ASP.Net Membership logging in successfully, then redirecting to login page

Question

We're having a load of problems with an ASP.Net Membership application at the moment.

For reasons that aren't relevant, we're using a MembershipProvider implementation that uses the old-style Web.config specified credentials and a RoleProvider that just allows everything (the RolesProvider may be the problem here!). This isn't something we can change, as it's a somewhat hacky workaround to some other issues we've been experiencing and we just want to get this minimal case working.

The MembershipProvider implementation is working beautifully and everything works fine when I test it on my machine. When I push it to the testing server, though, I authenticate successfully (and can see the cookie in the trace log), but then get bounced straight back to the login page, as can be seen with these entries from the trace log:

19   9/7/2010 5:50:03 PM   /login.aspx     302   POST   View Details
20   9/7/2010 5:50:03 PM   /Default.aspx   302   GET    View Details
21   9/7/2010 5:50:03 PM   /login.aspx     200   GET    View Details

Having added lots of Tracing to the code, that I genuinely am authenticating successfully:

protected override void OnInit(EventArgs e)
{
    base.OnInit(e);

    LoginControl.LoggedIn += new EventHandler(LoginControl_LoggedIn);
    LoginControl.LoginError += new EventHandler(LoginControl_LoginError);
}

void LoginControl_LoggedIn(object sender, EventArgs e)
{
    Trace.Write("LoginControl_LoggedIn", "Logged in successfully");
}

void LoginControl_LoginError(object sender, EventArgs e)
{
    Trace.Write("LoginControl_LoginError", "Failed to authenticate");
}

gives me:

LoginControl_LoggedIn   Logged in successfully   0.0044027241880433   0.000238

Having tried tracing in the Default.aspx that I get redirected to, not even the PreInit event fires.

I don't think it's the RoleProvider that's the problem, partly because it really is just saying yes to everything:

public override bool IsUserInRole(string username, string roleName)
{
    return true;
}

I've looked at SO:62013, Forums:1318557 and the blog post mentioned in SO:62013 and none of those makes any difference.

Any thoughts, anyone? I'm totally at a loss.

Answer 1

What version of IIS on the server?

Answer 2

Have you tried enabling .NET Framework source stepping in Visual Studio?

Tools > Options > Debugging > (uncheck) Enable Just My Code

and

Tools > Options > Debugging > Enable .NET Framework source stepping

You then have to import the .NET symbols from the Microsoft Symbol Servers, but it guides you through it. You might at least then be able to step through the base Role and Membership providers to see if they are doing the redirect.

This isn't really an answer (would have preferred to leave it as a comment, but don't have enough rep. yet)

Answer 3

Try working through the troubleshooting steps found here:

Troubleshoot Forms Authentication

Hopefully you find your problem there. The only other suggestion I have at the moment is disabling the role provider in the web.config (if possible) and trying it that way.