0

I am using a global filter in order to determine if a user is allowed to access a certain page/controller. I haven't been able to get a lot of tread of this as I'm not able to do a simple session variable creation. Here is my simplified code:

public class MyActionFilterAttribute : ActionFilterAttribute
{
    public override void OnActionExecuted(ActionExecutedContext context)
    {

        context.HttpContext.Session.Add("asdfasdf", 1234);
        //Check if user is authorized in db
        //...

        base.OnActionExecuted(context);
    }
}

Error:

System.Web.HttpException: Failed to login to session state SQL server for user '<USERNAME>'.

If I comment out Session.Add the application works fine. It's strange because the error given is completely unrelated (I think). How do I get my session variable to work in this case? Better question, is this the correct way to go about user authentication?

Improve this question
2
  • 1
    Do you want to store your session state in a SQL server database? If so, you haven't configured it right. If not, you shouldn't configure the session to be stored in a sql server database at all. The solution in either case is to go to the web.config and change the entries to what you want (and what that is, we have no idea). Commented Jan 23, 2013 at 21:53
  • @Servy I was told by the web admin to put that in my web.config file and I complied without really looking. Details to the solution can be found in Darin's answer comments. Commented Jan 23, 2013 at 22:20

1 Answer 1

Reset to default
3

It seems that your application is configured to use SQL Server session state persistence. And you have a problem with the connection string in your web.config.

If you want to use SQL Server session state persistence make sure that you have correctly configured your database and specified correct connection string to it:

<configuration>
  <system.web>
    <sessionState mode="SQLServer"
      sqlConnectionString="Integrated Security=SSPI;data 
        source=SampleSqlServer;" />
  </system.web>
</configuration>

If you don't want to use SQL Server to persist your sessions you could switch back to InProc mode:

  <system.web>
    <sessionState mode="InProc" />
  </system.web>
</configuration>
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

+1. Also SQL server needs to be correctly configured/matching account need to have permissions.
Oh wow, that worked. To be honest, I'm not even sure what this does. I was told to copy/paste <sessionState ... into this file by the person who granted me this web server. Besides this msdn article, do you suggest any other sources to read more about the session state?
The MSDN article is a great start. read it carefully and then head over to google.com for more.
@DarinDimitrov Via the MSDN article I linked, This ensures that session state is preserved if the Web application is restarted and also makes session state available to multiple Web servers in a Web farm.. This is the case for our web servers. The issue seemed to be a combination of SessionState and development environment. When developing in localhost and sessionState mode="SQLServer", things would break. When deployed to an actual server, things work great. Thanks for the help. I would have NEVER found this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.