T
taylomic
Overview: ASP.NET - Page.User.Identity.IsAuthenticated returning false
mid-session, only when not using SSL and only when the client machine is
Windows Vista or Server 2008.
I'm experiencing a bizarre issue with ASP.NET membership authentication
where, mid-session, during a page request in which I am checking
Page.User.Identity.IsAuthenticated, it will return as false and then, in
subsequent pages, it will return as true again.
To make the issue more interesting, we only discovered that this was an
issue when we started getting reports from our customers that they were
randomly not authenticated on certain pages, but only when they were using
Windows Vista or Windows Server 2008. Windows 2000, Windows XP, and Windows
Server 2003 (all with ie6 or ie7) are fine. Additionally, our customers that
were using SSL (https) to host our product were not reporting the same
issues. Further testing revealed that the issue does not occur at all if the
site is hosted via SSL, but the exact same site accessed via plain old HTTP
produces the issue only in when accessed via Vista and 2008 clients.
I've created a small example solution that demonstrates the issue. I also
tested this using .Net 2.0 (Visual Studio 2005) and .Net 3.5 (Visual Studio
2008) and from different IIS versions, 6 and 7.
I've whipped up a miniature example project that shows the problem.
I'm hosting the example at: http://dev.boldgroup.com/WebImg1/Default.aspx
I'm hosting the example via SSL at:
https://dev.boldgroup.com/WebImg1/Default.aspx
You can download the example project at:
http://dev.boldgroup.com/WebImg1/Download/WebImg1.zip
The example project is an ASP.NET front end with a .NET VB DLL backend and
an ASP.NET membership database with open-enrollment. When logged in, the user
can view an image or a video (via Windows Media Player object/embed). Both
the image and the video are presented in roughly the same way, but the video
fails every time (from a Vista or 2008 client machine via non-SSL) because a
check is done to confirm that the user is authenticated during the init of
each page render that is coming back false even though the user is logged in
and continues to be logged in during subsequent page requests. The image and
video data is produced, in this example as it is in our actual product, via a
response.binarywrite of the data directly. My best guess is that media
player 11, which Vista and Server 2008 share in common, is producing the
issue.
Note: Should you try the example project above or download the project to
work with locally, i've created a user in the database already, but you can
create your own if you wish. Username: user Password: a
If anyone can shed some light on this or has any ideas, please respond. (Let
me know if I should post any code snippets... everything is included in the
project download above)
Thank you.
--
Mike Taylor
Software Engineer
Bold Technologies
Web: www.boldgroup.com
mid-session, only when not using SSL and only when the client machine is
Windows Vista or Server 2008.
I'm experiencing a bizarre issue with ASP.NET membership authentication
where, mid-session, during a page request in which I am checking
Page.User.Identity.IsAuthenticated, it will return as false and then, in
subsequent pages, it will return as true again.
To make the issue more interesting, we only discovered that this was an
issue when we started getting reports from our customers that they were
randomly not authenticated on certain pages, but only when they were using
Windows Vista or Windows Server 2008. Windows 2000, Windows XP, and Windows
Server 2003 (all with ie6 or ie7) are fine. Additionally, our customers that
were using SSL (https) to host our product were not reporting the same
issues. Further testing revealed that the issue does not occur at all if the
site is hosted via SSL, but the exact same site accessed via plain old HTTP
produces the issue only in when accessed via Vista and 2008 clients.
I've created a small example solution that demonstrates the issue. I also
tested this using .Net 2.0 (Visual Studio 2005) and .Net 3.5 (Visual Studio
2008) and from different IIS versions, 6 and 7.
I've whipped up a miniature example project that shows the problem.
I'm hosting the example at: http://dev.boldgroup.com/WebImg1/Default.aspx
I'm hosting the example via SSL at:
https://dev.boldgroup.com/WebImg1/Default.aspx
You can download the example project at:
http://dev.boldgroup.com/WebImg1/Download/WebImg1.zip
The example project is an ASP.NET front end with a .NET VB DLL backend and
an ASP.NET membership database with open-enrollment. When logged in, the user
can view an image or a video (via Windows Media Player object/embed). Both
the image and the video are presented in roughly the same way, but the video
fails every time (from a Vista or 2008 client machine via non-SSL) because a
check is done to confirm that the user is authenticated during the init of
each page render that is coming back false even though the user is logged in
and continues to be logged in during subsequent page requests. The image and
video data is produced, in this example as it is in our actual product, via a
response.binarywrite of the data directly. My best guess is that media
player 11, which Vista and Server 2008 share in common, is producing the
issue.
Note: Should you try the example project above or download the project to
work with locally, i've created a user in the database already, but you can
create your own if you wish. Username: user Password: a
If anyone can shed some light on this or has any ideas, please respond. (Let
me know if I should post any code snippets... everything is included in the
project download above)
Thank you.
--
Mike Taylor
Software Engineer
Bold Technologies
Web: www.boldgroup.com