gbriknownissues

Cancel Edit [WikiEntry.PreviewButtonText] Save

Global Bank Reference Implementation Known Issues



Known Issue: Use of the Page Controller pattern means that each .aspx view is derived from a Global Bank specific controller class rather than System.Web.UI.Page. Trying to view the .aspx page without first compiling the solution will result in the following error:
“The file could not be loaded into the Web Forms designer. Please correct the following error and then try loading it again: Unspecified error. Make sure all of the classes used in the page are built or referenced in the project. Click Help for more information.”
Resolution: Clear the VSWebCache by deleting the following folders from
<System Drive>\Documents and Settings\<login account>\VSWebCache\<Machine Name>:
		   [AccountStatementService]
		   [AuthenticationService]
		   [BillPaymentService]
		   [BillSubscriptionService]
		   [ExternalInvestmentFundSystemService]
		   [FundsTransferService]
		   [GlobalBank]
		   [TransactionLogService]
Build the GlobalBank.sln solution file in Visual Studio .NET 2003.


Known Issue: Session Timeout due to user inactivity: When the session times out after 20 mins (default) of inactivity the user should be redirected to the login screen but we see an error stating the request could not be processed. The page redirection does not happen in this case as ASP.NET uses the forms authentication ticket expiration to redirect the users to the login screen. Since by default the forms authentication ticket expiration is set to 30 mins, the ticket would not have expired and hence you will be allowed to access the web page. The session state information is cleared on session time out (set to null). The session state is where the user name required to access data from the service is stored. Since this information is null and is passed to service we are getting an exception from the services layer. This is shown as a friendly error message to the user.

Resolution: There are 2 different approaches to fix the issue
* We set the “timeout” on the “forms” element to be the same as that on “timeout” attribute on the “sessionState” element so ASP.NET automatically redirects the user to login page. With this approach you will run into the issue mentioned in the next known issue where the return Url does not match what we expect and the user will have to open a new browser session to log into the site.
OR
* The application takes on the responsibility to check for the required data in the session state and if it is not there then remove the forms authentication ticket and redirect the user to the login page. This would mean more responsibility on the application but you can control the return url hence will not run into the countermeasure mentioned in 2. This is the recommended approach as there is always a possibility of sync issues with the first approach.


Known Issue: To counter the URL redirection threat, we added a security countermeasure where we allow only "/GlobalBank/Default.aspx" as the URL from which redirection can happen. This ensures that the URL cannot be faked and credentials for the users of the online bank cannot be obtained maliciously by attacker.
This countermeasure has two implications:
* Session Timeout by changing the system date forward: When the session times out due to change of system date inactivity, the user is redirected to the Login screen. The redirection URL is different than what we expect and due to this countermeasure, the user will not be able to use the same browser session to login to the site again. The user will need to open a new browser session.
* Bookmark URL: If a user book marks a URL, for example the Bill Payment page, and then tries to access the site using the book marked URL, the user will not be allowed to enter the online banking site. The reason for this is that the redirection URL will be different than what we expect.


Known Issue: Event log entry with the error message "Requested Registry Access Is Not Allowed" when you run the Global Bank RI and an error occurs.

Resolution: Please read the following Knowledge base article from Microsoft Support about this issue

http://support.microsoft.com/?id=329291

Use the "First Approach" and if you are using the "Second Approach" then the code in step #5 needs to be modified where you specify the Event Log Source to be "ReferenceArchitecture" 

		 using System;
		 using System.Diagnostics;
		 using [System.ComponentModel;]
		 using System.Configuration.Install;
	

		 namespace [EventLogSourceInstaller] 
		 {
		 	[RunInstaller(true)]
		 	public class [MyEventLogInstaller] : Installer
		 	{
private EventLogInstaller myEventLogInstaller;

public MyEventLogInstaller()
{
//Create Instance of EventLogInstaller
myEventLogInstaller = new EventLogInstaller();

// Set the Source of Event Log, to be created.
myEventLogInstaller.Source = "ReferenceArchitecture";

// Set the Log that source is created in
myEventLogInstaller.Log = "Application";

// Add myEventLogInstaller to the Installers
// Collection.
Installers.Add(myEventLogInstaller);
}
}
		 }

Follow the instructions in the Knowledge Base article for running this code.



Please see the Shadowfax Wiki for EDRAKnownIssues pertaining to the Enterprise Development Reference Architecture (EDRA).

Back to GlobalBankWiki.
Cancel Edit [WikiEntry.PreviewButtonText] Save
Microsoft Communities