Tuesday 31 October 2006

Cookie Timeout Problem

JeffI recently had a problem where for some reason my Cookies were timing out before the time I set in the forms timeout tag.

Background

ASP.NET 2.0 site with forms auth using Active Directory Membership provider and the ASP Login Control. IIS 6.0 with separate App Pool being run by a custom domain account.

Following in Web.Config:

<membership defaultProvider="MyADMembershipProvidor">
<providers>
<add name="MyADMembershipProvidor" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" enableSearchMethods="true" />
</providers>
</membership>

<authentication mode="Forms">
<forms name=".ADAuthCookie" timeout="50000000" slidingExpiration="true" loginUrl="FormsLogin.aspx" />
</authentication>

<sessionState timeout="30">
</sessionState>

Problem

Everything works fine so I could authenticate using forms auth on the site and this would use AD fine. However once I left the page idle for 20min I clicked on a link and would be redirected back to the login page to authenticate. This was the same problem for both persistent and non-persistent cookies.

Solution

After spending some time thinking I was going mad I created a simple test harness. I used this to play around with the forms timeout, session timeout and roles cookie timeout. If I used a forms timeout value that was less than 20min all would work as expected, however using a value greater than 20min would not work and after 20min I would still be required to log in again.

After about a day of debugging I finally tracked the problem down to the worker process shutting down after 20min idle time. This config setting is found in the properties of the worker process under performance. If I unchecked this everything worked as expected. So the issue is around the App Pool recycling.

I found this article about invalid viewstate after an App Pool recycling when the identity is not Network Service.

So a known ASP.NET bug is the decryption and validation keys used for encryption are not maintained between App Pool recycling if the identity is not Network Service. So any encryption performed using these keys will not be valid after the App Pool is recycled, this will include any encrypted cookies.

Finally I had found the problem - When the App Pool recycles the keys are not maintained and new ones are generated, this results in any encrypted cookies, including the forms auth cookie not being decrypted on any subsequent requests from the browser and they are discarded.

To resolve this I edited the machine.config with a static decryption and validation key using this console app.

Everything is working fine now :)

Sunday 22 October 2006

ASP.NET Build numbers

Jeff
Whilst building my website for deployment I did some research on creating build numbers.
I wanted to use the Major.Minor.Build.Revision format where :
Major = the major release version. This is only changed when major changes are made to the application.
Minor = the minor release version. This is changed for small changes such as user requests, bug fixes.
Build = the build number. This is constructed by the date of the build e.g. if a build is completed on 1st August 2006 the build number would be 60801, that is YYMMDD.
Revision = the revision of the build. This is incremented every time a build is carried out on the same day. So when the first build of the day is performed it will be a 0, then if another build is made on the same day it will increment to 1 and so on.

Obviously I wanted to automate this using a build task as part of my Web Deployment Project.
For class library's this is quite easily done by using AssemblyInfoTask module written by the MSBuild team. Once installed a help document for the module can be found at [Program Files]\MSBuild\Microsoft\AssemblyInfoTask and this explains quite well how to use this module with your build.
For the Web site build I followed this blog which seems to work well.

Transparent png's IE6

Jeff
Wow what a messy job IE6 does with transparent png images!!! I haven't come across this before but after putting this in google I noticed this is a serious flaw in IE6.
I won't go into the exact issues as there is loads of info on the web.
However i thought I would just post some good links I found that helped me overcome this major issue. I warn you now ther is no 'nice' solution to this problem as it is an issue with IE6 outdated graphic rendering engine. However I recommend using Conditional Comments to include a new style sheet for IE 6, as this issue has been fixed in IE7 and this at least this the nasty bit is isolated.

This is how I overcame it
This is similar
I had this issue too and its is a good description of the problem.

UPDATE: This is now the easyist way to fix the transparent png issue. Full Credit goes to Angus Turnbull :)

Favicon

Jeff
Just for my own reference really thought I would document how to add a favicon to a site

Creating the icon


Used this as a guide to creating my icon. I used photoshop with the mentioned Plugin from telegraphics

Adding to site


You can either add the new favaicon.ico to the home directory of your website and this will be picked up automatically by the browser.
or
(This is the option I choose) You can add a link to every page header (or the master page) like the following:
<link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
This allows you to add the favicon to a folder such as images along with all your other graphical content.

Busy Busy

Jeff
Been really busy lately with my first release at RVC. All settled down a bit now so I have a few blogs to do....

Sunday 15 October 2006

Hackers Vs Crackers

ScottThe terms Hackers and Crackers are so regularly incorrectly used and while reading The Hacker Ethic by Pekka Himanen a superb definition has been written.

At the core of our technological time stands a fascinating group of people who call themselves hackers. They are not TV celebrities with wide name recognition, but everyone knows their achievements, which form a large part of our new, emerging society's technological basis: The internet and the Web, the personal computer, and an important portion of the software used for running them. The hackers' "jargon file," compiled collectively on the Net, defines them as people who "program enthusiastically" and who believe that "information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise be writing free software and facilitating access to information and to computing resources wherever possible."

This has been the hacker ethic ever since a group of MIT's passionate programmers started calling themselves hackers in the early sixties. Later, in the mid-eighties, the media started applying the term to computer criminals. In order to avoid the confusion with virus writers and intruders into information systems, hackers began calling these destructuve computer users crackers.

Observe the distinction between hackers and crackers :)

Monday 2 October 2006

Radio Buttons / UltraOptionSet

ScottI am currently using data binding extensivly in a winforms application. This has proved to be very successful until radio buttons were required. The radio button control does have a databindings property but this means each radio button itself would have to be created and data bound to which is no good when the options are dynamic :(

Dynamic databound radio buttons were successfully acheived using the Infragistics UltraOptionSet. This control allows DisplayMember, ValueMember and DataBindings properties to be set and from this a dynamic number of correctly labelled radio buttons are created and on top of that they are all databound :)

Winforms DateTime Databinding

ScottWinforms and databinding has significantly improved in .NET 2.0 and a line of code such as - txtName.DataBindings.Add("Text", DataObject, "ClientName"); - just works with both data and nulls :)

However, the DateTimePicker and its ability to handle nulls is not quite a simple. To handle nulls with the DateTimePicker a few extra lines of code is needed.

The format property of the DateTimePicker control needs to be set. I have chosen Custom and as such the custom format is also set.
dtpAppointment.Format = DateTimePickerFormat.Custom;
dtpAppointment.CustomFormat = "dd/MMM/yyyy HH:mm";


This next line is really the most crucial. Notice the only difference with the simple single data binding line above is now there is a true paramater at the end. This is the formattingEnabled argument and without formattingEnabled set to true the handling of nulls just does not work!!!
dtpAppointment.DataBindings.Add("Value", DataObject, "AppointmentDate", true);

Happy binding :)