CODEWITHSUNDEEP
c#asp.netasp.net-mvc
necrofish666
necrofish666

Reputation: 75

Deployed c# mvc web app runtime error

I have two web applications deployed to IIS web server, both of them are on the same application pool on the same IIS server, but separate application pools. They both use Windows AD groups for authentication, so SiteA users are added to SiteA AD Group, and SiteB users are added to SiteB AD Group, and they are allowed access to their respective sites. The sites are in no way connected, and are entirely independent of one another. In the global, the Application_Start, they have this:

SiteA

protected void Application_Start()
    {
        AreaRegistration.RegisterAllAreas();
        log4net.Config.XmlConfigurator.Configure();
        WebApiConfig.Register(GlobalConfiguration.Configuration);
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
        BundleConfig.RegisterBundles(BundleTable.Bundles);
        var rolesDictionary = ((SiteAMembershipProvider)(Membership.Provider)).InitialisePermissionDictionary();
        HttpRuntime.Cache.Insert(
            /* key */                "RolesDictionary",
            /* value */              rolesDictionary,
            /* dependencies */       null,
            /* absoluteExpiration */ Cache.NoAbsoluteExpiration,
            /* slidingExpiration */  Cache.NoSlidingExpiration,
            /* priority */           CacheItemPriority.NotRemovable,
            /* onRemoveCallback */   null);

    }

SiteB

protected void Application_Start()
    {
        log4net.Config.XmlConfigurator.Configure();
        WebApiConfig.Register(GlobalConfiguration.Configuration);
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
        BundleConfig.RegisterBundles(BundleTable.Bundles);
        var rolesDictionary = ((SiteBMembershipProvider)(Membership.Provider)).InitialisePermissionDictionary();
        HttpRuntime.Cache.Insert(
            /* key */                "RolesDictionary",
            /* value */              rolesDictionary,
            /* dependencies */       null,
            /* absoluteExpiration */ Cache.NoAbsoluteExpiration,
            /* slidingExpiration */  Cache.NoSlidingExpiration,
            /* priority */           CacheItemPriority.NotRemovable,
            /* onRemoveCallback */   null);

    }

Only reason I'm showing this is because I suspect this is where the problem lies, but in truth I have no idea.

The problem is, both of these sites work as they should individually. I can start either one and get access since I am in both AD groups. The problem is when I have one site open in my browser, then open the other, I get a runtime error:
Runtime Error

Description: An exception occurred while processing your request. Additionally, another exception occurred while executing the custom error page for the first exception. The request has been terminated.

This happens no matter which site I open first, so if I open SiteA, it will open fine, then if I open SiteB in another tab, it will produce the error for SiteB. And vice-versa, if I open SiteB first, then open SiteA, it will produce that error for SiteA. I can open either one individually, but have to close the browser, and all instances of the browser, to be able to open the other. So I think it is something to do with whatever it's caching, but I can't be sure. When the application starts, in the Application_PostAuthenticateRequest method in the global, the user is identified, and if part of the necessary AD group, their details are added to Context.User. It works the exact same way in both apps. Anybody got any idea why this may be happening? Is it to do with both applications trying to save to Context.User when both are started simultaneously?

Edit:

Forgot to add, when I run the both at the same time in the dev environment, they both work.

Edit2:

On the advice of Anderson Pimentel, I checked the Application logs in Event viewer, and there is the following error:

Exception information: Exception type: CryptographicException Exception message: Error occurred during a cryptographic operation. at System.Web.Security.Cryptography.HomogenizingCryptoServiceWrapper.HomogenizeErrors(Func`2 func, Byte[] input) at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) at AuditTracker.MvcApplication.Application_PostAuthenticateRequest(Object sender, EventArgs args) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

So correct me if I'm wrong, but it seems like SiteB is trying to decrypt the authentication cookie, which has already been encrypted by SiteA, and so has a different key, and that's where it's falling over. Is that right?

Upvotes: 0

Views: 809

Answers (2)

Anderson Pimentel
Anderson Pimentel

Reputation: 5787

You are probably missing machine key information on web.config, which is used as a symmetric key to do the encryption and decryption.

To generate the key in IIS:

Go to your application -> Machine Keys -> Generate Keys

More info on MSDN.

Upvotes: 1

Peter B
Peter B

Reputation: 24280

For this to work you must use two separate application pools.

SiteB does not allow entry for SiteA AD users (which is what your Identity becomes when you use SiteA first), and vice versa. This can be avoided by using separate application pools: then you have different identities on both sites.

Upvotes: 0

Related Questions