In my ASP.NET Web Forms application I am using ASP.NET Identity 2.2 for the membership system. The Development stage works as expected. Users get authenticated and have access to different areas of the website according to their roles.
After the deployment to the IIS 10 local server the authentication is overturned. The login is successful and, yet, the user does not authenticate. The Login page loads once again empty and fresh. I know that the login is successful through some test I've made with a literal created right before the redirect. This is the Login method:protected void LogIn(object sender, EventArgs e)
{
if (IsValid)
{
// Validate the user password
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var signinManager = Context.GetOwinContext().GetUserManager<ApplicationSignInManager>();
List<ApplicationUser> us = manager.Users.ToList();
foreach (var user in us)
{
textSuccess.Text += user.UserName + ": ";
foreach (var role in user.Roles)
{
textSuccess.Text += role.RoleId + ", ";
}
}
// This doen't count login failures towards account lockout
// To enable password failures to trigger lockout, change to shouldLockout: true
var result = signinManager.PasswordSignIn(Email.Text, Password.Text, true, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
panelSuccess.Visible = true;
IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
break;
case SignInStatus.LockedOut:
Response.Redirect("/Account/Lockout");
break;
case SignInStatus.RequiresVerification:
Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}",
Request.QueryString["ReturnUrl"],
RememberMe.Checked),
true);
break;
case SignInStatus.Failure:
default:
FailureText.Text = "Înregistrare eșuată";
ErrorMessage.Visible = true;
break;
}
}
}
What should I do? Could there be something wrong about the OWIN configuration for the integrated pipeline?
Eventually, after going all possible paths in search for a resolution, I have discovered that the problem was with the configuration of the Cookie Authentication. I'll post the reason here for any miserable researchers.
In the Startup.Auth.cs file, I had :app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login.aspx"),
CookieSecure = CookieSecureOption.Always,
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
来源:https://stackoverflow.com/questions/37698917/why-cant-users-authenticate-after-deploying-locally-the-asp-net-4-6-application