IIS Configuration :: Membership Forms Authentication Cookie Clears On Application Pool Recycle
Jan 28, 2013I use Form Based Authentication in my siteIn my login page I have:
FormsAuthentication.SetAuthCookie(user.userName, true)
I use Form Based Authentication in my siteIn my login page I have:
FormsAuthentication.SetAuthCookie(user.userName, true)
My application is running in a shared hosting environment. I do have a dedicated App Pool for my app. I've been doing some testing with 1st visits and precompile performance and have been tracking when my application starts up and shuts down.
In my Global.asax I have some logging code in Application_Start and Application_End. I can see from my logs generally when the application is idle and shuts down, then someone visits and it starts back up.
But, I also see cases where a shutdown is logged and then followed by another shutdown about 13 minutes later; without a startup in the middle.
I also see instances where there are two Startups in a row. I'm guessing these might be a recycle, but why wouldn't there be a shutdown log entry?
What I'd really like to know if there is a better way to track when my application starts, when it shuts down and if it is shutdown due to an idle pool, or from a recycle. I don't have access to the Windows Event Log so I need to do this from my app if possible.
I have a number of ASP.NET (4.0) web applications that appear to leak (a small amount) of memory during each request. It is such a small amount, that for most use-cases, it will not grow to become a problem for weeks or even months at a time. I generally try to be good with closing any connections managed by the application, avoiding state-variables (or instance variables for my singleton), etc. My question is this - is this normal behavior for ASP.NET applications? I had turned off the default (IIS 7) behavior of recycling the app pool after 20 minutes of being idle. I do this since the application takes a few minutes to build its internal cache, and I want to avoid negatively impacting the user experience (and having them wait for the application to start when they issue the request).
View 1 RepliesI'd like to describe strange issue I've noticed while analyzing my asp.net application in production and ask for some advice or opinion on the following matter.Application usually runs with some 80-90 MB of memory footprint. This seems stable since no memory leaks have been detected so far - no slight increase in memory usage over time. Yet, problem occurs when application pool recycles (I'm using shared hosting and judging by logs it occurs either when app is idle for 20 mins or every ~30 hours - something like that). The issue is that used memory almost doubles for some period on recycle - it goes to some 160-170 MBs without any explanation. This is confusing, since it is common claim that recycling should purge the memory and all other resources - at least I get it that way. System holds this amount of memory for some 7-8 hours and then memory usage drops to it's usual level of 90-100 MB, again, with no apparent reason (at least not know to me).
View 1 Repliesmy web applications app pool configuration is
PeriodicRestartMemory : 512000
PeriodicRestartPrivateMemory : 196608
although the virtual memory limit is higher than private memory, app pool is recycled with virtual memory limits exceeded errors in the event log (instead of private memory).
what is the reason for this? how could it exceed virtual memory limits before exceeding private memory limits? it seems that systems other allocations in virtual memory cause limits exceeded before applications private allocations exceed the limits, but what are those allocations of the system? or what is the root cause of this.
My WCF Service isnt restarting after the app pool recycles. I have no control over how often the pool is recycled (shared hosting) .How do I get the wcf service to restart on pool-recycle ?
View 1 RepliesAll we have a global ships position tracking website which runs smoothly until IIS application pool recycles.When there is workerprocess recycling looks like session state expires as a result i loose all session data and when customer clicks refresh button he is redirected to login page.
In web.config Session state mode is set to InProc so i changed it to State Server but to my luck i have MAP object which is not serialiazable which is causing the maps from not appearing on the website.I tried adding serializable attribute to the object class but still not succesfull.Our website is accessed by our customers whose count is more than 1000.
Changing the session state mode from InProc to StateServer can really slow down the response time so
Is it good to go further fix the serailizable issues and move to state server?.
Is there any way I can retain my session data when application pool recyles?..
Stopping Application pool from recycling may not be a good idea considering health factor of web server.
Without reading the whole text below, since this is on the ASP.Net side ... basically I think I need to know if there is a way to reduce the size of the forms authentication cookie. When using a DotNet 2.0 website, the ASPXAUTH cookie is about 232 bytes ... when using the same source code but upgraded to DotNet 4.0. the cookie is approximately 264 bytes, setting the ticketCompatabilityMode does not reduce the size since I think the default setting is Framework20. I length of the cookie, including the its' name can not be larger than 256 bytes in order to use it with the "Client Application Services".
I only did a cursory search of the asp.net forums, but will dilligently look for an existing solution.
----- BACKGROUND AND RESEARCH -----
I have been using all three features of client application services (authentication, profiles, and roles) in my windows app (DotNet 3.5 framework) for almost two years now. Up until now, I have not had any problems. This week I hit a brick wall and am pretty stumped with two seperate but related issues.
Issues:
In development, we decided to upgrade our websites/services to DotNet 4.0. All applications upgraded successfully. However we are unable to log into our application using Client Application services. No matter what user we use, Membership.ValidateUser returns false. Since we know the username and passwords, we thought this was strange. When debugging the application, we found that Membership.ValidateUser was throwing an InvalidOperationException (see below for complete exception) stating that the ASPXAUTH property was too long, longer that the schema created in the SQL/CE database. (See below for things tried).
In production .. A user all of the sudden could no longer gain access to the application. Upon inspection, his ASPXAUTH cookie was 264 characters long (9 characters longer than the schemas nvarchar(256)). Even though the user was being authenticated on the "server side", and the JSON query returned "{"d":true}", Membership.ValidateUser returned false. Again, as in the case above, the actual error was ...
Message=@PropValue : String truncation: max=256, len=264 ...
I am assuming I am missing something very simple or that I overlooked a settings. In development, this is not a huge issue as I can release the Dotnet 4.0 websites when I am ready. But now that this has happened to a client on a production system, it is very worrisome.
[code]....
I am asking this out of curiosity. I got the following error when this is not enabledAn attempt was made to load a program with an incorrect formatThis is related to loading a class library but this particular class library is compiled for any CPU with VS2010 64 bit running on Win7 64-bit
View 4 RepliesI am working on Windows 2008 Server (64-bit). I want to execute my web service as a pure (native) 64 bit service. All the assemblies referred by the web service are currently built as 'AnyCPU'.
When I publish the web service to IIS, and configure it to run under a 64-bit application pool (by setting 'Enable 32-Bit applications' = false), attempt to access the web service gives the error 'Application is not a valid Win32 application' because of a BadImageFormatException. This appears to indicate that somewhere an attempt is being made to load a 32 bit assembly. But the error does not provide any information about which assembly was found with an incorrect format. I have checked all the assemblies in the bin folder using corflags and they are bit agnostic.
I tried using the fusion log and identified a bind failure with VJSharpCodeProvider (though my service is coded only in C#). The runtime is not able to find the VJSharpCodeProvider because it is present in the GAC as an x86 assembly.
Is VJSharpCodeProvider the cause of the problem? I guess this is not the case because of the type of exception (BadImageFormatException). If I am correct, then how do I identify the assembly that is causing this exception?
If I change the property 'Enable 32-Bit applications' to true for the application pool, the service works fine, but I need native 64-bit execution.
I have developed my web site, now i need to set up a space on the server for it.
I have added an application pool in iis and created a site but im not sure how to link the 2 or what to do next.
"My application (ASP.NET) writes certain files in folders on my servers. In IIS 6.0 I used to give write access to IUSR account so that IIS can write to the folder. Now what I see is my application pool runs under App Pool Identity account. That is good but users are able to create files in the folders without App Pool Identity user being given specific permission to do so.
View 2 RepliesOur website has all of the publicly accessible pages at the root and private pages (login required) in a folder below the root (call it "private").Private pages are accessed as
www.oursite.com/private/somepage.aspx.I want to run the pages in the private folder in a separate application pool without changing the URL for private users.I tried making the private folder a virtual directory but then the pages in the private folder did not render(I think because it did not find a web.config in the private folder).Is the answer to simply put a copy of the web.config that resides at the root in the private folder or is that problematic?
I have a web site running on IIS7 on a remote server. I would like to do the following: Create a new subfolder under the root virtual directory. Create a new app pool. Add this new app pool to the new subfolder Normally, I would do this manually in IIS by first creating the app pool, and then right-clicking the sub folder an choose "add application", but I need to do this programmatically in C#. I've managed to make the above points 1 and 2 work, but I can't find the way to adding the application to the sub folder. This is the code I have used so far for 1 and 2:
[Code]....
So, I need to add "MyAppPool" to the "NytSite" folder. Is this even the correct way to do this?
Apologies if this seems obvious, but after a week searching I can't find a clear answer to my problem.
I have developed an application in Visual Web Developer 2010 Express that uses the asp.net application services membership provider. It works well in development on my machine (data in the ASPNETDB.MDF database).
I packaged my application and deployed the relevant files with FTP to my shared hosting provider.
I took a copy of the ASPNETDB.MDF and restored it to the SQL Server 2008 on my shared hosting. I can connect to this through the Database Explorer in Visual Web Developer, but it doesn't contain any schema or data.
I know once I have the database in production I will have to make sure the connection string in web.config is poiting to it, but I don't know how to get the DB to production in the first place.
We have a non-SSL ASP.NET web app that allows a user to login (ASP forms authentication, inproc).
Once authenticated, we redirect their browser to an external, SSL secured page on another web site / domain altogether that we do not control.
The client is redirected back to a pre-configured url on our original http web app when done.
However, the customer is then asked to "re-login" again on our side which is undesired...
It seems the forms authentication cookie is destroyed when transitioning between HTTP and HTTPS and back again.
How can I keep the forms authentication cookie alive so that the customer does not have to re-authenticate on the round trip?
I've been asked to upgrade a few applications and I'm planning on merging all of them into one asp.net application. I'm fine with this decision and have spoken with fellow workers and they also think it's the best option to go with.
The application will be accessed from a small group of users which belong to a larger domain. I'm currently planning on using Windows authentication and only allow this small set of users to access the asp.net application. Also there must be some role management, so that only certain users can view certain functionality.
I really don't want to have many different windows groups; so I want to avoid having to assign different windows groups to different folders and control permissions in the web.config.
What I'd like to do is:
- Assign one windows group to the small group of users who will access the page.
- Create a custom membership provider and control the user who accesses the application. Depending on the user I will then assign his current set of roles.
- Add an application setting to the web.config, with the name of the current administrator, so if he logs in, he will be assigned all roles, and will be able to create and assign roles to other users.
I'm working in Visual Studio 2010 Professional. I have a web application based upon the standard ASP.NET Web Application, which contains the aspnetdb.mdf SQL Express database for forms based security. For testing deployment, I'm trying to use the Publish option to publish the web app to IIS 7, which exists on the same machine that I'm building the web app on. The machine is running Windows 2008 R2.
I went through the Help file to set up the deployment of the database, using the Package/Publish SQL tab in the site properties. I followed the help file to the letter, or so I thought. I go to publish to the virtual directory I set up on IIS and it gives me errors, specifically saying the following:
Web deployment task failed.(The database'|DataDirectory|aspnetdb.mdf' could not be created.)
I took this to mean the the path isn't valid for publishing to, which makes sense. So I changed the destination path to the fully qualified path (C:WebAppsApp_Dataaspnetdb.mdf) and ran it again. This time I got the following error:
Web deployment task failed.(Cannot connect to the database 'C:WebAppsAppDataaspnetdb.mdr'.)
I looked at the security for the folder and everything seems fine. Now I'm stuck.
My question is - can anyone tell me what I'm doing wrong, or supply a list of steps to follow, or give me a link to a site that has clear steps as to how this is done?
We recently had to enable Memory Recycling on a 2.0 app pool (IIS6). We checked both boxes, leaving in the default values of 500 MB for virtual memory and 192 MB for used memory. Here's where it gets interesting. Every 60 seconds, on the dot, the worker process is forced to recycle.Our tests were spamming the site with concurrent users trying to get the virtual memory up to 500MB, but we never could (as viewed in task manager). However, that didn't matter. We tested it by simply recycling the pool and hitting one page, once, and seeing around 30MB allocated and then just waiting 60 seconds and watching the process die in task manager (and a new one start up).We've increased the value for maximum virtual memory to 768MB and the issue *appears* to have gone away, but just arbitrarily accepting a fix isn't how we like to do things. I haven't found any officially reported bugs, kb articles, or solutions on blogs that point to what is causing this. To me, this means either it's some crazy environmental issue or the answer is really obvious and we just can't see it.
View 1 RepliesI have made changes to my global.asax file so i want to recycle my web application to make the changes work. How to safely recycle my asp.net web application in production server?
View 3 RepliesI have a Silverlight application using a WCF service hosted in IIS. I make use of some aspects of ASP.NET. I have the following folder structure for my application:
inetput
wwwroot
myapp
reports
{user-guid-folders}
report1.pdf
report2.pdf
App_Data (folder)
bin (folder)
Client_Bin (folder)
(various .aspx files, plus web.config, etc.)
The application dynamically generates reports and puts them in a folder with a GUID for the name which is unique to the user. This all works fine. However, when the user logs out I was cleaning up and deleting the PDF files in their folder, then deleting their GUID folder.
Deleting the files works fine, but if I delete the folder, the application recycles (which then removes all other users' sessions - I get a Session_OnEnd event for every user's session, and an Application_OnEnd event. The next user request causes the whole application to restart. So, while I can fix this by not deleting the GUID folder (which my application itself created), what is the reason for this? Is there any way I can prevent this from happening?
we are developing asp.net web application with form authentication in IIS 6 - Windows server 2003.the application is working fine.but if we call any .html extension we are getting the following errors,
"Internet Explorer cannot display the webpage - Diagnose Connection Problems "
I have 2 websites running on localhost in different ports. As browsers do not differentiate port numbers when sending cookies, my forms authentication ticket from one site is being sent to the other
How do I solve this? I thought that a good solution would be to change the forms authentication ticket or one of the websites but I don't know how to do this.
We're currently deploying code to live pretty reguarly at the moment, but the down side is destroying user session data.
Is there a way of being able to recycle IIS without loosing session data, or is persisiting session state in SQL server or alike the only way?
I have a CentOS 5.x server running Mono 2.8.1 and mod_mono 2.8 with apache2.
Every time I deploy a site from visual studio 2010 to my server by ftp, and navigate to the site, I get a 404 not found error page.
Sites in other subdomains (virtual hosts) are not affected.
Performing a restart of httpd using /etc/init.d/httpd restart fixes the problem, and I can view my ASP site again. Obviously restarting the entire httpd process is less than adequate.
My guess is that this is similar to application domains in IIS. Is there a way to 'recycle' and app domain in mod_mono? Can I set this to happen on deployment?