Global.asax called dozens of times/second by same IP

Question

I noticed in my custom application log that I had 600 requests to Global.asax within a few minutes, while no other users were using the application. They all came from an IP address of a known application user, so I don't think it's an attack of any kind. I generate log entires in a custom SQL Server database at the entrance of every public sub or function, so I can see where requests are coming from.

I was wondering if anybody has seen something like this before, or would know why either IE or IIS/ASP.NET might exhibit this sort of behavior. I don't see any corresponding entries in any event logs, and even more strange, I don't even see a single request from this user in the IIS logs themselves. Any thoughts?

NOTE: this happened only once, a few days ago, and was over a few minutes after it started. It happened during business hours for that user (England), but after-hours for us, so it's likely he was the only user in the application at the time.

Answer 1

I've seen this happen with forms authentication, if the denied user doesn't have access to the login failed page, this will trigger another redirect to the login fail page, etc. MSIE will do the redirect thing forever, Firefox will yield a "this redirect won't ever finish" error. The only code that will execute is the OnAuthenticate event in the global.asax

Since it is a common configuration error for forms authentication, I wouldn't be surprised.