Environment: win2003 running IIS6 serving asp pages that call delphi code.
Delphi code contacts a c# webservice for which it needs to login (login.asmx). Webservice logs show login is successful. Debug results show that Context.User.Identity.IsAuthenticated returns true.
After login, delphi code doublechecks if it is still authenticated. Webservice returns false -> Context.User.Identity.IsAuthenticated returns false.
Our guess: authentication cookie received by delphi code running under IIS6 credentials (network service?) does not get saved to disk, so login is lost.
Filemon shows 'C:\WINDOWS\Temp\Temporary Internet Files' access denied. Giving IIS6 user admin rights on that folder fixes the problem, but is not acceptable since cookies should work by default.
Running IIS6 in IIS5 compatibility mode fixes the problem, but is also not preferred
Wanted solution: exact cause of problem and smallest modification possible in configuration (giving admin rights to IUSR is not an option)