ASP.NET WebForms Authentication doesn't actually log in

Question

I'm working on a small website in IIS8 built in Visual Studio 2015 on ASP.NET 4.5 Webforms and using Identity 2.0. I generally followed https://www.asp.net/web-forms/overview/security/create-a-secure-aspnet-web-forms-app-with-user-registration-email-confirmation-and-password-reset and kept custom code to a minimum.

Randomly, a user logs in with correct username and password (no errors), but it doesn't actually log them in. There is a cookie stored according to Chrome, but all indicators show that the user is still anonymous. It happens on multiple computers and browsers, then the next day works just fine.

Web.config security for the pages in question:

<authentication mode="None"/>
<authorization>
    <allow users="*"/>
</authorization>

Edit: server reboot seems to temporarily fix the problem and all logins work fine. Before reboot, I know Entity Framework was still communicating with the database, because an incorrect password was denied with the proper response.

score 0 · Accepted Answer · edited May 23 '17 at 11:53

I eventually found an answer to this. Posting for anyone who might come across this in the future. Read ASP.NET_SessionId + OWIN Cookies do not send to browser for all the details involved.

Alexander Trofimov's answer (https://stackoverflow.com/a/37761687/7286942) was the simplest fix:

Just add this line before CreateIdentity method:

HttpContext.Current.Session["RunSession"] = "1";
var userIdentity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
_authenticationManager.SignIn(new AuthenticationProperties { IsPersistent = rememberLogin }, userIdentity);

ASP.NET WebForms Authentication doesn't actually log in

1 Answers1