c# - Application stops generating login cookies -
i've been searching answer while problem seems quite complex , i'm struggling find answer.
i'm beginner software developer working start company , have completed first version system use multiple users. locally testing software had no problems, since publishing software windows 2012 server on iis have found major problem login system.
when program uploaded multiple users can log in , use program no problems, (seemingly) @ random login system stops functioning on computers logged out. logged in can logout , log in account or other, logged out @ moment complete lose access system.
when using developer tools on chrome appears these computers stop generating cookie created when logging in , redirect login screen.
the systems still recognise incorrect logins , happens different computers each time upload program.
i appreciate vague question, i'm pulling hair out on it!
as said beginner , new hosting on business servers , don't have experience identity or login systems in general appreciated.
i want know problem iis, if in iis should looking? or servers security settings?
is there efficient why debug while running on server?
if problem sounds coding issue identity files have been edited let me know class , ill post code.
thanks!
edit:
global.asax.cs
public class global : httpapplication { void application_start(object sender, eventargs e) { // code runs on application startup webapiconfig.register(globalconfiguration.configuration); routeconfig.registerroutes(routetable.routes); bundleconfig.registerbundles(bundletable.bundles); //creates roles , adds admin on first start rolecreator rc = new rolecreator(); rc.createroles(); rc.addadmin(); } }
startup.auth.cs
public partial class startup { public void configureauth(iappbuilder app) { // configure db context, user manager , signin manager use single instance per request app.createperowincontext(unitcontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); // enable application use cookie store information signed in user // , use cookie temporarily store information user logging in third party login provider // configure sign in cookie app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, cookiename="trackercookie", loginpath = new pathstring("/login/login"), provider = new cookieauthenticationprovider { onvalidateidentity = securitystampvalidator.onvalidateidentity<applicationusermanager, applicationuser>( validateinterval: timespan.fromminutes(30), regenerateidentity: (manager, user) => user.generateuseridentityasync(manager)) } }); // use cookie temporarily store information user logging in third party login provider app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); // enables application temporarily store user information when verifying second factor in two-factor authentication process. app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); // enables application remember second login verification factor such phone or email. // once check option, second step of verification during login process remembered on device logged in from. // similar rememberme option when log in. app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); }
problem solved.
for same problem, issue caused bug called 'katana bug #197'.
the easiest fix download 'kentor.owincookiesaver' nuget package. , add app.usekentorowincookiesaver();
above application cookie config in startup.
https://github.com/kentorit/owin-cookie-saver
// kentor.owincookiesaver 'katana bug #197' (login cookies being destroyed on logout!) app.usekentorowincookiesaver(); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, cookiename="logincookie", loginpath = new pathstring("/login/login"), provider = new cookieauthenticationprovider { onvalidateidentity = securitystampvalidator.onvalidateidentity<applicationusermanager, applicationuser>( validateinterval: timespan.fromminutes(30), regenerateidentity: (manager, user) => user.generateuseridentityasync(manager)) } });
microsoft aware of issue , resolved in 2015.
Comments
Post a Comment