain.tld/pathOfWebItHasBeenDeployedTo)
This is by design and here is some documentation about it
Then I guess the problem is because you're using OAuth implicit flow which requires url not to change over time. Unfortunately this is a by design limitation, to work around that you'd have to transtion to a provider hosted application. (therefore hosting it on your own server with a fixed url)
I'm learning how to write simple websites with MVC 3. I have a little problem with loging on to my website. I created an account via ASP.Net Configuration site and there is no problem to log in unless I try to do this not on localhost. When I use log in form on my published online site, it takes a while and redirecting me to /shared/error. What did i wrong? Maybe I forgot about some libraries? I use default Account system, just this one which is created in new Web App project.
What are you using for persistence on the server? the ASP.Net Configuration is creating a user account in a database. If you don't explicitly specify a database, one is created for development purposes for you, but it is not copied to the server.
Also, there are some tables inserted into the database for you by the ASP.Net Configuration site for supporting users, roles, etc. These tables would need to be created on your server. see Creating the Membership Schema in SQL Server
If possible, you should consider MVC 4 instead of MVC 3, since the pre-built templates for it use Simple Membership instead of the full featured ASP.net Membership providers. Simple Membership uses only a few tables, and the views and stored procedures have been removed.