Why can't users authenticate after deploying locally the ASP.NET 4.6 application to the IIS 10 server?

Question

User1270286679 posted

In my ASP.NET Web Forms application I am using ASP.NET Identity 2.2 for the membership system. The Development stage works as expected. Users get authenticated and have access to different areas of the website according to their roles. After the deployment to the IIS 10 local server the authentication is overturned. The login is successful and, yet, the user does not authenticate. The Login page loads once again empty and fresh. I know that the login is successful through some test I've made with a literal created right before the redirect. This is the Login method: protected void LogIn(object sender, EventArgs e) { if (IsValid) { // Validate the user password var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>(); var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>(); List<ApplicationUser> us = manager.Users.ToList(); foreach (var user in us) { textSuccess.Text += user.UserName + ": "; foreach (var role in user.Roles) { textSuccess.Text += role.RoleId + ", "; } } // This doen't count login failures towards account lockout // To enable password failures to trigger lockout, change to shouldLockout: true var result = signinManager.PasswordSignIn(Email.Text, Password.Text, true, shouldLockout: false); switch (result) { case SignInStatus.Success: panelSuccess.Visible = true; IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response); break; case SignInStatus.LockedOut: Response.Redirect("/Account/Lockout"); break; case SignInStatus.RequiresVerification: Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}", Request.QueryString["ReturnUrl"], RememberMe.Checked), true); break; case SignInStatus.Failure: default: FailureText.Text = "Înregistrare eșuată"; ErrorMessage.Visible = true; break; } } } What should I do? Could there be something wrong about the OWIN configuration for the integrated pipeline?

Answer 1

User-693045842 posted

Hi ,

Have you debugger your application to confirm the parameters values in each line ?

Answer 2

User1270286679 posted

That text appears on my page, because textSuccess is a Literal... And, yes, the result is correct. But when the redirect to the default URL should happen, the authentication fails.

Answer 3

User-2057865890 posted

Hi Naomilonescu,

1.Make sure Forms Authentication is enabled for your website in IIS.

2.Make sure your Web.Config settings looks something like this: 

<authentication mode="Forms">
   <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx" 
   protection="All" path="/" timeout="30" />
</authentication> 

3. Deny access to the anonymous user in the <authorization> section as follows

<authorization>
   <deny users ="?" />
   <allow users = "*" />
</authorization>

Best Regards,

Chris