Link to home
Start Free TrialLog in
Avatar of kryptonic
kryptonic

asked on

ASP.NET MIT Session Information Not Appended when accessed through the web.

Ok, lemme at least explain the application, then I'll go onto the network. I have a simple ASP.NET app written in C# using the MIT 1.0. The app conducts a survey of questions and inserts the data into a MS SQL database. The app works fine in the development enviroment, the prob comes when I move it to the production server.

Under localhost conditions:
  When I run the app from the server terminal, it loads correctly. (ie: http://localhost:8723/AppName/AppFile.aspx) It also loads correctly from the LAN. (ie: http://machinename:8723/AppName/AppFile.aspx) After it pulls up the file, it appends the state information to the URL. (ie: ../AppName/(auj381h239dh9w)/AppFile.aspx)

Under remote condition:
   When I run the app from a mobile phone, or from an outside browser via the internet, IIS 5 returns a 404 code to the browser. (ie: http://www.companyname.com/AppName/AppFile.aspx) And the state information isn't appended. If I copy and paste the state information from an already established connection into the remote connection, it works perfectly.

So basically:

   From the LAN
     http://localhost/AppName/AppFile.aspx -- [returns] -->
           http://localhost/AppName/(ide234jw39kne)/AppFile.aspx
   From the WEB
     http://www.companyname.com/AppName/AppFile.aspx -- [returns] -->
           404 Error: Page Not Found
   From the WEB (using existing LAN session)
     http://www.companyname.com/AppName/(ide234jw39kne)/AppFile.aspx -- [returns] -->
           http://www.companyname.com/AppName/(ide234jw39kne)/AppFile.aspx

How can I get the session info appended like it does in the development enviroment?
Avatar of MaxOvrdrv2
MaxOvrdrv2

i get a 404 on both...
Avatar of kryptonic

ASKER

That's because they're not real address. I can't post the apps without revealing security clearance and blah blah blah. Just trust me on the responses.
and both servers are running same version of server (W2K) and have the same IIS version installed?

MaxOvrdrv2
That's because they're not real address. I can't post the apps without revealing security clearance and blah blah blah. Just trust me on the responses.
... sorry for the duplication ...

OS: no, one win2k, one winxp
IIS: yes, iis5
hmmm... that's strange...

and are you sure that you're not trying to pass those session variables from one server to another? (between 2 servers)

MaxOvrdrv2
No, the only direction the browser is given, is through the original link. After that, all redirection is handled thought the ASP.NET code (via post-back and <GO ..> method)
yes... but what i<m trying to get at is that you might be trying to pass a session variable between 2 servers (if you're trying to get a session from another server to append it's content to the url) and if that's the case... it is simply impossible to do! well.. not totally impossible but it requires a 3rd server and some nifty Database programming to send a Session variable between 2 servers.

anyways... make sure that the value that is in the session, is not being referenced on a page that is located on a different server than the page that assigns that value to it!

MaxOvrdrv2
ok, I understand that, but the bigger problem is that the session stuff isn't being appended automatically when I try to reach the page from the outside world. Like when I navigate to the page from our LAN, it automatically puts that session state information in the URL. When I access it from the outside, it just returns a 404
oh... ok... i see... i thought that you meant that if you were putting the SCRIPT on the lan that it worked yet on the prod server it didnt... hmmm... that<s strange then... let me do some checking and i'll get back to you...

MaxOvrdrv2
Avatar of msice
So on the production server you can access other aspx pages no problem from the WEB? Could be a Namespace or vpath issue in the code and it works localy but not with the FQDN from outside causing a 404 cause it cant get the expected session info appended.
Yes I can access other aspx pages just fine. Would that be my C# code, or code written by ASP.NET? It feels like a setting that could specify which ip/server/web address/port the app should use to post back and etc. Like I said earlier, I never once tell the code where to go. I let .NET handle all of those request. (ie: onclick -> make webform *foo* active)
When you request the page & URl changes to include the session ID the web server does a 302 redirect.

It would seem there is some sort of proxy server in the way that is preventing the redirection.

Just a guess but worth investigating. Try getting a tool that will show you the raw http headers. This might reveal what is being requested & where from.
Before I do that, I just thought about this: the webserver is behind a router and using a different port than usual. How would the webserver know this, and send back the 302 to redirect to the right address?
Yes that is what I was thinking, it might be looking at your local server and not posting back to the outside address. Try setting your host file to point the outside address of the URL / IP. You won't be able to get to the outside address from the inside of the proxy/NAT you will get a 404 error due to the NAT!
ouch... so your firewall/router is screwing everything up... that would explain why it works internally on the server... but not on the outside...

make sure that you set-up your router to accept all connections... or rather.. open...

MaxOvrdrv2
So I looked at the raw HTTP header, and the server is returning a 302, the problem is that it's returning the user to the local IP address instead of the outside address. Do I change this in the IIS setup, or ASP setup?
Take a look here you should find it in a config file. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfnetframeworkconfigurationfileschema.asp 

If I find it exactly I will let you know
kryptonic,

First, let's assume you have a configuration like the following:

Firewall
name: firewall.yourdomain.com
external IP-Address 1.2.3.4
internal IP-Address 192.168.10.254
Remoting Server (HTTP-based)
internal IP-Address 192.168.10.1

And let's further assume that your (internal) HTTP server is listening for .NET Remoting requests on port 5555 and that the firewall is configured to forward any request from external clients to port 5555 (i.e. the firewall's port 5555) to the same port at your internal server.

What now happens is the following: the server sends a distinct "endpoint URL" to the caller. The client will then use this URL to place further calls. (every instance  gets a different endpoint URL, so that's the way how different object instances are mapped to their clients)

Unfortunately, the .NET Remoting server doesn't know about the firewall and returns an endpoint URL that starts with its private IP Address: "http://192.168.10.1:5555/....". This URL won't be accessibly from your client.

Nevertheless, there's of course a solution for this: in the configuration section for <channel ref="http" port="1234"> you can specify the machineName property to return a specific "base address" for your URL.

In the above example, you would use the following snippet in your configuration file:

<channel ref="http" port="5555" machineName="firewall.yourdomain.com" />
This setting will configure the remoting server so that it returns a endpoint URL starting with "http://firewall.yourdomain.com:5555/..." which can then be used by external clients to call methods on those objects.

Keep in mind though, that the port number has to be consistent for the firewall and the "real" host.

Much more info here
http://www.dotnet247.com/247reference/System/Runtime/Remoting/Channels/Tcp/TcpChannel.aspx
I entered that statement in my web.config file with no luck. I also tried it in my machine.config file. Where else could it go?
So you specifed the machineName property to return a specific "base address" for your URL as the outside IP? You might need to restart the service, the server or check the header again just to make sure the changes have updated.
BTW did you try this on the server - set the host file to point to the outside address of your external URL (Force the server to look there - at the external IP!)
i.e.
C:\WINNT\system32\drivers\etc\hosts
add the line at the bottom that = your site

your_external_IP     www.your-domain-name.com


This might be a temp fix but might help you debug.
This is a problem you get with web servers behind firewalls.

I am almost completely convinced the problem is with your infrastructure, not .Net.

As mentioned above the web server is responding to requests from the firewall. These all have an IP address on your internal network.

The only way I can think to fix things is to use a reverse proxy. It rewrites all requests passing though it to have the right address.

Now it is unusual for IIS to respond with a 302 and a address made of host & path. Perhaps this is a "feature" of .Net using paths to identify the session. Sorry I can't be more help in fixing it.
ASKER CERTIFIED SOLUTION
Avatar of kryptonic
kryptonic

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial