C# - Store Session Cookie For Groups Of Subdomains IIS7?
Jan 6, 2011
I have an application running ASP.NET. I have different domains and different sub-domains. I want the domains to share session with their sub domains.
For Example, the following domains access this application:
[URL]
If a user goes to www.example1.com and print.example1.com, I want it to use the same session. If the user were to go to www.example2.com and print.example2.com, I would want it to use a different session than the *.example1.com.
The way I used to handle it was a hack in page_load that works perfectly in IIS6:
Response.Cookies["ASP.NET_SessionId"].Value = Session.SessionID;
Response.Cookies["ASP.NET_SessionId"].Domain = SiteUtility.GetCookieDomain();
(SiteUtility.GetCookieDomain would return .example1.com or .example2.com depending on the url of the request) Unfortunately, this no longer seems to work for iis7. Each subdomain/domain a user goes to, the user gets a new session cookie.
I then found the web.config entry: '<httpCookies domain=".example1.com" />. This works great for sharing session cookie between example1.com subdomains. Unfortunately, this completely screws up session state for *.example2.com.
View 3 Replies
Similar Messages:
Dec 1, 2010
Can i still store value in session if in browser cookie is disabled?
View 2 Replies
Jan 11, 2011
I'm writing a SaaS app in C#/ASP.NET, hosted with IIS7. I want to create a personalized subdomain for every customer that signs up, i.e. fred.mydomain.com, bob.mydomain.com, each of which will point to the same app, just with a different skin per customer.
How do I create these subdomains programmatically?
View 1 Replies
Dec 1, 2010
Is it possible to perform user management (store user info, login , logout etc) without using session or cookie?
View 3 Replies
Nov 11, 2010
Its related to datatable in gridview store in session and then session retrive and store to database. basically i am using gridview here creating new row for button click and these row adding untill user's last entry then submit all these entry to database. so i want to use session variable to store this data temporarily and after final entry user click on submit button and all data shold be save in db.
View 9 Replies
Jun 14, 2010
I am a bit baffled here; using IE7, ASP.NET 2.0 and Cassini (the VS built-in web server; although the same thing seems to be true for "real" applications deployed in IIS) I am looking for the session-id-cookie. My test page shows a session id (by printing out Session.SessionId) and Response.Cookies.Keys contains ASP.NET_SessionId. So far so good.
But I cannot find the cookie in IEs cookie-store! Nor does "remove all cookies" reset the session (as it does in FF)... So where - I am tempted to write that four letter word - does IE store that bloody cookie? Or am I missing something? By the way there is no hidden field with a session id either, as far as I can see. If I check in FF there is a cookie called ASP.NET_SessionId as I would expect. And as mentioned above deleting that cookie does start a new session; as I would expect.
View 1 Replies
Dec 11, 2010
I have several ASP.NET sites, hosted on the same domain (different subdomains) and working via HTTPS. I have WCF service, hosted on the same domain. I have a separate state server for sessions.
All sites use cookieless session (if someone asks why - i will reply later, but it's a 'must')
On my sites, I use grid components from Telerik (but actually it does not matter) that ask for data from WCF service and must be filled with this data.
The problems are:
1) I cannot manage to make POST request to WCF service from javascript: for some reason it's always either GET or OPTIONS (no matter if I use Sys.Net.WebServiceProxy invoke or just a plain jquery AJAX request). It happens even if I indicate COOKIE mode, not cookieless. Maybe because of this I am getting "405 Method not allowed" error - WCF is set for POST request, but the site sends GET...
2) I cannot manage to retrieve SESSION from my websites! I tried approach, that I found, but WCF always uses OWN session, instead of 'connecting' to existing ASP.NET session, despite on ASP.NET compatibility mode. I need SESSION to exchange data between my sites and WCF service
3) I don't have idea currently, how to manage security when exchanging data between mentioned ones, in the light of above-mentioned problems...
4) I don't know exactly, how web.config for WCF service should look like in my case, because I've seen tons of different variants, but all for some simple cases.
Would be really appreciated for the help! I'm stuck for 2 or 3 weeks already, far behind the plan, but nothing still works... I can see there are some pieces of info about similar problems, but I'm afraid to miss some small thing - in web.config or method attribute or IIS setting, etc - and f... up everything.
View 3 Replies
Jan 31, 2011
There are subdomains: sub1.domain.ru, sub2.domain.ru, sub3.domain.ru, sub4.domain.ru. On default page there is a code:
protected void Page_Load(object sender, EventArgs e)
{
string subdomain = Cache[key] as string;
if (subdomain != null)[code]...
Will users see their subdomain name in different subdomains(sub1.domain.ru, sub2.domain.ru, sub3.domain.ru, sub4.domain.ru) ?
View 1 Replies
Jan 25, 2011
I need to make my asp.net session cookie as secure but whenever i check user authentication and after that i am trying to set cookie to true then my session lost my user information and so it always redirect login page. I am settings user to HttpContext.Current.Session["user"] and check every time, is user is valid and if valid then move ahead. but before that i make my asp.net session cookie as true.
[Code]....
but after that i observe that somehow "Session_Start" event gets called.
View 1 Replies
Mar 19, 2011
Is it possible to use mixed cookieless sessions with cookie sessions? I've an application that captured user details and then redirect for payment to an ssl page. I was wondering if this is possible? [URL] redirects to [URL] Note: the session Id in the latter url. So in essence, we use the standard cookie session for the majority of the application but when we transfer to an ssl page we pass the SessionId to the https url to pick up the session. I've tried this locally but it starts a new session.
View 1 Replies
Apr 10, 2010
I'm using session to store C# object but my session is expiring regularly.
I've given 540 minutes for session timeout. ( <sessionState mode="InProc" timeout="540"/>)
Now I want to use cookie instead of session to remove this timeout problem.
code below:
[code].....
View 17 Replies
Jul 14, 2010
give me an example (or point me in the right direction) on how to store custom data in an ASP.NET Membership cookie? I need to add some custom properties like UserID and URLSlug to the cookie and be able to retrieve the information in the same way one would retrieve the Username.
Edit:
I used Code Poet's example and came up with the following.
When I set a breakpoint at Dim SerializedUser As String = SerializeUser(userData) the value of userData is right. It has all the properties I expect it to have.
The problem I'm now running into is that when I get to Dim userdata As String = authTicket.UserData (breakpoint), the value is "". I'd love to figure out what I'm doing wrong.
Here's the code.
Imports System
Imports System.Web
Imports System.Web.Security
Namespace Utilities.Authentication
Public NotInheritable Class CustomAuthentication
Private Sub New()
End Sub
Public Shared Function CreateAuthCookie(ByVal userName As String, ByVal userData As Domain.Models.UserSessionModel, ByVal persistent As Boolean) As HttpCookie
Dim issued As DateTime = DateTime.Now
''# formsAuth does not expose timeout!? have to hack around the
''# spoiled parts and keep moving..
Dim fooCookie As HttpCookie = FormsAuthentication.GetAuthCookie("foo", True)
Dim formsTimeout As Integer = Convert.ToInt32((fooCookie.Expires - DateTime.Now).TotalMinutes)
Dim expiration As DateTime = DateTime.Now.AddMinutes(formsTimeout)
Dim cookiePath As String = FormsAuthentication.FormsCookiePath
Dim SerializedUser As String = SerializeUser(userData)
Dim ticket = New FormsAuthenticationTicket(0, userName, issued, expiration, True, SerializedUser, cookiePath)
Return CreateAuthCookie(ticket, expiration, persistent)
End Function
Public Shared Function CreateAuthCookie(ByVal ticket As FormsAuthenticationTicket, ByVal expiration As DateTime, ByVal persistent As Boolean) As HttpCookie
Dim creamyFilling As String = FormsAuthentication.Encrypt(ticket)
Dim cookie = New HttpCookie(FormsAuthentication.FormsCookieName, creamyFilling) With { _
.Domain = FormsAuthentication.CookieDomain, _
.Path = FormsAuthentication.FormsCookiePath _
}
If persistent Then
cookie.Expires = expiration
End If
Return cookie
End Function
Public Shared Function RetrieveAuthUser() As Domain.Models.UserSessionModel
Dim cookieName As String = FormsAuthentication.FormsCookieName
Dim authCookie As HttpCookie = HttpContext.Current.Request.Cookies(cookieName)
Dim authTicket As FormsAuthenticationTicket = FormsAuthentication.Decrypt(authCookie.Value)
Dim userdata As String = authTicket.UserData
Dim usersessionmodel As New Domain.Models.UserSessionModel
usersessionmodel = DeserializeUser(userdata)
Return usersessionmodel
End Function
Private Shared Function SerializeUser(ByVal usersessionmodel As Domain.Models.UserSessionModel) As String
Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
Dim mem As New IO.MemoryStream
bf.Serialize(mem, usersessionmodel)
Return Convert.ToBase64String(mem.ToArray())
End Function
Private Shared Function DeserializeUser(ByVal serializedusersessionmodel As String) As Domain.Models.UserSessionModel
Dim bf As New Runtime.Serialization.Formatters.Binary.BinaryFormatter()
Dim mem As New IO.MemoryStream(Convert.FromBase64String(serializedusersessionmodel))
Return DirectCast(bf.Deserialize(mem), Domain.Models.UserSessionModel)
End Function
End Class
End Namespace
Here's where I create all the magic. This method is in a "BaseController" class that inherits System.Web.Mvc.Controller
Protected Overrides Function CreateActionInvoker() As System.Web.Mvc.IActionInvoker
If User.Identity.IsAuthenticated Then ''# this if statement will eventually also check to make sure that the cookie actually exists.
Dim sessionuser As Domain.Models.UserSessionModel = New Domain.Models.UserSessionModel(OpenIdService.GetOpenId(HttpContext.User.Identity.Name).User)
HttpContext.Response.Cookies.Add(UrbanNow.Core.Utilities.Authentication.CustomAuthentication.CreateAuthCookie(HttpContext.User.Identity.Name, sessionuser, True))
End If
End Function
And here's how I try and retrieve the info.
Dim user As Domain.Models.UserSessionModel = CustomAuthentication.RetrieveAuthUser
View 2 Replies
Sep 29, 2010
I am "DomainMyDomainUserName" If I do this:
[Code]....
I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:
[Code]....
I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:
[Code]....
I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:
[Code]....
I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.
What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).
View 2 Replies
Feb 1, 2011
I have a user that when I attempt to enumerate her groups using either System.Security.Principal.WindowsIdentity.GetCurrent().Groups on user's computer
or System.Web.HttpContext.Current.Request.LogonUserIdentity.Groups on the IIS server, I get a list of their old groups, not their new. I have checked the DC that they authenticate to and the ASP.NET page is running inside a SharePoint instance so the LogonUserIdentity most like is being provided from there Kerberos ticket.
Should I be looking up the groups directly from the AD instead of relying on the WindowsIdentity or LogonUserIdentity?
View 1 Replies
Dec 18, 2010
i have a code to get the groups a user belongs to.
try
{
DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName));
DirectoryEntry user = adRoot.Children.Find(completeUserName, "User");
object obGroups = user.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
listOfMyWindowsGroups.Add(obGpEntry.Name);
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex);
return false;
}
the above code works fine when i have to find the groups of a local user but
for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups.
Research
I did some finding and got that i am being returned the primary group of the domain user
called "Domain User" group
but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions
another code using LDAP
string domain = Environment.UserDomainName;
DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
DirectorySearcher search = new DirectorySearcher();
search.SearchRoot = DE;
search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name
search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups
try
{
SearchResult result = search.FindOne(); // Grab the records and assign them to result
if (result != null)
{
DirectoryEntry theUser = result.GetDirectoryEntry();
theUser.RefreshCache(new string[] { "tokenGroups" });
foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
{
System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);
DirectorySearcher sidSearcher = new DirectorySearcher();
sidSearcher.SearchRoot = DE;
sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
sidSearcher.PropertiesToLoad.Add("distinguishedName");
SearchResult sidResult = sidSearcher.FindOne();
if (sidResult != null)
{
listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]);
}
}
}
else
{
new GUIUtility().LogMessageToFile("no user found");
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user.
return false;
}
this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...?
View 2 Replies
Jul 27, 2010
I have a class called EditMapUtilities. Here are some class properties that I want to persist:
public class EditMapUtlities
{
public static Boolean isInitialEditMapPageLoad
{
get { return SessionHandler.isInitialEditMapPageLoad; }
set { SessionHandler.isInitialEditMapPageLoad = value; }
}
// REST OF CLASS NOT GERMAIN TO DISCUSSION AND OMITTED
}
Here is my SessionHandler Class following the pattern from this post Static Session Class and Multiple Users:
using System.Web.SessionState;
public static class SessionHandler
{
private static HttpSessionState currentSession
{
get
{
if (HttpContext.Current.Session == null)
throw new Exception("Session is not available in the current context.");
else
return HttpContext.Current.Session;
}
}
//A boolean type session variable
private static string _isInitialEditMapPageLoad = "EditMapInitialPageLoad";
public static bool isInitialEditMapPageLoad
{
get
{
if (currentSession[_isInitialEditMapPageLoad] == null)
return true;
else
return (Boolean)currentSession[_isInitialEditMapPageLoad];
}
set
{
currentSession[_isInitialEditMapPageLoad] = value;
}
}
}
I am still learning OOAD. I want to keep relevant properties with relevant classes. I also want to keep all Session stored variables in one place for ease of maintenance and to encapsulate the session keys and calls. I feel like my design is too coupled though. How can I make it more loosely coupled? Is my editMapUtilities class too tightly coupled to the SessionHandler class? How would you do it better?
View 2 Replies
Feb 10, 2011
I try to create a persistent cookie to store a preferred language on our website, but it doesn't work.
So, to isolate the problem, I created a new website, with a blank page and with the code behind bellow. If I click the button, the page post back and I get this:
"Cookies expires: 0001-01-01 00:00:00 value: 10"
[Code]....
View 5 Replies
Sep 27, 2010
in asp.net mvc, how to use session and cookie ?
I am trying to understand how a login session stored and implemented.
View 1 Replies
Sep 17, 2010
I'm surprised i couldnt find any answers.
How do i set my sessionid in my cookie to expire at the end of session? (when the browser closes or the user has been inactive for a period of tie).
The two solutions i found were
(httpcookie).Expires = HttpContext.Current.Session.Timeout
Which gave me a compile error so i dont know if the user checked his code before posting. And the other was to set the expire date to 1 day ago which my gut says is wrong. How do i do this?
View 2 Replies
Jan 19, 2010
I've got a session/coockie from a phpbb forum. But i use in the website asp.net (the website has a different url and domain then the forum).
Can i get the session/coockie from the phpbb forum in the asp.net website?
View 1 Replies
Sep 15, 2010
I say until you log out, session times out or you close the browser. But am I right?
I had an interview today and the interviewer wanted to know if I log into a page and closes the browser (without logging off), what happens to the session.
I said that the session will be orphaned. He says no - because their users are able to connect back to the session by just opening up the browser (using a cookie only). I told him that's a persistent cookie - not a session cookie. And I said that if that's the cause, there is nothing preventing the user from exporting the [persistent] cookie to a another computer and starting the session on that computer.
At first he said you can;t export a cookie but when I explained how, he said that he'll look but since many many people including 2 architects came up with the design, it is unlikely they are all wrong.
View 2 Replies
Sep 17, 2010
The default cookie name for the Session Id in ASP.NET is ASP.NET_SessionId. It's also possible to change this name to something else like <sessionState cookieName="FooBar" />.
Is there a member to easily access this name like with FormsAuthentication.FormsCookieName?
View 1 Replies
May 15, 2010
In web development, when session state is enabled, a session id is stored in cookie(in cookieless mode, query string will be used instead). In asp.net, the session id is encrypted automatically. There are plenty of topics on the internet regarding how you should encrypt your cookie, including session id. I can understand why you want to encrypt private info such as DOB, but any private info should not be stored in cookie at first place. So for other cookie values such as session id, what is the purpose encryption? Does it add security at all? no matter how you secure it, it will be sent back to server for decryption.
Be be more specific, For authentication purpose, turn off session, i don't want to deal with session time out any more store some sort of id value in the cookie, on the server side, check if the id value exists and matches, if it is, authenticate user. let the cookie value expire when browser session is ended, this way. vs Asp.net form authentication mechanism (it relies on session or session id, i think) does latter one offer better security?
View 3 Replies
Oct 22, 2010
We have a local homepage, which connect to our production security environment. When I need to test my site in test environment, I need to get fresh cookie (not the one that was sent to me via production security service, when I opened IE with local homepage).
I am getting fresh cookie fine in Mozilla; but in IE I always have production cookie, and this disables my testing. What I should fix here?
View 4 Replies
Sep 3, 2010
I usually like to do it the hard way,just to get a feel of what you can do!In ASP.net there is probably a really simple way Forms authentication etc.but this is what I have.I know from previous experience that you should never save a Cookie that contains a password,so how to connect a session to a cookie when the user accesses the website,with saved cookies information.
I though about using a Guid,in the cookie,and then check the database to see if that guid is available,but this could be a sort of password like effect.
[Code]...
View 1 Replies
