.net core 2.2 session timeout - c#

I have .net core app deployed azure app service Linux container. The problem is session timeout. One of the user group want no session timeout. The application is shared among different user groups so I don't want to extend the session timeout to hours. Even though I extend, it depends on server pool recycle time. So I add some java script to keep the browser alive. But it doesn't help too. Kindly give any suggestion whether it is possible or jot.

Related

asp.net core application connection after IIS binding update

We have an asp.net Core application (that is running under .net Framework 4.8) which is deployed withing IIS on a Windows Server 2016 box. This application uses asp.net Core identity framework for roles based access.
Everything works great but when we update the "Site Bindings" (by way of an example config change) within IIS all the connected users get logged out upin the next page request, perhaps the cookie/sessions being reset?!
Whilst this might be the behaviour you expect this was not the behavious we had on a previous "identical" installation which was lost (all data was backed up etc etc but the server host died and we lost the exact settings).
I remember reading a while back (but can't find it now) that the session should actually persist as this allows for load-balancing (which we don't need).
Nothing has changed in the code base for this to now not work so this suggests it's an IIS setting.
Does anyone have a magic change we can make for the connections to persists and our users not to be sent back to the logon page on the asp.net core app?
Thanks.
Jim.
*** update ***
Changing the "Identity" property of the Appl pool entry to System Account seems to allow me to change bindings without the (app pool?) reset.
Somewhat annoyingly, this appears to be the only setting that doesnt reset the user sesions when changing the binding. The obv downside of using this are the security considerations which rule it out!
Anyone with a plan c?

In a .Net 5 Core web app, Is there a way I can persist logged in user's sessions after recicling of AppPool?

I have a web app that executes in different servers with very different specifications, it depends on demand and on clients budget sometimes. Users are made aware of the downgraded experience of running the app on a server with very low RAM for example.
This year we updated our code from a ASP.Net 4.6 monolithic MVC5 code base to ASP.Net Core 3.1 Razor Pages using a Clean Architecture, and more recently to .Net 5. We have everything running smooth and as expected we experienced a huge performance boost.
The only problem we're facing is in scenarios with very low RAM shared hosting were the app has to be executed "out of process" and the app pool keeps restarting after very little time, active users get logged out on every app pool recycling. This didn't happened on the old version of the app, user would experience a delay on their request (sometime a rather long one but users working under this scenarios were aware of their server limitations), but after the app was up they could continue working without having to log in again. Now, after every app pool recycling all users sessions expire and they are asked to log in again, this is understandably unacceptable from their part. I didn't expect this to happen because we're using default identity, authentication and authorization which as far as I understand is cookie based.
One thing that I find odd is that on the site that keeps logging users out there are only two Cookies after users log in.
While on other sites where normal behavior is shown there are four cookies.
I am aware that this is not the best scenario to run a web server, but sometimes that's all there is.
Is there any way I can persist user sessions (maybe in SQL Server) so I can achieve something similar to what we had before? Or am I barking at the wrong tree here?

Hangfire - deploy while site is running doesnt reload the app c# asp.net mvc

I gather this might be a general asp.net question as well. I'm running hangfire and we have noticed that when we publish the app to the site that is acting as a container for hangfire, the deploy causes the app to stop running and the app never 'restarts'. I have logging in the global asax application_start and application_end, and our applicationpreload.cs. When we publish the site I see logs for the application_end event but nothing for the start event - this publish occurs while the site is running.
I have followed the steps on the hangfire site https://docs.hangfire.io/en/latest/deployment-to-production/making-aspnet-app-always-running.html and there are a few msdn articles I have followed on the newer IIS settings to keep the app pool always running and the site auto start enabled but my assumption is that these only help when there is either an iis site restart, or app pool recycle/stop/start, or a request comes into the site itself. My scenario is that we are using iis as the container, there are no requests hitting the site and we publish while the app is running...
I was also under the impression that changing files within the iis directory would cause the app pool to recycle but have now realize this is not the case (and that actually makes sense). We are using asp.net mvc 5, iis 10.
Any help here would be appreciated!!!!
PS I can see the down votes already on this - which is actually quite comical taking into consideration this question covers some fundamental asp.net knowledge... and yes I'm just being honest here in terms of not knowing the answer :)
thanks
after a lot of testing different variants of solutions I have resolved this.

Configure IIS as a load balancer for two kestrel servers (for the same website)

ASP.NET Core cannot be run directly in IIS as it requires Kestrel.
This means it is not possible to update a website at runtime like in traditional ASP.NET sites, since the kestrel server have to be shut down during the update.
I want to avoid downtime without adding additional web servers and a load balancer. Is it possible to configure the ASP.NET Core module in IIS to connect to two different Kestrel servers? So if one of them is shut down all requests will go to the other one?
(I was thinking something like having two different folders on disk: C:\inetpub\wwwroot\mysite_instance1 and C:\inetpub\wwwroot\mysite_instance2, thus shutting one down will enable updates of that instance)
If it is possible, are there any considerations we need to be aware of? For example, do the anti forgery token need to be configured in some way? (I do not use sessions.)
I would also be interested in a neat load balancer mechanism, but don't know any way to do it. Yet, you can perfectly switch the directory targeted by a web application from a directory C:\inetpub\wwwroot\mysite_instance1 to a directory C:\inetpub\wwwroot\mysite_instance2, update instance1 and switch it back, and it should do the job.
This is not currently supported due to the way in which IIS and the AspNetCoreModule works.
IIS passes an IHttpContext object to the AspNetCoreModule. The AspNetCoreModule uses the IHttpContext object to query the physical application path. The module then reads the web.config file found in the directory of the application. Once this has been done the module maintains a 1:1 relationship between the IIS application and the dotnet process.
I've raised this as a question and included some additional details on your behalf.

Random Session Timeout IIS / ASP

I am completely lost trying to figure this out. It has been going on for months. Session values just get lost. I check for Session["uid"] on master page to force user to login page.
System : Windows Server 2008 R2 Enterprise
IIS 7.5
.Net Framework 4.5 specified in web config
Application pool .Net Framework V4.0
Application pool Timeout set to standard 1740
Not a Web Farm.
Session In web config:
<sessionState timeout="60" mode="StateServer"></sessionState>
I changed the mode to StateServer thinking it is App pool random recycling causing it loose session
I check this post:
Losing Session State
I tested it myself. On a page where is loads countries and then cities based on country selection (updatepanel)... randomly it would just route me to login page on country change. And this is no delay in between change. Change, change, change... and then session["uid"] lost.
I read up on how IIS manages sessions:
https://abhijitjana.net/2010/03/14/beginner%E2%80%99s-guide-how-iis-process-asp-net-request/
can't seem to find answer there.
then i started getting errors like application pool max reached.
Then i set worker processes to 25, and it says it now a Web Garden.
Then i thought let me read up on Web Garden. According to this post it is a bad thing and should not be used ?
https://serverfault.com/questions/81689/web-gardens-are-they-good-or-bad-or-what
I just did the worker process increase today so i can't say if that will help, but i also dont want to leave that in place if it going to cause me other headaches.
My web site is non MVC, but i added an API controller to it. Not sure if this would be the issue for the session lost or app pool maxing out.
API not my biggest concern as we plan to move it to it's own MVC project.
But for now , my concern is the random session being lost.
I'm not sure it being lost. My code simply check if (Session["uid"] == null) go to login page.
I come from PHP / Apache history and never had any issues with Sessions.
Basic structure the same between c# masterpages and PHP template
I don't have any issues on localhost or dev server enviroment.
It's just when on live server that has a couple of other sites on this happens.
I don't think the other site will influence my site? THis is what application pooling prevents?

Categories

Resources