troubleshoot authentication error

Question

Symptom:
Some users cannot successfully POST, most can successfully POST.
When the error occurs, users are redirected to the site's Shared/Error page.

Technologies used:
IIS v6
Windows Server 2003
asp.net v3.5
asp.net mvc framework v1.0
jQuery
linq
sql server 2005

Authentication: Windows with the AspNetActiveDirectoryMembershipProvider
Here's a snippet of the web.config:

<authentication mode="Windows"/>
    <membership defaultProvider="AspNetActiveDirectoryMembershipProvider">
 <providers>
         <add name="AspNetActiveDirectoryMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider,&#xA;                 System.Web, Version=2.0.3600.0, Culture=neutral,&#xA;                 PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnString" connectionUsername="" connectionPassword=""/>
     </providers>
    </membership>

Here's the link from the view that kicks off the Save
<a href="javascript:void(document.frmCurrentLineItems.submit())" title="Saves this month only">Save This Month</a>

Here's some of the jQuery based javascript:

$("form#frmCurrentLineItems").submit(function() {
    submitView(this);
    return false;
});

function submitView(form) {        
    $.ajax(
            {
                type: form.method,
                url: form.action,
                data: $(form).serialize(),
                dataType: "html",
                error: function(error) {
                    alert(error);
                }
            }
        );
}

Here's part of the controller method:

[AcceptVerbs(HttpVerbs.Post)]
public ActionResult CurrentLineItems(FormCollection thisForm)
    // Get the forecast from the session
    BusinessLogic.ForecastBL thisForecast = (BusinessLogic.ForecastBL)HttpContext.Session["ForecastMetaData"];

        if (thisForecast != null)
        {
            // Run the save to db stuff here
            return View("CurrentLineItems", ViewData["LineItemSummary"]);
        }
        else
        {
            return Redirect("../Shared/Error");
        }

A note abt the above code...I'm pretty sure that pulling the forecast object out of the session is not causing the error, at least I'm assuming it's not because the session has expired, because the users that cannot save, cannot save when they open the page and then immediately attempt to save.

The class also has these attributes:

[HandleError]
[Authorize]
public class ForecastController : Controller
{

The site has, in IIS properties, in Authentication Methods:
Enable anonymous access unchecked and Integrated Windows Authentication checked.

Here's a look at the IIS log from a user that is experiencing this issue:

466 2009-04-28 16:41:15 W3SVC1100645706 192.168.10.22 POST /Forecast/CurrentLineItems - 443 - XX.XX.XX.XX Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+GTB5;+.NET+CLR+1.1.4322) 401 1 0
467 2009-04-28 16:41:15 W3SVC1100645706 192.168.10.22 POST /Forecast/CurrentLineItems - 443 DOMAIN\username XX.XX.XX.XX Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+GTB5;+.NET+CLR+1.1.4322) 302 0 0
468 2009-04-28 16:41:15 W3SVC1100645706 192.168.10.22 GET /Shared/Error - 443 - XX.XX.XX.XX Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+GTB5;+.NET+CLR+1.1.4322) 401 1 0
469 2009-04-28 16:41:16 W3SVC1100645706 192.168.10.22 GET /Shared/Error - 443 DOMAIN\username XX.XX.XX.XX Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+GTB5;+.NET+CLR+1.1.4322) 404 0 0

Here's those same lines stripped down for hopefully better readability:
2009-04-28 16:41:15 POST /Forecast/CurrentLineItems - 443 - XX.XX.XX.XX 401 1 0
2009-04-28 16:41:15 POST /Forecast/CurrentLineItems - 443 DOMAIN\username XX.XX.XX.XX 302 2009-04-28 16:41:15 GET /Shared/Error - 443 - XX.XX.XX.XX 401 1 0
2009-04-28 16:41:16 GET /Shared/Error - 443 DOMAIN\username XX.XX.XX.XX 404 0 0

Just noticed that all the POST requests look like the above...except the successful one's return a 200 on the second POST...

So how do I determine what is causing the first POST above...the one that is making it to the web server without the DOMAIN\username info and getting a 401 error?

Also why the 302 error?

Seems like I'm asking for two POSTS...but I don't quite grasp why the browser is sending two POST requests? (of course...I suspect my code, but can't quite figure out why.)

Any troubleshooting methods to help track down the above errors would be appreciated.

Am taking a look now at Troubleshooting HTTP 401 errors in IIS Edit....this didn't really help w/my issue

Answer 1

The first 401 you are getting back is part of the NTLM authentication scheme, it is how IIS handles windows authentication. A request is made, it returns 401, so it tries again passing the NTLM authentication information.

So your first post comes in, gets a 401, then retries with authentication and gets a 302. This is your redirect to your error page. Then your error pages get a 401, tries again and gets a 404.

So you have two issues, the first is some type of error in your controller. It could be the null check redirect or it could be another error, are you logging your errors? Also, I would throw an exception instead of redirecting..then your handleError logic should kick in and handle it for you.

The second is that it looks like your error page doesn't exist or your routing is messed up.

Answer 2

Changing the link to an input button/element seems to have solved this issue...
<input type="submit" value="Save This Month" title="Saves this month only" class="submitBtn"/>

Since the input button is inside the form I want to submit...it hits the Post controller action and saves the data then displays the view...