Static variables issue in shared hosting or multiple web servers

I just want to share with everyone a lesson learned recently.

Issue: All the static variables which are initialized as class variables are reset to empty, null or 0 depending on the data type of the variable. This happens randomly and cannot be reproduced in the development environment. This issue is specific to web applications and not stand alone/windows apps.

Explanation: Firstly to clarify what I meant by “static variables which are initialized as class variables“, below is an example code snippet.

public class MyUtility
{
static string myURL = “http://somesite.com”;
static int count = 10;


}

In the above code snippet, the variables ‘myURL’ and ‘count’ will be set to empty string and ‘0’ respectively at any time randomly on your production servers if its a load balanced servers and or shared hosting environment. The static variables are initialized properly the first time when the application starts. But whenever the application domain which is the isolated memory in which the web application process runs is reset or recycled all the memory allocated is lost. The application domain reset/recycling is possible in multiple cases. For example:

  • If the web application is not requested for an extended period of time.
  • In shared environment multiple web applications share the limited RAM. Thus, if one web app is idle and doing nothing that will be unloaded and reloaded on demand.
  • The IIS server settings can be set to recycle/reload the application pool periodically or set to recycle whenever the memory allocation exceeds a threshold limit.

Whenever this recycling or reload occurs all the static variables are reset. Not only do these not get reset to their original state but they are also not re-initialised with their design time default values. They will always be given values like null, empty string and zero.  The worst part is that we cannot reproduce this in our development environment as we don’t mimic the production environment.

So the solution is simple, do not use static variables in web applications.

Below is a very good post which mentions more technical details related to this topic.

http://www.navwin.com/Topics/AppDomainRecycling/AppDomainRecycling.aspx

ASP .Net tab missing or SharePoint site leading to Page not found and IIS 32/64-bit modes

Problems:

  • ASP .Net Tab Missing in the IIS Managers Website properties
  • SharePoint site shows “Page cannot be found error”.
  • SharePoint sites shows “You are not authorized to view this page”, “HTTP Error 403 – Forbidden: Access is denied.”
  • Either of the above problems in a server farm.

Possible Solutions:

There could be couple of reasons for the ASP .Net tab missing in the IIS manager. And this issue in turn could be the reason for the SharePoint site throwing the Page cannot be found or You are not authorized to view this page errors. Reasons that could be are:

  1. Improper installation of IIS and ASP .Net framework.
  2. IIS running in 32-bit mode on a 64-bit windows 2003 server.
  3. Having multiple versions of ASP .Net framework lying around on the machine which needs registry cleanup.

If your server is a 64 bit machine, then make sure your IIS is not running in 32-bit mode. For this run,

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs GET W3SVC/AppPools/Enable32bitAppOnWin64

The output tells if enable32bitapponwin64 is true or false. If its true then, go ahead and run the following to disable 32 bit mode and enable 64 bit mode:

cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1

If your server is a 32 – bit machine, and your ASP .Net tab is missing then, you might follow the below steps I found in this msdn blog post and KB Article from MicroSoft:

  • Manually run the install for ASP.NET: ASPNET_regiis -i
  • Register the dll for the MMC: regsvr32.exe “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mmcaspext.dll” “rundll32.exe” “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll”,RegisterAspNetMMC
  • From a command prompt run: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMmcExt.dll /tlb:AspNetMMCExt.tlb
  • Change the About value in “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\{fedb2179-2335-48f1-aa28-5cda35a2 b36d}” from {7D23CCC6-A390-406F-AB67-2F8B7558F6F7} to {7D23CCC6-A390-406F-AB67-2F8B7558F6F6}

If you want to have just the .net framework 2.0 on the machine go cleanup the earlier versions of it in the registry. Run regedit.exe and remove all the versions other than 2.0 below these registry entries:

  • HKEY_CLASSES_ROOT\CLSID\{7D23CCC6-A390-406E-AB67-2F8B7558F6F6}\InprocServer­32
  • HKEY_CLASSES_ROOT\CLSID\{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}\InprocServer32
  • HKEY_CLASSES_ROOT\CLSID\{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}\InprocServer­32

Try to unregister the .net framework and re-register it. Depending on your machine if 32/64-bit and the asp .net version (1.1 or 2.0?):

%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -u //for uninstallation

%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i //for installation

%SYSTEMROOT%\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe -u //for uninstallation

%SYSTEMROOT%\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe -i //for installation

If doing all the above doesn’t bring back the ASP .Net tab then reboot the machine.

Doing all this should at least get rid of the ‘Page cannot be found‘ error but may lead  to the authorization error.

For the 403 or the authorization error, if you get this error when you access the site using the url like http://portalsite:<port&gt; then try access the site as http://portalsite:<port>/default.aspx. If the later is successful then try to create a new application pool and map it to the corresponding website. Otherwise delete the web application and recreate it from scratch and it should work. This blog post something similar.

To learn more about how to maintain multiple versions of .net framework on the same machine and serve various web applications , read the article from MSDN which talks specifics about the same.

IIS Authentication Model and Options

IIS 6.0 Authentication Model: An important part of many distributed applications is the ability to identify someone, known as a principal or client, and to control the client’s access to resources. Authentication is the act of validating a client’s identity. Generally, clients must present some form of evidence, known as credentials, proving who they are for authentication. Typically, credentials include a username/password pair.

SharePoint Portal 2003 is built upon IIS 6.0. Lets first take a look at the authentication model of IIS.

IIS provides a variety of authentication schemes:

Anonymous (enabled by default):
Anonymous authentication allows a user to access web and FTP sites without having to provide a username and password. When a client user accesses a web or FTP site, IIS uses the Internet Guest Account to authenticate that user.

The Internet Guest Account is created when IIS is installed, and it is named IUSR_<Computername>, where <Computername> is the name of the host machine. Having an account to use for anonymous access allows you to configure which resources all anonymous users can access on your server. The anonymous account is also added to the Guests group when IIS is installed, so any restrictions or permissions applied to that group also apply to the account.

Basic Authentication:
When a server uses Basic Authentication, the Web browser (or the FrontPage client) prompts the user for a name and password. The user name and password are then transmitted across HTTP, in clear text. Using this user name and password, IIS authenticates the corresponding Windows NT user.
To use Basic authentication, a user account must be defined on either the local machine or on a trusted domain controller. The account-based access control is all done through the NT File System (NTFS) permissions on the file system.

Integrated Windows authentication:
Integrated Windows authentication is the most secure method of authentication, but it is available only with Internet Explorer. In Integrated Windows authentication, the user’s browser proves itself to the server using a cryptographic exchange during the authentication process.

Integrated Windows authentication supports both the Kerberos v5 and the NTLM (NT LAN Manager) protocols for authentication through the Negotiate package.

Digest Authentication:
Like Basic Authentication, Digest Access Authentication is based on a simple challenge-response method. The Digest scheme challenges using a nonce value (a server-specified data string which may be uniquely generated each time a 401 error is made.). A valid response contains a checksum of the user name, the password, the given nonce value, the HTTP method, and the requested URL. In this way, the password is never sent as easily decoded text, which is Basic Authentication’s biggest weakness.

.NET Passport Authentication:
IIS 6 can use Microsoft’s .NET Passport to authenticate users requesting resources from a web site or a web site virtual directory. The benefit that this solution offers is that the credentials are stored and managed on another server that you are not responsible for building or maintaining. Users can authenticate using the .NET Passport service and then be allowed access to the web site hosted on your WS03 server.

This is an extract from here. I will soon post on sharepoint authentication model and integration with SiteMinder LDAP.