tags:

views:

100

answers:

1
+1  Q: 

Losing Session between Classic ASP and ASP.NET

The company that I work for is making a transition between classic ASP programs and ASP.NET programs for our intranet software. Eventually, everything will be written in ASP.NET, but because of time constraints, there are still a number of programs that use classic ASP.

To compensate we've written features that allow for redirects and autologins between classic ASP programs and ASP.NET programs. I've been starting to see a problem, though, with holding the session state for our ASP.NET software. If a user uses an ASP.NET program, then does work in a classic ASP program, then goes back to that ASP.NET program, often times, the user's authentication for the ASP.NET program is still in place, yet the user's session is lost, resulting in an error whenever a function is performed within the program.

I'm trying to capture the loss of the session state in global.asax's Session_End event, which would redirect the user to the login page, but that hasn't worked. Has anyone else faced a similar issue with users moving back and forth between classic ASP and ASP.NET and losing sessions? Is that even my real issue here? It's the only thing that I can see as being a problem.

EDIT

This is what we do to redirect users to an ASP.NET page from a classic asp page.

We create an MD5 hash based off of the userID and the date and send it to a redirect.aspx page via the query string. From there, the aspx page creates its own MD5 has based off of the userId and the date, both passed via the query string. If the 2 hashes are identical, the user is authenticated, and the program loads. Here is an example:

Classic ASP:

strDate = Year(Now())  & right("0" & Month(Now()), 2) & right("0" & Day(Now()), 2)
key = MD5(SessionUserID & strDate)
Response.Redirect "/redirect.aspx?key="&key&"&lpid="&ProgramID&"&unum="&SessionUserNum&"&uid="&SessionUserID&"&gid="&SessionGroupID

Redirect.aspx:

string key = Request.QueryString["key"];
//SetDesignModeState Variables:
if (getMd5Hash(Request.QueryString["uid"] + DateTime.Today.ToString("yyyyMMdd")) == key)
{
    Session["SessionGroupID"] = Request.QueryString["gid"];
    Session["SessionUserNum"] = Request.QueryString["unum"];
    Session["SessionUserID"] = Request.QueryString["uid"];
    string appID = Request.QueryString["lpid"];
    FormsAuthentication.SetAuthCookie(Request.QueryString["uid"], false);
    //redirect to ASP.NET page...
+3  A: 

Hi Aaron

I've done a similar thing to you: authenticating users from a legacy ASP application to an ASP.NET site. What would help, is if you could provide a little more detail (sample code, perhaps) of the process you've setup to do this with users coming from the legacy app to the ASPX app.

To give you a brief idea, in my implementation I've done the following:

  • Create an .ASPX page
  • The .ASPX page accepts HTTP POST values from a particular legacy ASP app only.
  • When a POST request is received, I extract the username/password values, then proceed to authenticate in the normal way. If the user is successfully authenticated, we issue a FormsAuthentication cookie to the user.

In reality, my implementation is quite a bit more complicated, using the database as a backing store (as both apps share a common data source) and a particular database field to store a random code which is sent from the classic app to the .NET side to further verify that the request received by the .NET app is valid.

EDIT:

Try manually setting your authentication cookie. Delete the line:

FormsAuthentication.SetAuthCookie(Request.QueryString["uid"], false);

Replace with:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                Request.QueryString["uid"],
                DateTime.Now,
                DateTime.Now.AddHours(24),
                false,
                null)

        string encryptedTicket = FormsAuthentication.Encrypt(ticket);
        HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);            
        HttpContext.Current.Response.Cookies.Add(cookie);

See how you get on with that?

Richard  2010-05-05 15:34:29
I've edited my post for more information.
Aaron  2010-05-05 18:52:53
Edited my own post in response...
Richard  2010-05-05 20:40:48
Thanks for the suggestion...I'll try it out and let you know how it works.
Aaron  2010-05-06 13:08:01
This did help out. Thanks.
Aaron  2010-05-10 18:21:36

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps