ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,250 questions
Forms Authentication with DirectoryServices - Your login attempt was unsuccessful. Please try again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 11%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Shaheer Asar
1
Reputation point
A VB.NET application that I inherited authenticates users via Forms Authentication and System.DirectoryServices to query Active Directory using LDAP. The app was originally deployed to IIS 6 (Windows Server 2008) but was recently migrated to IIS 10 on a Windows 2016 server. After about 30+ successful logins/logouts, the error message appears for all users trying to login:
Your login attempt was not successful. Please try again
- I have been able to reproduce the issue by using a robotic process automation tool to login and logout about 50 times - at around the 30ish mark, the above issue is reproduced.
- When I recycle the app pool, the application begins to work normally again until the next time which may a couple of hours and some times days after
- The application pool is running as a service account that is a member of the IIS_IUSRS group and has Full Control folder permissions to the app's deployment folder in **Inetpub\WWWRoot** directory.
- There is also a config file in the /Account/ directory where the Login.aspx file resides.
Any help would greatly be appreciated.
web.config:
<configuration>
<configSections />
<connectionStrings>
<!--ApplicationServices entry below is not used - commented out and app still works-->
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" />
<!--Below connection string is used for application data -->
<add name="Test_DataBase" connectionString="data source=mydbname;USER ID=myuserid;PASSWORD=mypassword" providerName="Oracle.DataAccess.Client" />
</connectionStrings>
<appSettings>
<!---->
</appSettings>
<system.web>
<customErrors mode="Off" />
<compilation strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<!---->
<add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</buildProviders>
</compilation>
<authentication mode="Forms">
<forms name=".COOKAUTH" loginUrl="~/Account/Login.aspx" timeout="60" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
<sessionState mode="InProc" cookieless="false" timeout="40" />
<httpHandlers>
<add path="CrystalImageHandler.aspx" verb="GET" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304" />
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false" />
</httpHandlers>
<!--values below have been omitted-->
<machineKey decryptionKey="decrypt-key-value" validationKey="validation-key-value" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<add name="CrystalImageHandler.aspx_GET" verb="GET" path="CrystalImageHandler.aspx" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304" preCondition="integratedMode" />
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
<validation validateIntegratedModeConfiguration="false" />
<!---->
</system.webServer>
</configuration>
Login.aspx
Private Sub LoginUser_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles LoginUser.Authenticate
Dim path As String = GetLdapPath()
Dim strDomainandUserName As String = "domain\ " & UserId
Dim ADEntry As DirectoryEntry = New DirectoryEntry(path, UserId, LoginUser.Password)
Dim Searcher As New DirectorySearcher(ADEntry)
If LoginStatus = "Exist" Then
Try
Dim SearchResults As SearchResult = Searcher.FindOne
If SearchResults Is Nothing Then
e.Authenticated = False
Else
If Session("Authenticated") Is Nothing Then
Session("Authenticated") = "Authenticated"
End If
If Session("UserIDLogged") Is Nothing Then
Session("UserIDLogged") = UserId
End If
If Session("UserType") Is Nothing Then
Session("UserType") = UserType
End If
e.Authenticated = True
End If
Catch ex As Exception
Dim lbl As Literal
lbl = LoginUser.FindControl("FailureText")
Dim UserLogin As System.Web.UI.WebControls.Login = Me.LoginUser
Dim PasswordTextField As TextBox = CType(UserLogin.FindControl("Password"), TextBox)
If PasswordTextField IsNot Nothing Then
SetFocus(PasswordTextField)
End If
lbl.Text = "Invalid user name and password."
LoginUser.UserName = Nothing
e.Authenticated = False
End Try
Else
e.Authenticated = False
End If
End Sub
ASP.NET
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,840 questions
VB
VB
An object-oriented programming language developed by Microsoft that is implemented on the .NET Framework. Previously known as Visual Basic .NET.
2,569 questions
{count} votes
-
Shaheer Asar 1 Reputation point
2022-06-03T01:04:48.43+00:00 Other details - once the error message is hit:
- Procmon confirms that requests to the domain controller no longer go out from the w3wp.exe process
- Wireshark confirms that login requests are received at the network packet level (HTTP) ie.., POST requests (/Account/Login.aspx)
- Wireshark confirms that LDAP traffic no longer is found on the server (LDAP)
- Procmon confirms that there is no network activity by the process (w3wp.exe)
- Wireshark confirms that although there is TCP traffic from my computer to server, there is no TCP/network traffic activity logged in Procmon by w3wp.exe.
Sign in to comment