Did you change the authentication tag in the web.config file to Windows?

Hi Mark,

Yes, the authenication method is set to windows.

The directory security is set to Anonymous, Windows Authenication

Please untick the directory security in IIS.

If that does not help then please paste you web.config file contents.

Can you please elaborate on what I'm exactly unticking and where? (windows 2003)

Can't post web.config....  the editor keeps stripping it?

Config as follows

<?xml version="1.0" encoding="Windows-1252" ?>
<configuration>
 <configSections>
  <sectionGroup name="GeminiPlugins">
   <section name="MailPlugin" type="System.Configuration.NameValueFileSectionHandler,System,Version=1.0.3300.0,Culture=neutral,PublicKeyToken=b77a5c561934e089" />
  </sectionGroup>
  <section name="nhibernate" type="System.Configuration.NameValueSectionHandler, System, Version=1.0.5000.0,Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  <section name="microsoft.web.services2" type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
 </configSections>
 <!-- **************-->
 <!-- **************-->
 <!-- Gemini application settings go here -->
 <!-- **************-->
 <!-- **************-->
 <GeminiPlugins>
  <MailPlugin>
   <!-- SMTPServer - specify IP number or machine name -->
   <add key="SMTPServer" value="ACLEXCHANGE" />
   <!-- SMTP authentication values: OFF, BASIC, NTLM. -->
   <add key="SMTPAuthentication" value="OFF" />
   <add key="SMTPUserName" value="" />
   <add key="SMTPPassword" value="" />
   <!-- Global email alert type on/off settings -->
   <add key="IssueCreateAlert" value="true" />
   <add key="IssueUpdateAlert" value="true" />
   <add key="IssueCommentAlert" value="true" />
   <add key="IssueStatusChangeAlert" value="true" />
   <add key="IssueResolutionChangeAlert" value="true" />
   <add key="IssueDeleteAlert" value="true" />
   <add key="IssueAssignedAlert" value="true" />
   <add key="IssueClosedAlert" value="true" />
   <add key="IssueResolvedAlert" value="true" />
   <add key="IssueWatcherAlert" value="true" />
   <!-- Options -->
   <add key="FromEmailAddress" value="gemini@airclaims.com" />
   <add key="Debug" value="false" />
   <add key="SendAlerts" value="true" />
   <!-- Email encoding values: ASCII, DEFAULT, UNICODE, UTF7, UTF8. -->
   <add key="Encoding" value="UTF8" />
   <!-- TemplateEngine values: NVELOCITY, STRINGTEMPLATE -->
   <add key="TemplateEngine" value="NVELOCITY" />
   <!-- TemplatesPath: Optional setting that can contain absolute path to "templates\mail" folder
     - leave empty to let Gemini work it out
     - or, specify full path , e.g. "c:\inetpub\wwwroot\gemini\templates\mail\"
   -->
   <add key="TemplatesPath" value="" />
  </MailPlugin>
 </GeminiPlugins>
 <nhibernate>
  <!-- The SQL Server dialect (Gemini supports "MsSql2000Dialect" or "MsSql7Dialect") -->
  <add key="hibernate.dialect" value="NHibernate.Dialect.MsSql2000Dialect" />
  <!-- The SQL Server database connection string -->
  <add key="hibernate.connection.connectionstring" value="data source=ACLUKDEV;initial catalog=Gemini;user id=sa;password=airclaims" />
  <!-- Misc -->
  <add key="hibernate.connection.provider" value="NHibernate.Connection.DriverConnectionProvider" />
  <add key="hibernate.connection.driverclass" value="NHibernate.Driver.SqlClientDriver" />
 </nhibernate>
 <appSettings>
  <!-- OrganisationName - Name of your organisation -->
  <add key="OrganisationName" value="CounterSoft" />
  <!-- RegisteredTo - The email address of whom the product is registered to -->
  <add key="RegisteredTo" value="paul.buxton@airclaims.com" />
  <!-- RegistrationCode - The product registration keycode as provided by CounterSoft -->
  <add key="RegistrationCode" value="Y6N9-XDFG-W5Q5-Y797" />
  
  <!-- FullGeminiURL - requires trailing forward-slash! -->
  <add key="FullGeminiURL" value="http://aclintraweb/gemini/" />
  <!-- GeminiAdmins - Email address for Gemini administrators -->
  <add key="GeminiAdmins" value="paul.buxton@airclaims.com" />
  
  <!-- WelcomeTitle - Commercial Licensees only !! -->
  <add key="WelcomeTitle" value="Welcome" />
  <!-- WelcomeMessage - Commercial Licensees only !! -->
  <add key="WelcomeMessage" value="Customise this message via the WEB.CONFIG file." />
  
  <!-- DateFormat - "EU" or "US" -->
  <add key="DateFormat" value="EU" />
  <!-- TimeInWorkingDay - specify as HH:MM (example "7:30" which equals 7 hours 30 minutes) -->
  <add key="TimeInWorkingDay" value="7:30" />
  
  <!-- WebServicesAccessCode - Security code that must be used when using Gemini web services -->
  <add key="WebServicesAccessCode" value="ABC123" />
  <!-- WinWebServicesAccessCode - Security code that must be used by Gemini Desktop application -->
  <add key="WinWebServicesAccessCode" value="WIN123" />
  <!-- UseAccessCodeForSourceControl - Should we authenticate access to the AddSCFile.aspx? -->
  <add key="UseAccessCodeForSourceControl" value="NO" />
  
  <!-- GlobalAssignResourceAtIssueCreation
    - Controls if ALL USERS can assign resource to an issue during issue creation
    - Possible values = "YES" or "NO"
    - If this is set to YES, then ANY USER can assign a resource to an issue during issue creation
  -->
  <add key="GlobalAssignResourceAtIssueCreation" value="NO" />
  <!-- AutoAlertForIssueCreator
    - Controls if the user creating an issue is automatically an ISSUE WATCHER (get issue alerts)
    - Possible values = "YES" or "NO"
    - If this is set to YES, then alerts will be sent to issue creators whenever the issue is updated
  -->
  <add key="AutoAlertForIssueCreator" value="YES" />
  <!-- AutoAlertForIssueResource
    - Controls if the user working on an issue is automatically an ISSUE WATCHER (get issue alerts)
    - Possible values = "YES" or "NO"
    - If this is set to YES, then alerts will be sent to issue workers whenever the issue is updated
  -->
  <add key="AutoAlertForIssueResource" value="NO" />
  
  <!-- ShowUserRegistrationLink
    - controls whether the logon page displays a link that would allow anyone to register as a member.
    - possible values = "YES" or "NO"
  -->
  <add key="ShowUserRegistrationLink" value="NO" />
  
  <!-- AllowAnonymousUsers- Controls if anonymous users can access Gemini (e.g. no logon required)
    - If this is set to YES, then anyone can view and use Gemini without logging-in
  -->
  <add key="AllowAnonymousUsers" value="YES" />
  
  <!-- ViewAllProjects  - Are all projects visible to everyone?
    - Setting this option to "NO" will mean you can control visibility of projects at user level
  -->
  <add key="ViewAllProjects" value="NO" />
  
  <!-- AlwaysShowGeminiStats - Controls if the Gemini statistics panel is always shown on the main page
    - By default, the stats panel is only visible if you are an admin user or ViewAllProjects=YES
  -->
  <add key="AlwaysShowGeminiStats" value="NO" />
  
  <!-- ResetPasswordSubject - The email subject line used for sending password reset requests -->
  <add key="ResetPasswordSubject" value="Gemini Password Reset Request" />
  <!-- ResetPasswordMessage - The email message used for sending password reset requests -->
  <add key="ResetPasswordMessage" value="Please click on the link below to reset your Gemini password." />
  <!-- When creating a new user, you can send a reset password request:
   - AUTO      = Will always send reset password.
   - BLANK     = Will send a reset password only if password is blank.
   - NEVER     = Will not send a reset password.
  -->
  <add key="NewUserResetPassword" value="BLANK" />
  
  <!-- IssueDescriptionType - Possible values: Text, FreeTextBox or RichText -->
  <add key="IssueDescriptionType" value="RichText" />
  <!-- IssueCommentType - Possible values: Text, FreeTextBox or RichText-->
  <add key="IssueCommentType" value="RichText" />
  
  <!-- PluginPath - path to plugin directory under bin folder (required) -->
  <add key="PluginPath" value="bin/plugins" />
  <!-- DictionaryFolder - Location of the spell check files -->
  <add key="DictionaryFolder" value="dic" />
  <!-- Default Project Repository File Click Behaviour (None or View) -->
  <add key="ProjReposFileClick" value="None" />
  <!-- EnableHTMLPosts - Controls if HTML tags can be entered into text boxes -->
  <add key="EnableHTMLPosts" value="YES" />
  <!-- CharSetForExcel - The character set used when exporting issues to Excel -->
  <add key="CharSetForExcel" value="ISO-8859-1" />
  
  <!-- Make a never expired session (refresh in seconds) -->
  <add key="SessionRefresher" value="600" />
 
  <!-- Single Sign On [method of passing user credentials (SSO.aspx)]
    - DBHASHED= This is taking the actual password as it is on the DB (converted to base 64 string) and hash it with a key that is in the web.config (SSOKey).
    - DB      = This is taking the actual password as it is on the DB (converted to base 64 string).
    - HASHED  = This is taking the clear text password and hash it with a key that is in the web.config (SSOKey, see below).
    - PLAIN   = This is just sending the password as clear text.
   -->
  <add key="SSOPasswordType" value="DB" />
  <add key="SSOKey" value="" />
  
  <!-- Any issue id with this qualified found will automatically link to the issue -->
  <add key="IssueLinkQualifier" value="GEM:" />
 </appSettings>
 <system.web>
  <compilation defaultLanguage="c#" debug="false" />
  <!--  CUSTOM ERROR MESSAGES
          Set customError mode values to control the display of user-friendly
          error messages to users instead of error details (including a stack trace):

          "On" Always display custom (friendly) messages 
          "Off" Always display detailed ASP.NET error information.
          "RemoteOnly" Display custom (friendly) messages only to users not running
          on the local Web server. This setting is recommended for security purposes, so
          that you do not display application detail information to remote clients.
    -->
  <customErrors mode="Off" />
  <!--  AUTHENTICATION  (Gemini possible modes are "Windows", "Forms") -->
  <authentication mode="Windows">
   <forms
    name="Gemini203"
    loginUrl="Default.aspx"
    timeout="60"
    path="/">
   </forms>
  </authentication>
  <authorization>
   <deny users="?"></deny>
  </authorization>
  <!--  APPLICATION-LEVEL TRACE LOGGING
          Application-level tracing enables trace log output for every page within an application.
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the
          application trace log by browsing the "trace.axd" page from your web application
          root.
    -->
  <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />
  <!--  SESSION STATE SETTINGS
          By default ASP .NET uses cookies to identify which requests belong to a particular session.
          If cookies are not available, a session can be tracked by adding a session identifier to the URL.
          To disable cookies, set sessionState cookieless="true".
         
          InProc
          SQLServer (http://support.microsoft.com/default.aspx?kbid=317604)
          StateServer
    -->
  <sessionState
   mode="InProc"
   stateConnectionString="tcpip=127.0.0.1:42424"
   sqlConnectionString="data source=127.0.0.1;user id=sa;password=sa"
   cookieless="false"
   timeout="60" />
   
  <!--  GLOBALIZATION - This section sets the globalization settings of the application. -->
  <globalization culture="en-GB" uiCulture="en-GB" requestEncoding="utf-8" responseEncoding="utf-8" />
  <!-- File Upload Settings -->
  <httpRuntime executionTimeout="90" maxRequestLength="44096" useFullyQualifiedRedirectUrl="false" />
  <!-- The following blockers only come into affect if IIS is also configured
   http://support.microsoft.com/?kbid=815152
 -->
  <httpHandlers>
   <add type="System.Web.HttpForbiddenHandler" path=".xsl" verb="" />
   <add type="System.Web.HttpForbiddenHandler" path=".vm" verb="" />
   <add type="System.Web.HttpForbiddenHandler" path=".log" verb="" />
   <add type="System.Web.HttpForbiddenHandler" path=".config" verb="" />
   <add type="FreeTextBoxControls.AssemblyResourceHandler, FreeTextBox" path="FtbWebResource.axd"
    verb="GET" />
  </httpHandlers>
  <httpModules>
   <add name="GeminiHttpModule" type="Gemini.GeminiHttpModule, CounterSoft.Gemini" />
  </httpModules>
  <!-- This allows HTML text to be entered into Gemini -->
  <pages validateRequest="true" enableSessionState="true" enableViewState="true" enableViewStateMac="true" />
  <browserCaps>
   <!-- GECKO Based Browsers (Netscape 6+, Mozilla/Firebird, ...) //-->
   <case match="^Mozilla/5.0 ([^)]) (Gecko/[-\d]+)? (?'type'[^/\d])([\d])/(?'version'(?'major'\d+)(?'minor'.\d+)(?'letters'\w)).">
   browser=Gecko
   type=${type}
   frames=true
   tables=true
   cookies=true
   javascript=true
   javaapplets=true
   ecmascriptversion=1.5
   w3cdomversion=1.0
   css1=true
   css2=true
   xml=true
   tagwriter=System.Web.UI.HtmlTextWriter
   <case match="rv:(?'version'(?'major'\d+)(?'minor'.\d+)(?'letters'\w))">
    version=${version}
    majorversion=${major}
    minorversion=${minor}
    <case match="^b" with="${letters}">
     beta=true
    </case></case></case>
   <!-- AppleWebKit Based Browsers (Safari...) //-->
   <case match="AppleWebKit/(?'version'(?'major'\d)(?'minor'\d+)(?'letters'\w))">
   browser=AppleWebKit
   version=${version}
   majorversion=${major}
   minorversion=0.${minor}
   frames=true
   tables=true
   cookies=true
   javascript=true
   javaapplets=true
   ecmascriptversion=1.5
   w3cdomversion=1.0
   css1=true
   css2=true
   xml=true
   tagwriter=System.Web.UI.HtmlTextWriter
   <case match="AppleWebKit/(?'version'(?'major'\d)(?'minor'\d+)(?'letters'\w))( (KHTML, like Gecko) )?(?'type'[^/\d])/.$">
    type=${type}
   </case></case>
   <!-- Konqueror //-->
   <case match="Konqueror/(?'version'(?'major'\d+)(?'minor'.\d+)(?'letters'));\w(?'platform'[^)])">
   browser=Konqueror
   version=${version}
   majorversion=${major}
   minorversion=${minor}
   platform=${platform}
   type=Konqueror
   frames=true
   tables=true
   cookies=true
   javascript=true
   javaapplets=true
   ecmascriptversion=1.5
   w3cdomversion=1.0
   css1=true
   css2=true
   xml=true
   tagwriter=System.Web.UI.HtmlTextWriter
  </case>
  </browserCaps>
  <webServices>
   <soapExtensionTypes>
    <add type="Microsoft.Web.Services2.WebServicesExtension, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
     priority="1" group="0" />
   </soapExtensionTypes>
  </webServices>
 </system.web>
 <location path="Register.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="ForgotPassword.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="ResetPassword.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="Error.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/Gemini.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="IssuesExcel.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="xproject/IssuesExcel.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="admin">
  <system.web>
   <authorization>
    <deny users="?"></deny>
   </authorization>
  </system.web>
 </location>
 <location path="sc/AddSCFile.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="issue/StopWatch.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="SSO.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/CustomFieldsWS.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/VersionsWS.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/ComponentsWS.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/AuthWS.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/GeminiLookUpsWS.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/IssuesWS.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/ProjectsWS.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/GeminiWSE.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="webservices/TimeTracking.asmx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <location path="Refresher.aspx">
  <system.web>
   <authorization>
    <allow users=""></allow>
   </authorization>
  </system.web>
 </location>
 <microsoft.web.services2>
  <diagnostics />
  <security>
   <securityTokenManager type="CounterSoft.GeminiBiz.GeminiUsernameTokenManager, CounterSoft.GeminiBiz" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    qname="wsse:UsernameToken" />
  </security>
 </microsoft.web.services2>
</configuration>

Your web.config file seems to be ok.

Please go to IIS, Gemini virtual directory, properties, directory security nad make sure that "Anonymous Access" is not ticked.

OK, I did that - and Windows Authenication seems to be ok - to a point.

However,. one user is reporting that he cannot get in the system with his credentials, despite me having set his login id correctly.  He's treated as a viewer only in all projects, regardless of the settings.   This suggests that he's not identified on the domain correctly somehow.

Have you experienced this problem before?

Thanks for your assistance so far!

Paul

Are you allowing anonymous access? If so then either allow user regisdtration or deny anonymous access. That way you can see the identity of this user (via registration).

I have just upgraded Gemini from 2.0.2 to 2.0.3 and I have encountered the same problem with Windows authentication like Paul. That's why I intended to participate in this thread.

Working with Gemini now only works if the registered users log on with their complete user names consisting of the domain name and the Windows user name (e.g. gef-edv\eb). From what I saw in the users table in the database this is how the user names are stored.

Unfortunately, before upgrading I only made a backup of the contents of the Gemini virtual directory but not of the settings of this directory. Besides from what has been said in the previous posts (disabling anonymous user in IIS) might there be another setting which was changed from 2.0.2 to 2.0.3?

Are there other tags in web.config apart from the authentication tag which control authentication? (The authentication tag is identical to Paul's, anonymous access and user registration is both set to YES in web.config)

Thanks for any help in advance.

Krischan

Just for the record, I upgraded from 1.9.1 to 2.0.3

I originally installled 1.9.1 manually rather than using the installer.  For 2.0.3 I did the same.  I had the issues above, so decided to use the installer to install 2.0.3. 

Just like Krischan, people are having to log in as their full domain names.  Windows Authentication worked for SOME people (like me), but not for one or two other users.

We seem to be having the same problem, some users are having no trouble at all, and others can only view projects.
We have found that resetting the users passwords has helped in some cases, but I am not sure that it has worked for everyone.
Any other suggestions would be very helpful, as we are getting a lot of support calls about this.
We have disabled anonymous access in the IIS settings.

Exactly.....   glad to see I'm not the only person suffering from this.

Are you both still seeing the login box?

Can you post your system details (OS, IIS etc..)?

Unless you do not tick the 'remember login' checkbox the login box appears each time a user starts a Gemini session. After deleting the cookies the login appears again, of course.

Our Gemini installation runs on

• Windows XP Professional SP 2
• IIS 5.1 (Anonymous access is disabled for Gemini)
• SQL Server Express 2005
• .NET 1.1 with Hotfix and .NET 2.0
• We also modified some of the R.A.D. editors settings in its config file (the document paths etc.)

Krischan

Krischan,

Did you change the authentication tag to Windows?

<authentication mode="Windows">
   <forms
    name="Gemini203"
    loginUrl="Default.aspx"
    timeout="60"
    path="/">
   </forms>
  </authentication>

Aslo, please make sure that Gemini runs using.NET 1.1

The server set up is:
Windows 2003 Server, Web Edition, Service Pack 1
Intel Xeon 3Ghz with 1Gb of RAM
.NET framework 1.1
SQL Server 2000
We are using windows authentication, and have disabled anonymous access.

Users having problems have been using a variety of browsers including IE5, IE6, IE7beta, Firefox 1.0 and Firefox 1.5

I don't know much more than that, my IT manager won't be available for a couple of hours.
I would send you the error page from the Gemini System admin page, but it is a 29Mb file!!
The majority of it looks like this though:

Error MessageStack TraceAdditional Info.Dated SESSION loss detected (GetUserID) -- no User Identity!  16/03/2006 09:03:21 SESSION loss detected (GetUserID) -- no User Identity!  16/03/2006 09:03:21 SESSION loss detected (GetUserID) -- no User Identity!  16/03/2006 09:03:21 SESSION loss detected (GetUserID) -- no User Identity!  16/03/2006 09:03:21

This goes on for many pages, with errors generated every few seconds. There are also quite a lot of sections that look like this:


SESSION miss detected - key: PROJID  16/03/2006 08:34:54 SESSION miss detected - key: PROJID  16/03/2006 08:34:54 SESSION loss detected (GetCurrentProjectID)  16/03/2006 08:34:54 SESSION loss detected (GetCurrentProjectID)  16/03/2006 08:34:54 SESSION miss detected - key: PROJID  16/03/2006 08:34:54 SESSION loss detected (GetCurrentProjectID)  16/03/2006 08:34:54 SESSION miss detected - key: PROJID  16/03/2006 08:34:54 SESSION loss detected (GetUserID) -- no User Identity!  16/03/2006 08:34:54 SESSION miss detected - key: ISSUECURRENTPAGE  16/03/2006 08:28:52 Thread was being aborted. at System.Threading.Thread.AbortInternal() at System.Threading.Thread.Abort(Object stateInfo) at System.Web.HttpResponse.End() at System.Web.HttpServerUtility.Transfer(String path, Boolean preserveForm) at Gemini.Issues.BindData() at Gemini.Issues.PageLoad(Object sender, EventArgs e) 16/03/2006 08:08:28 Offset and length were out of bounds for the array or count is greater than the number of elements from index to the end of the source collection. at CounterSoft.GeminiBiz.7cdfe764c33c38b0.a91f976c95cc24f6(IssuesFilterEN b0f684c47236959a, Boolean d837775771246a3f, Int32 ac5137055166e071, Int32 1e9480f13fb31614, Int32& 22e1db4a340b6c7b, Int32& edea74ca49e15d4e, Int32& 76d6a884ce8de821) at Gemini.Issues.BindData() 16/03/2006 08:08:28 SESSION loss detected (GetUserID) -- no User Identity!  16/03/2006 07:14:32 SESSION loss detected (GetUserID) -- no User Identity!  16/03/2006 07:14:32

I am not sure about whether people are seeing the login dialog box, or whether it is the form that they are seeing, I'll find that out. I know that I see the login dialog, but then I am not having any trouble.

Meanwhile I have set the key ShowUserRegistrationLink to NO and:  Single-sign-on resumed working again! So at least for those couple of users who I asked to start up Gemini on their browsers no logon was required anymore. I hope that this accounts for all users as Paul states that this issue occurs only for a few users not for all.

Krischan

PS: Coming back to your post, Mark:

My authentication tag looked exactly like in your code snippet. Furthermore the Gemini virtual directory is configured to use .NET 1.1.

My setup is Win2003SP1, fully patched. 2GBRam

Framwork is 1.1 and 2.0 installed. 

I had exacrtly the same errors in my log as above  Session loss detected etc....

I was having the exact same problems as those in this thread, until i made the following change, now everything is working as expected with windows authentication.

<!-- AllowAnonymousUsers- Controls if anonymous users can access Gemini (e.g. no logon required)
    - If this is set to YES, then anyone can view and use Gemini without logging-in
  -->
  <add key="AllowAnonymousUsers" value="NO" />

I also turned off the anonnymous login option in IIS. Also, just a tip - make sure everyone is actually assigned to a project, and has some rights in that project! 

We have now made this change:
  <add key="AllowAnonymousUsers" value="NO" />
There are still quite a few errors being generated in the log, although I think not as many as before.
I think I may start a seperate thread about that as I am not convninced it is related to the Windows Authentication problem we were having (which seems OK now - touch wood).

I've now done the same and can report that Windows Authentication is working for the person that had a problem.

However, I am getting a lot of Session loss messages in the Error Log

Me too.
Loads of session loss errors. And also quite a lot of errors related to NVelocity

From the user's view Gemini has seemed to work fine again after I have set ShowUserRegistrationLink to No. Nevertheless the error log shows the same error messages the others posted in this thread.

From one day to the other the single-sign-on stop working again. I have then set the AllowAnonymousUsers key to no and things seem to work again.

Nevertheless I have got the impression that version 2.0.3 is not very stable (see the e.g. huge error logs). I am therefore missing a final statement by Countersoft whether this issue is classified as a bug and if so whether and when it is intended to provide a bug fix for this.

Thanks,

Krischan

I'm seeing problems running on a Dual Xeon, 2G RAM, Windows 2003 Server, IIS 6, SQL Server Std 2003, .NET 1.1

Very frustrating - on one site used worldwide, I had a System Error Log several hundred (Word) pages long after just a few hours.

We are looking into this. We can not replicate this at the moment but are doing our best to try and track it down. We will keep you updated.

If you want to disable these error (session loss detected) you can change the gemini_logerror stored procedure to not log these.

Here's another user having problems.

Upgraded from 2.0.1 to 2.0.3.  Was using Windows authentication previously, but now it doesn't work. 

Went through the config files line by line and made sure that all settings that existed in previous file were the same as in the current file.
Ensured that we were using Integrated Windows Authentication. 
Validated directory security.
Changed sessions to use an SQLServer session.
Cleared caches.
restarted IIS.
cleared cookies.
used Firefox and IE.
tried using forms authentication (it didn't work either--even using the domain\username).
change anoymous users to be true.
verfied that we're using case insensitive SQL Server (CI).

When I tried to register, it showed my username and password as domainname\username in lower case, but the usernames and passwords were stored as DOMAINNAME\Username.

<tounge in cheek>Try:  if Request.Credentials.CurrentUser.ToUpper()==DatabaseCredentials.ToUpper() and see if that fixes the problem.</tounge in cheek>

We've rolled the installation back to version 2.0.1 and it is now working again.

Please fix this error.

OK -  The problems I was having was because of MY operator error.

Thanks to Countersoft support for providing me w/ debug binaries which populated the error logs w/ a little more information.

My situation (intranet) is that over time (over 6 months), our network folks were slowly migrating user's Authentication (domain) servers.

I had modified gemini_getuserid() SPROC to manage a one-time change without creating a new (disruptive) user entry.   During this upgrade, I wrote scripts to "fix" all the tables.   I also "share" the 'users' table between sites (through a view).  I'd forgotten to finish the table fix-ups on one of the sites - this caused most of my problems.

We're still looking at error logs, but now things are MUCH better.

Stay tuned.

Yarko

[QUOTE]  When I tried to register, it showed my username and password as domainname\username in lower case, but the usernames and passwords were stored as DOMAINNAME\Username. [/QUOTE]

Just a point of data: In my server, this does not affect select/where clauses -

select * from dbo.users where username like 'domainname\%' 

would find both, and windows authentication works. 

Regards,

Yarko

Guys,

As you can see from the posts above (yarkot), we are working closely with a customer to fix these issues. We think that we have found the problem but would like to monitor things a bit more.

We hope to release a fix for this next week.

Yes, thanks - things are looking good (my 2.0.3 sites w/o fixes still has some  no user identity error logs; sites w/ fix+debug binaries completely quiescent on this), but I've asked Countersoft if they'd wait until I get positive confirmation from the several particular users worldwide.

Start of business next week, I should have response to my requests, and will share error logs, user feedback w/ Gemini folks.

Regards,

Yarko

Has a fix been created for this?  We are also using version 2.0.3 and experiencing intermittant loss of user rights.  I've tried all the things mentioned in the previous posts.

Thanks

Hi Marta,

We are working on a fix for this. We have a client who has kindly offered his help and we are working to resolve this issue. We should have the fix out next week.

Is there an update on this fix?  We are experiencing the same syptoms with v2.0.3.

Thanks,

Phil

2.0.4 release will be out by Friday the 12th of May.

I've been working with them over the past weeks, and it seems things are worked out, including issue w/ authentication.  I am going to check out a release candidate starting today/tonight to make sure things continue to be ok (we have over 1000 users).

I'll let Gemini folks speak for when they plan to make a release (Oh, Saar just did!).

If you have dire needs, you might ask to get the release candidate too - otherwise wait a few more days.

Kind regards,
Yarko

This may not be related to the problems others have on this thread, but anyway. We are using gemini 1.9.1 and I had a problem that gemini seemed to forget me, even though I checked the "remember me" option when logging in. I found out that this happens when my link points directly to http://server/gemini/Main.aspx instead of http://server/gemini/. After removing Main.aspx from my favorite fixed my problem.

OK, so I am experiencing the same problems that I see many people having here, and I've tried everything I see people here have also tried.  However, I have found in our case one thing that is interesting I haven't seen mentioned yet.  If I add an account to Gemini and I don't specify a password that user can log in just fine using their domain account password.  However, if I give the user a password, then try and unset the password so they can use their domain account password, I'm screwed.  First, the profile manager doesn't let you do it.  Second, when you do set USERS.PWD to NULL manually in the database, you just can't log in at all, forcing you to reset the password to something.

Has anyone else seen this behaviour?

Hopefully the patch due out this Friday will just magically fix everything. :-)

Gemini 2.0.4 has been released now: http://community.countersoft.com/forums/thread/1420.aspx

OK, well I have installed the upgrade and it hasn't resolved the problem.

The behaviour you describe sounds suspiciously like you have anonymous access still allowed.  Check some of the earlier posts in this thread.

SOME password is required by gemini, but ignored for win authentication - you can ignore that part of it.

If you're still having problems, you might want post the authentication part of your web.config here... I remember something that was not completely intuitive (and that had changed since 1.9.1) ....

"SOME password" is not required.  I can add a user and not provide a password -- it's currently the only way I can add users and have them use their AD account password.

I also have Anonymous Access disabled for the application in IIS.

FWIW, I do have AllowAnonymousUsers enabled, too, because if I disable it the application just breaks.

<authentication mode="Windows"/>
    <authorization>
    <deny users="?"></deny>
</authorization>

<add key="AllowAnonymousUsers" value="Yes" />

Your authentication section is missing:

<authentication mode="Windows">

<forms name="Gemini204" loginUrl="Default.aspx" timeout="60" path="/">

</forms>

</authentication>