I have an ASP.NET application which was written a long time ago. I enhanced the application. It is perfectly working on both dev and staging servers.
But it fails on the production server. Users are not able to log in, it always redirect to the login page. I heard that project is running into the load balancer and siteminder. I do not have enough knowledge about this. In the code, there is a antiforgery token value validation logic before login. Last deployed code in 2022 and it is working.
The new logic is very similar to the existing logic which is very simple.
This condition is always true which should not. I believe due to load balancing.
If Not page.IsPostBack Then
Dim antiforgeryToken As Guid = Guid.NewGuid()
page.Session("AntiforgeryToken") = antiforgeryToken 'store in session value.
antiforgery.Value = antiforgeryToken.ToString() 'store in hidden field value
Else
Dim stored As Guid = CType(page.Session("AntiforgeryToken"), Guid)
'New logic
If (Not (Context.Request.Form Is Nothing)) Then
Dim antiForgeryVal As String = Context.Request.Form.Get("antiforgery").ToString() 'Read info from Form field(hidden) and set
If antiForgeryVal.ToString() <> stored.ToString() Then 'Always true. compare session with with variable value. I do not know why? Even though nobody changes any value. It should not be always.
Response.StatusCode = 400
ErrorLog("Antiforgery token value does not match with stored value") 'I am getting always this info to the error table
Response.End()
End If
End If
'end
'ORIGINAL LOGIC. COMMENTED OUT
'Dim sent As Guid = New Guid(antiforgery.Value) 'Read from hidden field
'If sent <> stored Then 'compare session and hidden field value
' Response.Redirect("F2190_Logout.aspx")
'End If
End If
I am totally stuck. It is production issue. Any body give me hints/ideas that will be helpful.