views:

265

answers:

2

This is a weird one. I have a WSS3 site, no MOSS, with a custom membership and role provider that authenticates against CRM. All the users have also been added to the site user list so once logged in they have correct display names.

On dev and stage everything works fine, but on UAT the users can't get past the login screen. The login screen is working, in that if you type an incorrect password for a user it comes back with the right message, meaning the custom provider is working fine. If you fill the login form in correctly you are immediately redirected straight back to the login screen, with the IIS logs showing that the login screen sent the authenticated user to the site and then was sent back. Setting the site to allow anonymous access shows that the user is not logged in on the site side after authenticating correctly.

The ULS logs show: The user does not exist or is not unique.
Found 1 trusted forests nzct.local. Found 0 trusted domains

Adding logging code to the site I have verified that the membership provider is correctly set, and can find the user when asked. Also, when accessing the site user list, I can find the SP user with the right name.

It just refuses to set the current user to be the authenticated user. Weird.

A: 

Have you checked the authentication provider/zone/alternate access mapping settings for staging? Any problems there will affect SharePoint methods but not standard .NET.

Are there any differences in permissions on staging, or is it on a different domain?

How did you add users to the site users list? EnsureUser won't do anything if the user is already there, and it would try to log on with a potentially invalid existing record.

Tom Clarkson
The setup is identical to staging, except the datasource of the authentication provider is the uat instance, and the urls are different. Providers and mappings are all the same.
Aquinas
A: 

After some 30+ unchargeable hours, the problem seems to be the url of the site /facepalm. Apparently IE/Sharepoint do not work well with urls that contain '_' characters, as in 'My_Site'. I don't know if this is WSS in general, or just FBA authentication, but understandably I am not in the best critical thinking mood right now :)

Why this was giving the error 'The user does not exist or is not unique' I have no idea. I imagine the dev team had their reasons, possibly part of some rite to their dark gods.

Aquinas