Security :: Load Balancer / How To Make Cookie As Secure In Site

Oct 28, 2010

I have a doubt regarding secure cookie.

I have four servers 2 App Server(behind firewall) and 2 webservers and each server is accessing through Load Balancer.

App Server is a modules for Data Access layer and webserver is for Presentation layer.

My Issue is My Load Balancer has Secure certificate installed but certificate is not installed on servers and I want to make cookie as secure in site , as per my understanding " cookie should be set as secure only for SSL site other ways new session will get create every time" so should I install SSL certificate on webserver to make my cookie as secure or will it work properly even if only Load Balance has SSL.

View 5 Replies


Similar Messages:

Trying To Create A Load Balancer (hardware) Rule Which Will Keep Track Of Sessions Based On The Aspxauth Cookie

Apr 19, 2010

Can somebody explain what ASPXAuth cookie does?

My website uses forms auth and I am trying to create a load balancer (hardware) rule which will keep track of sessions based on the aspxauth cookie. Is it safe assume that the value of the cookie is unique?

View 2 Replies

Architecture :: Invalid_Viewstate - While Accessing The Web Site On Load Balancer

Dec 3, 2010

we have an web site access on PRODTEST Environment . We are facing an issue site works fine when we try to access the site using the Individual Server names (with Ip address).

View 2 Replies

Make Site Secure?

Jan 31, 2011

I have precompiled and encrypted my webconfig. What else could I do to make my site secure.

View 2 Replies

Security :: Read Xml File From A Secure Site?

Feb 8, 2010

I don't think the site has a web service available, so I need to pass the login credentials and read the xml file (e.g.https://www.somesite.com/needthisfile.xml). What do I use to do this?

View 1 Replies

Security :: Screen Scraping On A Secure Site?

Jan 7, 2010

I'm trying to write a small application to collect(Scrape) one piece of data from a web site. I would like to be able to simply run the app and it will open the page, find the one piece of data and display it. So far so good...my problem is that the web site is a secure site, meaning I have to provide a user name and password. I've searched all over the web, found many discussions but have yet to find anything that provides specifics on how to accomplish this. I understand a little bit about tokens etc, but I'm really looking for a detailed description of how to do this. Please feel free to direct me to a different forum if I'm in the wrong place.

View 3 Replies

Security :: How To Secure Site From Multiple Logins Of Same User Id

Apr 8, 2010

Requirment is to stop more than one user to login at a time using same user id.I am storeing user id in session. I searched the internet and found some ways but somehow they do not work in these situations:If javascript in brower is turned off. If user do not click logout and directly close brower.

View 3 Replies

C# - Cookie In Default Not Secure But Secure In SSL?

Aug 10, 2010

I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.

I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.

Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..

Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".

this is the case for all other pages after default. the value of the cookie.secure is false.

why is this happening as i want all the pages to be secure by SSL.

Also the pages are opening as https not http.

here is my web.config

[code]....

View 1 Replies

Security :: Session Cookie Does Not Contain The "secure" Attribute?

Mar 10, 2011

i am trying to secure cookies in my asp.net 2.0 web application but web i try to use the following code in web.config

<httpRuntime enableVersionHeader="False"/>
<httpCookies httpOnlyCookies="true" requireSSL="true"/>

View 3 Replies

Security :: How To Make A Secure Login Page Using Sql Database By Matching A User Name And Password

Dec 31, 2010

How to make a secure login page using sql database by matching a user name and password and redirect them to differnt page as admin and user

View 2 Replies

How To Get A Host Name Behind A Load Balancer

Aug 18, 2010

I have a couple of servers and a load balancer. I want to show a server name which is currently serving the page.

I am using HttpContext.Current.Request.ServerVariables["SERVER_NAME"] and HttpContext.Current.Request.ServerVariables["LOCAL_ADDR"] but is shows the same data for all servers (load balancer information is shown but not the information about exact server name).

How to get a relevant information?

View 2 Replies

Session_End Event Behind Load Balancer

Jan 28, 2010

I'm creating web application behind load balancer. To this moment I configured it to store session in database but I'm not sure how should I handle session expiration. The problem is not sessions are not removed from database but Session_End event because I have to call some web service method in it.

Assuming Session_End is called when expires the thing I'm afraid of is situation when session is created on one server but finished on another. In this case I'm afraid Session_End on first server will be executed prematurely and I will call web service too early. What would you suggest in this situation?

Edit:

I remember some time ago reading about Sql Agent reacting to session end event and then performing custom code. Can anybody confirm that this solution is possible?

View 2 Replies

Load Balancer In Application Using Two Servers

Jan 5, 2011

We are using Two servers for our application managed by a load balancer. One of which server contains Windows server 2003 & other one contains Windows server 2008. When a request is served by windows 2003 server and its subsequent goes to the other one (2008 server). Users gets log out. Are we need same Operating systems on both systems because( when request served by 2008, and subsequent on 2003 is served without any issue).

View 1 Replies

Configuration :: WebResource.axd Not Found Over The Load Balancer

May 16, 2010

I have published a website and installed it on my local machine and it works fine, but when i install it on the both servers who controlled from the load balancer i got an error like the WebResource.axd not found. how can i resolve this problem? i have checked the IIS for axd mapping, the "Check that file exists" is unchecked for both servers.

View 2 Replies

AJAX :: Scriptresource.axd And Load Balancer Servers

Dec 21, 2010

We host a SaaS application on 4 windows 2008 servers loadbalancer via a LVS. We use infragistics and Ajax Control Toolkit on several pages, one page represents a list of people using a Web Datagrid, each time a person is clicked in the list, an Ultra Web Tab component is updated at the botom of the page with detailed information on that person. After a certain amount of clics on different people (number of clics can be between 1 and 5) Scriptresource.axd craches with the following error :

[Code]....

I don't get this error when I run my application on one server using the server's private IP adress. I tried to synchronize the dates of the dlls System.Web and System.Web.Extensions on each server, I still get the same error.

View 3 Replies

How To Configure A WCF Service That Calls Other Services Behind A Load Balancer

Sep 3, 2010

I haven't deployed behind a load balancer before. My customer has a WCF service built and tested on servers using a service model configuration that is relatively straightforward. It provides a service to return an image of a map for another application. To get the map, it calls other services.

The service was built in Visual Studio 2010 targeting the 3.5 framework. The customer is using IIS 7.5 and an F5 load balancer. When moving to the production server, the Web.config was changed to add the load balancer behavior and specify the endpoint to show the physical and logical address of the service:

[Code].....

There was a problem when the service was deployed to a server behind the load balancer. When I try to call the service from WCFStorm or WebServiceStudio I get the message "The provided URI scheme 'https' is invalid; expected 'http'.

The endpoints for the service itself look right to me. However in the development and testing versions of the config, the client section uses http instead of http, while on the production servers it uses the load balancer's https address. This seems like it should be obvious, but we're missing it.

View 1 Replies

Creating A Diagnostics Page To Be Pinged By Load Balancer?

Sep 30, 2010

Our server operations team has asked the web development team (ASP.NET) to provide a URL in our application, which the load balancer can ping to perform health checks.

What should be executed on this page? I think we should attempt a database connection to ensure connectivity between the web and database.

View 2 Replies

How To Eliminate Application Reload Delay Using Load Balancer

Dec 21, 2010

One issue with ASP.NET apps is that they periodically reload themselves, causing a long delay and possibly timeout for users who hit the site during that time.

This may not be a problem for small websites, but it can represent significant downtime for high-traffic sites, if users happen to get routed to node in the web farm that is restarting.

Can load balancers somehow "know" if an ASP.NET application domain on a specific server is restarting? Then, they can route traffic around this server until the application has completed restarting.

Currently, I have my load balancer ping a simple .aspx page on the site. If there is a delay or the page fails to load, the host is taken out of rotation. Is it possible to do a more targeted health check, perhaps at the IIS level rather than ASP.NET level?

View 2 Replies

AJAX :: Call Is Not Working On F5 Load Balancer Web Farm Setup

Sep 3, 2010

I have the following web farm setup in production server. Browser --> HTTPS --> Load Balancer --> HTTP --> webserver node F5 Load balancer handles off box SSL termination. It implies that SSL resides on F5 load balancer. Problem Statement: Ajax calls do not go through unless "Access data sources across domains" option is enabled in IE security settings.

I have the similar setup in staging server except F5 Load balancer. The ASP.Net application makes perfect AJAX calls on both HTTP and HTTPS. However, the staging server web farm use windows NLB and SSL resides on individual web server nodes

View 3 Replies

Making A Secure Login Cookie?

Mar 5, 2011

I've recently read one of Jeff's articles about XSS and it got me thinking about how to better protect the login cookies in my home cooked authentication system.

[code]....

so one of the questionable things I do is use the UserAgent string. Is there harm in doing this? Or browsers which will change their UserAgent string under normal operation(as in, without being updated)? My goal is basically for if an attacker gets a login cookie, for them to not be able to do anything with it. At the moment, the only info I store in the cookie plain text is the username.

View 1 Replies

Add HTML Comment To Show IP Address Or Even Host Name Of Server Selected By Load Balancer?

Aug 3, 2010

I have 3 servers where 1 of them serves as a load balancing server. In my ASPX page, I want to add a HTML comment to show the IP address or even host name of the server selected by the load balancer. I tried looking through IIS Server variables and tried using SERVER_NAME but that just returns the domain URL.

View 2 Replies

State Management :: Passing Variables From One Site To Secure Site?

Jul 28, 2010

I have 2 sites, one the main product site the other a secure site featuring the basket and checkout processes.

When a user clicks "add item to basket" I am creating a basket in a database and then adding the items to the basket. The theory was then to store the id from the database for the basket (the basketid) in a cookie, redirect the user to secure site, use the basket id from the cookie and display the contents in the basket.

However I am having trouble getting the secure site to use the same cookie. When I redirect the users to the secure site, the basket appears empty. I need to go back to the main site and then back to secure before the cookie appears.

Here is the code for the cookie

[Code]....

And then on the secure site this is how it gets the basket ID from the cookie

[Code]....

But like I say it's having problems. I've tried replacing the cookies with session variables as well but it didn't work.

View 1 Replies

Security :: Secure Login From A Non Secure HTTP Page?

Oct 24, 2010

I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.

I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.

I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0

I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.

View 3 Replies

Security :: Try To Load The Site From Internal Network, The Information Is Blank?

Jan 14, 2010

[Code]....

I have the above statement in the Page_Load sub on the masterpage. When I run "Start Debugging" from VS 2008 it works fine. However, when I publish the Web Site (on the same machine) and try to load the site from our internal network, the information is blank.

View 2 Replies

How To Develop A Site With Secure Login

Nov 23, 2010

I want to develop a site with secure login. i followed various tutorials, and created a site, based on the default master page. I believe i set up the asp.net configurations correctly. under security, changed authentication type to "from the internet", added roles, added users based on those roles. when i compile the project and test the log in, it works fine. but, in visual studio 2010's Solution Explorer the App_Data folder is grayed out and i cannot get into it to view the database. how do i view the tables and create new tables?

View 4 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved