Forms Authentication with DirectoryServices - Your login attempt was unsuccessful. Please try again.
A VB.NET application that I inherited authenticates users via Forms Authentication and System.DirectoryServices to query Active Directory using LDAP. The app was originally deployed to IIS 6 (Windows Server 2008) but was recently migrated to IIS 10 on a Windows 2016 server. After about 30+ successful logins/logouts, the error message appears for all users trying to login:
Your login attempt was not successful. Please try again
- I have been able to reproduce the issue by using a robotic process automation tool to login and logout about 50 times - at around the 30ish mark, the above issue is reproduced.
- When I recycle the app pool, the application begins to work normally again until the next time which may a couple of hours and some times days after
- The application pool is running as a service account that is a member of the IIS_IUSRS group and has Full Control folder permissions to the app's deployment folder in **Inetpub\WWWRoot** directory.
- There is also a config file in the /Account/ directory where the Login.aspx file resides.
Any help would greatly be appreciated.
web.config:
<configuration>
<configSections />
<connectionStrings>
<!--ApplicationServices entry below is not used - commented out and app still works-->
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" />
<!--Below connection string is used for application data -->
<add name="Test_DataBase" connectionString="data source=mydbname;USER ID=myuserid;PASSWORD=mypassword" providerName="Oracle.DataAccess.Client" />
</connectionStrings>
<appSettings>
<!---->
</appSettings>
<system.web>
<customErrors mode="Off" />
<compilation strict="false" explicit="true" targetFramework="4.0">
<assemblies>
<!---->
<add assembly="Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.ReportViewer.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</assemblies>
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</buildProviders>
</compilation>
<authentication mode="Forms">
<forms name=".COOKAUTH" loginUrl="~/Account/Login.aspx" timeout="60" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
<sessionState mode="InProc" cookieless="false" timeout="40" />
<httpHandlers>
<add path="CrystalImageHandler.aspx" verb="GET" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304" />
<add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false" />
</httpHandlers>
<!--values below have been omitted-->
<machineKey decryptionKey="decrypt-key-value" validationKey="validation-key-value" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<handlers>
<add name="CrystalImageHandler.aspx_GET" verb="GET" path="CrystalImageHandler.aspx" type="CrystalDecisions.Web.CrystalImageHandler, CrystalDecisions.Web, Version=13.0.2000.0, Culture=neutral, PublicKeyToken=692fbea5521e1304" preCondition="integratedMode" />
<add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
<validation validateIntegratedModeConfiguration="false" />
<!---->
</system.webServer>
</configuration>
Login.aspx
Private Sub LoginUser_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles LoginUser.Authenticate
Dim path As String = GetLdapPath()
Dim strDomainandUserName As String = "domain\ " & UserId
Dim ADEntry As DirectoryEntry = New DirectoryEntry(path, UserId, LoginUser.Password)
Dim Searcher As New DirectorySearcher(ADEntry)
If LoginStatus = "Exist" Then
Try
Dim SearchResults As SearchResult = Searcher.FindOne
If SearchResults Is Nothing Then
e.Authenticated = False
Else
If Session("Authenticated") Is Nothing Then
Session("Authenticated") = "Authenticated"
End If
If Session("UserIDLogged") Is Nothing Then
Session("UserIDLogged") = UserId
End If
If Session("UserType") Is Nothing Then
Session("UserType") = UserType
End If
e.Authenticated = True
End If
Catch ex As Exception
Dim lbl As Literal
lbl = LoginUser.FindControl("FailureText")
Dim UserLogin As System.Web.UI.WebControls.Login = Me.LoginUser
Dim PasswordTextField As TextBox = CType(UserLogin.FindControl("Password"), TextBox)
If PasswordTextField IsNot Nothing Then
SetFocus(PasswordTextField)
End If
lbl.Text = "Invalid user name and password."
LoginUser.UserName = Nothing
e.Authenticated = False
End Try
Else
e.Authenticated = False
End If
End Sub