I am new to MVC and I have been given a task to maintain state between applications that are in same domain - cookie would be one option ,Is there any alternate option other than cookie storage ?
you can do that by setting the domain name in web.config
<httpCookies domain=".domain.com"/>
There are several
1) Running a state server
2) Using sql server to store state
a) doing this in the web.config
3) Using some sort of Database server (mssql/nosql/oracle/...) (this is my preference. Because you do not need to rely on Microsoft to correctly save state in 1 or more db)
a)saving a guid to the cookie and then saving the important state data you need to sql server
Related
I have created a custom security extension describes here: http://msdn.microsoft.com/en-us/library/ms155029.aspx.
We have a application that store username, groups, etc.
The custom security extension fetch data from application. All works fine so far.
Now there is the new challenge:
I want to have multiple applications, that use the same report server.
My approach is, that my custom security extension connects different databases for authentication and authorization. I implemented this so far and in theorey this works fine.
I run in to one problem that make me headaches.
I thought, simple identify each connection with a custom table where I store the session (request cookie from my application, works in UILogon.aspx.cs and Logon.aspx.cs) and the domain (via Request.Url.Host in the same pages).
I store those data in a custom created table in ReportServer database and in all other methods I get the cookie session informationen to retrieve the info which domain it is to choose to correct database.
My problem: I loose the cookie information to identify the session.
I tried made a Singelton instance class to store this for each instance, but this is not "application" wide. So I thought, well somehow the SQL reporting services must hold the info about the session (probably in an own SSRS session cookie). If this is accessable I can store domain and ssrs session cookie to identify it.
So, how I can read / get the ssrs session cookie information in the methods.
E.g.
public bool CheckAccess(
string userName,
IntPtr userToken,
byte[] secDesc,
FolderOperation requiredOperation)
{
// here I need to know in which SSRS session I am
}
Anyone know how to get this OR how to identify unique a session so I can map the session to additional information?
Found a solution....
I send my own Session Cookie to the server to identify where I am !
<PassThroughCookies>
<PassThroughCookie>_cookie_session</PassThroughCookie>
</PassThroughCookies>
Then I have var cookie = HttpContext.Current.Request.Cookies["_cookie_session"]; always my cookie and can get the ID to identify the instance.
I am doing session sharing between two website on same server using sqlserver session mode but it is worked on virtual directory not worked on server while uploaded the site on the server.
Both website using same database and same server.Can anybody tell me that what is i missed.
You might need to add the connection settings for session state to your live machines web.config.
<configuration>
<system.web>
<sessionState mode="SQLServer"
sqlConnectionString="Integrated Security=SSPI;data
source=SampleSqlServer;" />
</system.web>
</configuration>
You need custom session state implementation that will allow to share session between 2 different sites.
Default SQL session state indexes record with {session key (i.e. from cookies) + application ID} - as result even the same session ID on the same server will get separate information for different sites. There is no supported way to configure it to ignore application ID part.
let suppose i have two domains
1. abc.com
2. xyz.com
now the thing i want to do that i have a index page on both sites and there is a image on both index page , but when i click next in abc.com and image changes on abc.com at the same time i made a session variable in sql server . Now leave abc.com and come to xyz.com
the index page of xyz.com automatically gets refresh by ajax function after 2 second , now when page get refresh it will make a request to server and pick the next image name from session which we stored using abc.com and by getting the we will show the latest image on xyz.com .... Note . both sites are using the same server
can i do this ? . If yes then how ?
You can share sessions between sites using SQL server as the session manager, I did it following these instructions, works well.
these steps are taken from: Share ASP.net session between domains
ASP.NET APPLICATION : CSASPNETShareSessionBetweenSubDomains Project
Overview
Summary:
Session can be set to different modes (InProc, SqlServer, and
StateServer). When using SqlServer/SateServer mode, Session will store
in a specific SQL Server/Sate Server. If two ASP.NET Web Applications
specify the same SQL Server as Session Server, all Sessions store in
the same database. All in all, if using SQL Server Session, it is
possible to share Session between different ASP.NET Applications.
Since ASP.NET stores Session Id to cookie to specify current Session,
so in order to share Session, it is necessary to share Session Id in
the cookie.
The CSASPNETShareSessionBetweenSubDomains sample demonstrates how to
configure a SessionState Server and then create a SharedSessionModule
module to achieve sharing Session between sub domain ASP.NET Web
Applications.
Two ASP.NET Web Applications need to run in the same Root Domain (can
use different ports). Steps:
Configure SQL Server to Store ASP.NET Session State.
Run "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
-S localhost\sqlexpress -E -ssadd" to add Session State support to Sql Server Express 1.
If you haven't added Session State to SQL Server, when you configure
a web site to use SQL Server Mode Session State,
System.Data.SqlClient.SqlException will be thrown saying "Invalid
object name 'tempdb.dbo.ASPStateTempSessions'."
Configure ASP.NET Web Applications to Use SQL Server to Store Session and Use specific decryptionKey and validationKey.
Add this settings to web.config file to use SQL Server Session
State:
Add this settings to web.config to use specific decryptionKey and
validationKey:
If you host the applications in IIS, please run the Application Pool
under an account who can log into the database. Otherwise
System.Data.SqlClient.SqlException will be thrown saying "Cannot
open database 'ASPState' requested by the login. The login failed."
Write SharedSessionModule Module to Achieve The Logic of Sharing Session
a. Implement Init() method to set Application Id read from
web.config.
b. Implement PostRequestHandlerExecute Event to store Session Id to
cookie with
the same domain and root path.
Configure ASP.NET Web Applications to Use SharedSessionModule Module.
Add this config to web.config to use SharedSessionModule Module:
If you run the applications in your own domains except localhost,
please don't forget to change the value of RootDomain after
publishing.
Run and Test
a. Add a new Web Page. b. Add two Buttons (used to Refresh the page and Set Session) and one Label for displaying
Session value. c. On Page_PreRender() method, read Session and display it in Label. On Button Click
Event, Set Value to Session. d. Create a new Web Site with the same config as Web Site 1, but set different value
to Session e. Now open two sites in two tabs. Now if you set Session Value in site1,
you can retrieve the same value in site2. So they use the same Session.
1 Remove Session State from Sql Server. Run
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe -S
localhost\sqlexpress -E -ssremove" to remove Session State support
from Sql Server.
I am trying to share sessions between two web applications, both hosted on the same server. One is a .net 2.0 web forms application the other is as .net 3.5 MVC2 application.
Both apps have their session set up like this:
<sessionState
mode="StateServer"
stateConnectionString="tcpip=127.0.0.1:42424"
/>
In the webform application I am posting the the session key to the MVC app:
protected void LinkButton1_Click(object sender, EventArgs e)
{
Session["myvariable"] = "dan";
string sessionKey = HttpContext.Current.Session.SessionID;
//Followed by some code that posts sessionKey to the other application
}
I then recieve it in the MVC application and try use the same session like this:
[HttpPost]
public void Recieve(string sessionKey )
{
var manager = new SessionIDManager();
bool redirected;
bool IsAdded;
manager.SaveSessionID(HttpContext.ApplicationInstance.Context, Id, out redirected, out IsAdded);
var myVar = Session["myvariable"];
}
The key is being posted but the session does not seem to get loaded in the MVC app, i.e. sessionKey is null. Can what I am trying to do be done?
I did it this way:
Basically the idea is both apps use native .net sessionState stored in sqlserver. By using the same machine key and making a small tweak to a stored procedure – both apps can share any session keys and/or forms authenication.
Both apps would do something like this in their web.config:
<sessionState mode="SQLServer" sqlConnectionString="Data Source=.\SQLEXPRESS;User Id=test;Password=test;Application Name=AppName" />
<machineKey
validationKey="SOMEKEY"
validation="SHA1" decryption="AES"
/>
Session state db would need to be set up on a database server, that both apps can see.
Docs for doing this:
http://msdn.microsoft.com/en-us/library/ms229862(VS.80).aspx
Command that would need to be run:
C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin>aspnet_regsql.exe -E -ssadd --sstype p -S .\SQLEXPRESS
Stored procedure (TempGetAppID) tweak to:
#appId int OUTPUT
AS
-- start change
-- Use the application name specified in the connection for the appname if specified
-- This allows us to share session between sites just by making sure they have the
-- the same application name in the connection string.
DECLARE #connStrAppName nvarchar(50)
SET #connStrAppName = APP_NAME()
-- .NET SQLClient Data Provider is the default application name for .NET apps
IF (#connStrAppName <> '.NET SQLClient Data Provider')
SET #appName = #connStrAppName
-- end change
SET #appName = LOWER(#appName)
The problem is that session keys are scoped to the applications, so two applications having the same session key in fact have separate sessions.
You can do one of two things:
Put both applications as a virtual directory under a common IIS Application. I don't think this is a good idea, but it will work.
Roll your own session data solution for the data you want to share. Possibly using the backend database as the common storage, if you have one that is.
Based on Justin's comment, just to clarify option 2 is not refering to the SQL state managemet for out of process sessions. I mean for you to actually manually manage the shared data for the two sessions, possibly using a database.
You can use a common Machine key to generate same Session ID inside both applications for a given user. Additionally, you should also plan on storing sessions of both applications in a common store such as ASP.NET State Service or a distributed cache.
You can use NCache distributed cache which takes provides session sharing feature between different applications. You specify same Application ID tag for both apps inside session state settings which allows you to share session object provided you have same Session ID generated for both applications.
I'm working on a mobile site where we can't rely on the phone hitting the site to have cookie support. I'm using the cookieless option for sessions and wondering if there's a way to specify where in the URL that the sessionId gets placed?
Here's what it looks like now:
http://www.somesite.com/(S(qnxbzt45h2yxpr45tj3hpr45))/Default.aspx
Is there a way to have the sessionId at the end of the url?
http://www.somesite.com/Default.aspx?S=qnxbzt45h2yxpr45tj3hpr45
Can you not store user sessions using a Sql Database instead? I don't think you can change the sessionId position, you could try re-writing the url's but I'm not sure how that would affect .Net's handling of it
EDIT: I just remembered that the Sql option still requires a cookie on the client machine so ignore me
Session options are set in the web.conf sessionState section. This is detailed here:
http://msdn.microsoft.com/en-us/library/h6bb9cz9(vs.71).aspx
Theres no way to setup the sessions like this with the built in session functionality of asp.net. Your best bet is to define your own session mechanism