Intermittent Handshake Error - silverlight

Background
We currently have a SilverLight form that posts data to a second common form that multiple applications use, which then runs the need business logic to place the data into a database.
We have several national and international offices where this form is used.
There is one office location (CO) where this form is consistently producing intermittent error messages and based off log data, it is only happening in this office.
Error Symptoms
Initially users will typically report that there is an error and when I log into their machine using MS Communicator, 80% of the time it would start working.
I started installing Fiddler on their machines to try and capture more information but 100% of the time I did that, the form started posting successfully. The users being resourceful, simply start Fiddler anytime the form doesn't post and it works fine.
I also asked users to go through Citrix which is hosted in the TX office and the form posts fine.
Error Details
I used OPNET to better monitor the traffic and I found that when user's simply open IE the authentication handshake fails.
Client => Server = 401
Client <= Server = Authentication Token
Client does not respond
When we use fiddler, the handshake is successful.
The error returned by SilverLight was a very generic [HttpWebRequest_WebException_RemoteServer] message.
Question
What would cause the handshake to work sometimes by itself, always with fiddler and CITRIX, and sometimes it doesn't.

Related

Desktop application - Identity Server 4 - HTTP 400 status error

I have a Windows desktop client which connects to Identity server using Authorization code + PKCE.
It seems to work perfectly fine if I run it through visual studio.
I have then installed the desktop client on my own machine and it connects to Identity Server, displays the log in screen and then logs in fine.
For some reason though, when I install that same desktop client on a server, or even the same server that it sits on, then it displays the login screen but when I enter credentials and click on login, then it displays the following HTTP 400 error....
This error (HTTP 400 Bad Request) means that this program was able to connect to the web server, but the webpage could not be found because of a problem with the address.
I don't understand what could be going wrong or what could be different between the desktop client sat on my machine or the one sat on a server.
I would appreciate whatever help I could get on this.
The main thing I can see is that it doesn't even seem to hit my Identity Server 4 LogIn post controller method (but does hit the Get method as expected).
Note - I am using an In Browser control on Windows so it is Identity Server that seems to be the post and erroring out with the HTTP 400 error.
We fixed it by implementing ValidateIssuerName = true (previously was false) and everything else that was needed with that.
Previously, ID4 on discovery mode was giving its own URL, whereas we updated it to provide the URL of the gateway.

Mobile to Web Service Communication

I created a web service and a mobile application that communicate between each other. When everything is working, it works great. When the server doesn't respond, it starts to break down.
The mobile device sends a message to the server with a bunch of records. Getting the records on the server never seems to be a problem. It gets the records and then sends a response back to the mobile device that the update was received. The PROBLEM is that the mobile device doesn't always get the response, so it doesn't know it shouldn't send those records again for updating.
Next time it sends the records again and now I have duplicate records. How can I solve this?
Idea 1) Create a transaction number unique on the mobile device that I can compare against the server to see if the record was already uploaded. Then just don't write that record and attempt to send back the response that it was written.
Idea 2) Send the records to the server, but before writing them respond to the mobile device that they were received. This way the mobile device can tag them and then send another response to the server telling it to write them. At the point the mobile device almost doesn't care if it gets a response. Only thing, you don't know if the server ever got the message.
Looking for ideas on how to handle this that either confirm one of these ideas or has a completely different one.
I ended up creating logs that the device attempts to resolve when it gets back successful responses from the server.
I tag items as a batch of lines and send them up to the server. Once they are up there, I create a log about the success or failure of each line item in a batch of items and then save the log to the file system.
When the mobile device is unsuccessful in hearing back a response from the server, in rare cases, it asks the server about a batch number. If the server doesn't respond with a status of that batch, it assumes the server never received it and remarks those items for another upload attempt. If it hears back, it processes the success and failure line by line and then marks the items on the mobile device accordingly. If the mobile device doesn't ask about the log in the next upload, the server assumes the batch's lifecycle is complete and it no longer needs to maintain that log. It is then deleted.
The server doesn't delete a log until it has a successful request from the specific device no longer asking to hear about the log. So if I have log 1 on the server and the device doesn't ask in the next upload to hear back about that log, the server then removes that log assuming the device got the response it wanted or doesn't care about it anymore.

WCF error with hosting of a SL4 Navigation application

I have a SL navigation application, that currently runs on a shared hosting package with a 3rd party ISP. I can login, and register using the ASP.NET membership and role providers.
I have now setup a dedicated server, on which only my app will run. It does not yet have a domain name that points to it... I access it via an IP address.
I've copied the entire site (including the ClientBin and all the XAP's) to the new server, but the Authentication and Registration services don't work... they just return NotFound.
When I check Fiddler on the working site, this service is called :
www.myaddress.com/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
which of course succeeds. However, on the other site, the fiddler trace looks the same (because I just copied the site) :
123.123.123.123/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
but, the call fails with NotFound. Fiddler reports it as HTTP/1.1 500 Internal Server Error. When I open
http://localhost/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
on the server, I get the HTTP/1.1 500, as well as this description :
Handler "svc-Integrated" has a bad module "ManagedPipelineHandler" in its module list
Which leads me to believe that there is something wrong with my IIS config, as the exact same code is working on another system.
What is a "bad module"? How do I fix it?
Normally this type of error is that ASP.Net is not activated or that a handler for svc is not registered or registered correctly.
In your case is looks a bit different. It could be that you have .net framework 4.0 code that you are trying to run in a .net framework 2.0 application pool.
IIS 500 errors often show up with more information in the Windows Event log - if you can somehow get access to that?
Also I've noticed that often the server will actually send debugging output back to the client that everything seems to ignore. Have you checked the entire raw response that is coming back from the server to see if there are any clues there?

Getting 401.1 web response while testing Silverlight Application with fiddler

I need to stress-test a silverlight application which uses Windows authentication mode. To achieve this task I am using the StressStimulus Fiddler addin.
What I am doing is to log in and doing some stuff like search etc. I captured the HTTP messages transferred in Fiddler and replayed them using the above mentioned tool.
However, when I replay the packages I always get a 401.1 Server responses.
I tried to use different Authorization approaches (NTLM and Negotiate) but I always get the same response message.
Fiddler seems to be properly configured. In the Fiddler options menun "Reuse client connection" is checked as well as "Reuse connection to server". I even raised the KeepAliveTimeout in the registry without any success.
Does anybody have an idea whats going wrong?
You can't replay authentications such as NTLM and Negotiate. One the most important features of any challange/response authentication is that it must not be replayable. Without this feature an attacker can monitor a successful authentication and then replay the same sequence to gain access to things they aren't entitled.

Silverlight error message [Arg_VersionString]. Don't know where to begin

One of the users of a silverlight app I wrote gets this error message:
[Arg_VersionString] Arguments:
Debugging resource strings are
unavailable. Often the key and
arguments provide sufficient
information to diagnose the problem.
See
http://go.microsoft.com/fwlink/?linkid=106663&Version=4.0.50524.0&File=mscorlib.dll&Key=Arg_VersionString
I checked the log of the asp.net application that is hosting the silverlight plugin and I see no exceptions. The services seem to be working properly, I even witness the trace of this user running the app, and I can confirm that the service successfully returned data.
Something must be happening on the client side, but I don't know where to start. The software is in production already, there are no debugging tools on that server other than DbgView and the problem only seems to be occuring for this particular user.
What would you do?
In order to reduce the size of the Silverlight plugin, The strings of error messages were removed. So if any unhandled exception gets thrown this is the message you will recieve.
In order to get the full version of the exception the user has to have the Silverlight Developer Runtime and not the client runtime installed.
If you have a record of the data returned to the client, you might try using Fiddler to inject that data into the client running on your machine and see if it fails. If it does you should get back the full error message.

Resources