Pfthb

I've been searching for an answer to this for a while but the problem seems quite complex and I'm struggling to find an answer.

I'm a beginner software developer working for a start up company and have just completed the first version system for use by multiple users. Locally Testing the software had no problems, but since publishing the software to a windows 2012 server on iis I have found a major problem with the Login system.

When the program is uploaded initially multiple users can log in and use the program with no problems, however (seemingly) at random the login system completely stops functioning on all computers that are currently logged out. Those who are logged in can logout and log back in with their account or any other, but those who were logged out at this moment complete lose access to the system.

When using the developer tools on Chrome it appears that all these computers completely stop generating the cookie created when logging in and just redirect back to the login screen.

The systems still recognise incorrect logins and it happens with different computers each time I upload the program.

I appreciate that this is a very vague question, but I'm pulling my hair out over it!

As I said I am a beginner and am completely new to hosting on business servers and don't have much experience with Identity or Login systems in general so any help is much appreciated.

I mainly want to know is the problem most likely iis, if so where in iis should I be looking? Or the servers security settings?

Is there an efficient why to debug this while its running on the server?

If the problem sounds like a coding issue where identity files have been edited let me know what class it could be and Ill post the code.

Thanks!

Edit:

Global.asax.cs

public class Global : HttpApplication

 void Application_Start(object sender, EventArgs e)
 
 // Code that runs on application startup
 WebApiConfig.Register(GlobalConfiguration.Configuration);
 RouteConfig.RegisterRoutes(RouteTable.Routes);
 BundleConfig.RegisterBundles(BundleTable.Bundles);

 //Creates roles and adds an admin on first start
 RoleCreator rc = new RoleCreator();
 rc.CreateRoles();
 rc.AddAdmin();
 

Startup.Auth.cs

public partial class Startup {

 public void ConfigureAuth(IAppBuilder app)
 
 // Configure the db context, user manager and signin manager to use a single instance per request
 app.CreatePerOwinContext(UnitContext.Create);
 app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
 app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

 // Enable the application to use a cookie to store information for the signed in user
 // and to use a cookie to temporarily store information about a user logging in with a third party login provider
 // Configure the sign in cookie
 app.UseCookieAuthentication(new CookieAuthenticationOptions
 
 AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
 CookieName="TrackerCookie",
 LoginPath = new PathString("/Login/Login"),
 Provider = new CookieAuthenticationProvider
 
 OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
 validateInterval: TimeSpan.FromMinutes(30),
 regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
 
 );
 // Use a cookie to temporarily store information about a user logging in with a third party login provider
 app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

 // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
 app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

 // Enables the application to remember the second login verification factor such as phone or email.
 // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
 // This is similar to the RememberMe option when you log in.
 app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
 

Problem is now Solved.

For anyone with the same problem, the issue is caused by a bug called 'katana bug #197'.

The easiest fix is to download 'kentor.OwinCookieSaver' NuGet Package. and add app.UseKentorOwinCookieSaver(); above your Application cookie config in startup.

https://github.com/KentorIT/owin-cookie-saver

 // kentor.OwinCookieSaver for 'katana bug #197' (login cookies being destroyed on logout!)
 app.UseKentorOwinCookieSaver();
 app.UseCookieAuthentication(new CookieAuthenticationOptions
 
 AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
 CookieName="LoginCookie",
 LoginPath = new PathString("/Login/Login"),
 Provider = new CookieAuthenticationProvider
 
 OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
 validateInterval: TimeSpan.FromMinutes(30),
 regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
 
 );

Microsoft are aware of the issue and it will be resolved in 2015.