Testing the login control

I need some volunteers here. Need you to follow a series of steps and answer the following questions.

Qn 1: Are you currently logged in to community server

Step 1: Go to www.sgdotnet.org/events. Take note of your log in status on the top left hand corner.

Qn 2: Are you logged in or are you seeing the username and password textboxes

 

If you are not logged in, please follow the following steps

Step 2: Login with your community server credentials

Qn 3: Did the Login Control UI change if you do not see any error message?

Step 3: If the UI change, click on any events below the control

Qn 4: Are you still logged in?

 

Thank you for your participation. Please do not register for the teched event yet.

Search does not work, just in case you tried it ;p

 

1: Yes, logged in.

2: No, not logged in under Events.

3: Yes it changed.

4: Yes I'm still logged in under Events.

However, when I log in under Events, I get logged out of the forums.

A1. Yes.
A2. Not logged in, login controls visible.
A3. "Welcome back, icelava".
A4. Yes.

Thing to note: it appears logging in at this level will log me out of the Community Server application. I had to re-login here to post this, which effectively logged me out at the Events application. You have to share the same machineKey use to encrypt the cookie data and make it compatible across all domains and apps, like the main web site previously did.

Could you help me take a look at the web.config? I didn't change anything from last time, except for the domain.

In the login code, it was previously sgdotnet.org, which single sign on didn't work. So I changed it to .sgdotnet.org, as community server was configured.

Ans 1: Yes, I'm logged in to forum
Ans 2: No, I saw textboxes and above of the textboxes there is:
Saturday, 13 August function getYear() { [native code] } 1900
Ans 3: Yes, I manage to login successfully.
Ans 4: Damn it, I was logout from forum, and retyping these answers again.

btw, I"m using Firefox.

regards,
choongseng

Firefox has the getYear problem. Everyone seems to face the logout problem. Hopefully icelava has time to look into that for me.

I am in the midst of acquiring and moving furniture around my rooms, and in fact have items to get rid of. In a state of (physical) mess right now.

Recall this thread. We apply the same machineKey to all web.configs so their cookie encryption pattern can be used across all web applications. Given the locality (only one server) we should be able to use the former option

<machineKey validationKey="AutoGenerate" decryptionKey= "AutoGenerate" validation="SHA1"/>

If the keys are autogenerate, how can we make sure that the keys in both web.config is the same?

Community server is running on one virtual server, while www.sgdotnet.org is running on another leh, and we still need to test our code on dev.sgdotnet.org lei?

According to the weblog, so as long as it ain't "AutoGenerate,IsolateApps" the ASP.NET runtime will generate keys once and use for all applications. But that could just meant IIS 5, which runs only one instance of the aspnet_wp.exe runtime. I have an inkling this may not work in IIS 6 with its separate AppPools. Which case, we'd have to hard code specific keys.

Another thing.

Web.config of www.sgdotnet.org has the encryption keys specified the same as community.sgdotnet.org

Events sits in www.sgdotnet.org as a web app, with its own web.config. But I didn't specify the encryption key. Will it take the web.config of www.sgdotnet.org, or will it not use any encryption?

For sharepoint, if the web.config does not have the value, it will take the parent's web.config. That's why I'm assuming events will take www.sgdotnet.org's web.config.

Funny you mention it that way because the element only exists in the main site's web.config; Community Server's does not have it, unless you were looking at the old (stand-alone) Forums 2.0 directory.

UPDATE: i think i see the problem. The elements

<add key="MachineValidationKey" value="*****" />
<add key="MachineDecryptionKey" value="*****" />
<add key="MachineValidationMode" value="SHA1" />

live within the <appSettings> hierarchy - that's not an ASP.NET runtime schema; that's your application specific config data. What those are actually used for, I have not investigated.

The actual ASP.NET defined element is
<machineKey validationKey="*****" decryptionKey="*****" validation="SHA1" />

which I have pasted into both the main site's and development copy of Community Server's web.configs.

UPDATE: I have reconfiged the dev copy Community Server to http://dev.sgdotnet.org/cs/forums/

You can login at that location, and it should be carried over to http://www.sgdotnet.org/events/

Cool! Thanks man!

Could weehyong, hannes, choongseng try and see if you guys still face the problem?

icelava wrote:

which I have pasted into both the main site's and development copy of Community Server's web.configs.

Erm, so both web.config for www.sgdotnet.org and community.sgdotnet.org has the machinekey defined? I don't see it in community.sgdotnet.org's web.config though...

Nope, i only altered the dev.sgdotnet.org copy for demonstration purposes.

UPDATE: I done modified the live Community web.config so the auth cookies are synchronised throughout now.