Last post Jul 28, 2018 03:09 AM by jimcpl100
Jul 26, 2018 01:32 PM|jimcpl100|LINK
I have a small ASP.net web app on IIS on Windows 2012 R2. It uses Form authentication and I mainly am using it to test authentication (I am a newbie).
I am having a strange problem. I have two local Windows users, test1 and test2. As far as I can tell, both users are configured exactly the same as far as group membership (both are local administrators).
So I log into a Windows machine as one of the local users and then I start IE11 and I access the test webapp, which is on a different, Windows 2012 R2 server and I attempt to login.
The problem I am seeing is that if I login as user test1, the login works and I see the target content, but if I login as the other user, test2, the login page just reappears.
From enabling debug in IE11, I can see that:
I am running each of these tests with the test user logging into the same Windows server locally, i.e., <MACHINE_NAME>\test1, etc.
I originally thought that it was because the users were different, but checking, e.g., looking at the IE settings after logging into the Windows machine as each user, everything looks the same same (in particular, the Privacy has "Accept cookies" checked
and also "Always accept session cookies"). I also have the gpedit.msc set to enable Turn off inprivate (and I tried disable also - doesn't seem to make a difference).
So I was running more tests with IE debugging and I also noticed something else. For the user that is failing to login, I see that when that user accesses the login page initially, I am also seeing two additional GETs for WebResource.axd and also a GET
Does anyone know what are those, and, why would those GETs be happening for only one user, but not the other? Also, could that be affecting the login and causing it to fail?
test1 (works) - does not get the WebResource.axd and usrtelemetry.asmx GETs
test2 (fails) - gets the WebResource.axd and usrtelemetry.asmx GETs
I am guessing that something is IIS or in the ASP.NET webapp is causing the difference, but I don't know what that might be.
Here is the web.config:
<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH" timeout="3000"></forms>
<deny users="?" />
The pages and web.config were mostly copied from a MS web page.
Jul 27, 2018 11:34 AM|mgebhard|LINK
Forms authentication has nothing to do with Windows Authentication or Windows users.
Make sure Windows auth is disabled in IIS and Forms Auth is enabled.
Jul 28, 2018 03:09 AM|jimcpl100|LINK
I checked the IIS config for the web app and is has:
Anonymous authentication - enabled
ASP.NET impersonation - disabled
Form authentication - enabled HTTP 302 Login/Redirect