How to make a WSS request not restart the session timeout
hi, We have a page that is used to notify the application if the user is in session or not, without interferring with the session timeout itself. This page is accessed by the client automatically every X seconds. This is the code: if {$httpPath == "/pagename"} { if {([HTTP::cookie value MRHSession] != "") && ([ACCESS::session exists -state_allow]) } { HTTP::respond 200 content Yes SomeHeader Yes } else { HTTP::respond 200 content No SomeHeader No } ACCESS::disable return } Now the application team start using some asp.net component called SignalR which uses WSS, let's say the path is /signalr. This path is also accessed automaticaly every X seconds by the client, and thus restarts the session timeout counter and the app never disconnect. I need to do the same intervention like the code above does, only with this /signalr page. Problem is that unlike with the current/pagename path, if I add the /signalr path to the IF, it blocks the request from getting to the app server and breaks the app. Anyone familiar with this component or know why it acts differently? Thanks1.3KViews0likes1CommentAuth Cookie replay attack Mitigation
I am reviewing an issue flagged by compliance team related to broken logout functionality in ASP based application... The application in question uses Forms Authentication (ASP.NET) for logon. After successful logon ".ASPXAUTH" cookie gets send to the client which is being send back to the site on each conservative GET and POST. Once user clicks "logoff" button the session cookie gets wiped on the client side. However, when re-playing HTTP POST or GET (containing .ASPXAUTH cookie captured with Fiddler) I am able to get valid page in response. Issue with ASP.NET cookie replay attack described here and in this MS KB article. Unfortunately, we don't have ASM in our disposal. Is there a way to mitigate the issue with an iRule?726Views0likes1CommentF5 load balancer and session time out for asp.net page when page post back
i deployed asp.net application in two asp.net servers and users access this application through F5 Load balance. here we facing issue when user was idle on asp.net page for 10 min , and after when user click the button on page, and page can not be displayed message appers in IE, and in firefox below message The connection to the server was reset while the page was loading. In IIS default session timeout value is 20 Min In F5 TcpIP time out value :10 Min604Views0likes1CommentF5 IDP - ASP.NET SAML SSO example
Looking to add F5 IDP (APM) to our product SSO providers. We already connect to Azure AD (https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-webapp), Okta (https://github.com/okta/samples-aspnetcore/tree/master/samples-aspnetcore-2x/self-hosted-login) and others using owin. There is an asp.net sdk or guide we can follow? Thanks!557Views1like0CommentsASM profile | Server Technologies
Hello guys we have application that is running .NET Core c# and when I try to set server technologies when creating ASM policy I only see two options: ASP ASP.NET shouldn't also be there .NET Core ? is it included in the ASP.NET signatures ? thanks439Views0likes2Comments