Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 866
  • Last Modified:

ASP.NET on Windows 2003/IIS 6.0

We have a newly configured Windows 2003 server and we have installed our ASP.NET 1.0 application to it.  This ASP.NET application is already running on another Windows 2003 server without any problems.

Here's the scenario.  Users log-in from another ASP.NET application from another server, Server1, and then gets redirected to the second web server, Server2.  The entry/default page of Server2 simply sets up some session variables then redirects to another page.  The problem is that on the second page, the session variables that were set-up in the entry/default page is not available.  The session variables are all NULL.

The weird part is if we go straight to the entry/default page of Server2 without going through Server1, the session variables become available on the second page.

How can we overcome this problem?  For us we believe this is IIS 6.0 security-related and we just don't know which settings to look for.

Hope this is clear enough and thanks in advance.
0
rafrancisco
Asked:
rafrancisco
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
naveenkohliCommented:
Two applications can not share sessions.
0
 
rafranciscoAuthor Commented:
Hi naveenkohli,

Thank you for replying.  I know that two applications cannot share sessions.  The session variables that I am referring to is the session values that are set-up in the default page of the application which suddenly becomes null on the next page for the same application.
0
 
naveenkohliCommented:
Ahh.. that sounds bad..
I would check if there any place in the code that is specifically setting these variables to NULL. And see if that code is getting executed.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
frodomanCommented:
How is your authentication configured?  Almost sounds like when you go directly you're hitting the server as a specific user and retaining session state.  When you cross from Server1 you may be authenticating as Network Service or another generic account that isn't maintaining session.

If you aren't sure, try displaying the user credentials on your Server2 page and hit it both ways to see the difference.
0
 
rafranciscoAuthor Commented:
Hi frodoman,

Thanks for replying.  Can you please provide me with the code to display the user credentials.  I believe that this is the problem.  Thanks again.
0
 
frodomanCommented:
Something like this:

  Me.TextBox1.Text = User.Identity.Name
0
 
DBAduck - Ben MillerPrincipal ConsultantCommented:
You may be running into a problem where if you come off of a redirect, then you are getting a new SessionID as opposed to going to the page directly after the session variables are set up.

So I would also try to display the SessionId of both scenarios, show it when you redirect to the page, and then see what it is when you browse directly to the page.

My bet is that they will be different.

Session.SessionId.ToString() is the property that you can show.

Ben.
0
 
rafranciscoAuthor Commented:
Frodoman, the User.Identity.Name is returning blanks for both cases.

dbaduck, I'll try displaying the SessionId.  What if they have different Session ids?  What can be done so that it won't generate a new session id after a redirect?
0
 
DBAduck - Ben MillerPrincipal ConsultantCommented:
It is the redirect that may kill you.  See if that is the case and we can go from there.
0
 
rafranciscoAuthor Commented:
Using the same application on another server (Windows 2003/IIS 6.0), it doesn't give us any problem.  Basically we have three web servers.  The first one is where users will initially connect, Server1.  Then the other 2 servers, Server2 and Server3 will contain the same application.  That application is already running without any problems in Server2.  We just configured a new server, Server3 and we are trying to run the same application to it.  But we are getting the problem described above in Server3 but not in Server2.

Hope this gives some more light to my problem.
0
 
DBAduck - Ben MillerPrincipal ConsultantCommented:
I understand, and fundamentally the Session variables are getting set it seems, but it appears that the settings are different on Server3 than they are on Server2 because you are running into a problem.

I have never seen an application or done this kind of thing so I am not sure what you could be running into.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now