{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 等我变得足够好 的问题《Application stops generating login cookies》','https://www.manongdao.com/q-834196.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've been searching for an answer to this for a while but the problem seems quite complex and I'm struggling to find an answer.
I'm a beginner software developer working for a start up company and have just completed the first version system for use by multiple users. Locally Testing the software had no problems, but since publishing the software to a windows 2012 server on iis I have found a major problem with the Login system.
When the program is uploaded initially multiple users can log in and use the program with no problems, however (seemingly) at random the login system completely stops functioning on all computers that are currently logged out. Those who are logged in can logout and log back in with their account or any other, but those who were logged out at this moment complete lose access to the system.
When using the developer tools on Chrome it appears that all these computers completely stop generating the cookie created when logging in and just redirect back to the login screen.
The systems still recognise incorrect logins and it happens with different computers each time I upload the program.
I appreciate that this is a very vague question, but I'm pulling my hair out over it!
As I said I am a beginner and am completely new to hosting on business servers and don't have much experience with Identity or Login systems in general so any help is much appreciated.
I mainly want to know is the problem most likely iis, if so where in iis should I be looking? Or the servers security settings?
Is there an efficient why to debug this while its running on the server?
If the problem sounds like a coding issue where identity files have been edited let me know what class it could be and Ill post the code.
Thanks!
Edit:
Global.asax.cs
public class Global : HttpApplication
{
void Application_Start(object sender, EventArgs e)
{
// Code that runs on application startup
WebApiConfig.Register(GlobalConfiguration.Configuration);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
//Creates roles and adds an admin on first start
RoleCreator rc = new RoleCreator();
rc.CreateRoles();
rc.AddAdmin();
}
}
Startup.Auth.cs
public partial class Startup {
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(UnitContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieName="TrackerCookie",
LoginPath = new PathString("/Login/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
// Use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
}
Problem is now Solved.
For anyone with the same problem, the issue is caused by a bug called 'katana bug #197'.
The easiest fix is to download 'kentor.OwinCookieSaver' NuGet Package. and add
app.UseKentorOwinCookieSaver();above your Application cookie config in startup.https://github.com/KentorIT/owin-cookie-saver
Microsoft are aware of the issue and it will be resolved in 2015.