authentication - Why has my ASP.NET single sign-on stopped working? -

-

i have .net 2.0 web application acts authentication stub older .net 1.1 web app. user logs in via 2.2 app , gets redirected 1.1 app business. had used technique described scott guthrie, matching machine keys in local web.config files, auth ticket readable both applications. technique has worked me in 5 instances couple of years.

until now.

as of morning 4 of our paired applications, configured described above, have stopped working in production: bounced after (seemingly) successful authentication attempt. during login attempt bounced login page. i've checked event logs , iis logs , found nothing of consequence. can see auth cookie has been set in our browsers. we've tried multiple browsers (ie , chrome). on weekend know more dozen patches installed on web server, 1 of added framework 4.0, have no way of knowing whether of these patches caused problem. interestingly, noticed same behavior on dev box before christmas. since time none of 4 paired applications has been re-deployed, don't think deployment issue caused spread production.

there one pair of applications still working , we're comparing code , configuration see what's up, far haven't found (or else wouldn't writing post!)

update figured out lone pair of applications doing right: handling authorization through code. developed workaround ailing apps:

original:

<authorization>     <allow deny="?" />  </authorization>

workaround:

<authorization>     <allow users="*" />  </authorization>

then added code aspx base page check auth cookie:

if (request.cookies.get(formsauthentication.formscookiename) == null)     response.redirect(system.configuration.configurationsettings.appsettings["membershiploginurl"],true);

my code seems fulfilling role used performed asp.net, namely checking whether or not user authorized. - have workaround, mystery remains.

does know if there patch microsoft, released in past 4 months (our server updated 4 month's worth of patches), disabled asp.net's ability authenticate/decrypt cookies between web applications on different versions of .net?

i received response scott guthrie... problem experiencing caused windows update.

here's hotfix: fix: forms authentication cookies compatibility issue between .net framework 1.1 , .net framework 2.0 sp2 asp.net applications after apply security update security bulletin ms10-070

i have deployed hotfix on local xp sp3 machine , staging , production windows 2003 machines , fixed problem.


Comments

Post a Comment

Popular posts from this blog

javascript - Enclosure Memory Copies -

-
function myclass() { //lots , lots of vars , code here. this.bar = function() { //do numerous enclosed myclass vars } this.foo = function() { alert('hello'); //don't enclosed variables. } } each instance of myclass gets own copy of bar , foo, why prototyped methods use less memory. however, know more memory use of inner methods. it seems obvious me (1) below must true. agree? not distinct myclass instances have own distinct copies of bar, must have own distinct copies of myclass enclosure. (or else how bar method keep myclass variables straight on per instance basis?) now (2) question i'm after. since inner foo method doesn't use in myclass enclosure natural qustion is: javascript smart enough not keep myclass enclosure in memory use of foo? this depend entirely on implementation not language. naive implementations keep far more around others. answer true e.g. v8 (chrome's js engine) may not true spider...
Read more

php - Replacing tags in braces, even nested tags, with regex -

-
example preg_replace('/\{[a-za-z.,\(\)0-9]+\}/', 'replaced', 'lorem ipsum dolor sit {tag1({tag2()})}, consectetur adipiscing elit.'); the result: lorem ipsum dolor sit {tag1(replaced)}, consectetur adipiscing elit. question as can see "tag2" has been replaced, want replace "tag1" know how can this? (in cases might this: {tag1({tag2({tag3()})})}) , on.) btw using preg_replace_callback, easier show preg_replace here site can test code: http://www.spaweditor.com/scripts/regex/index.php you need add curly braces character set. here's pattern used: /\{[a-za-z.,\(\)\{\}0-9]+\}/ and here result: "lorem ipsum dolor sit replaced, consectetur adipiscing elit."
Read more