skip to Main Content

We have an ASP.NET web forms application that uses forms authentication that authenticates and logs in properly while used locally in the Visual Studio.

However, when trying to deploy the site into a Windows 2016 with IIS server, you can no longer login to a site, it would always redirect back to a login page despite the fact that the authentication was successful

I tested the authentication on the server by outputting into a log, and it showed true using this code

            bool val1 = (System.Web.HttpContext.Current.User != null) && System.Web.HttpContext.Current.User.Identity.IsAuthenticated;

In the web config I tried to account for every script like it is suggested in this post

Here is our authentication logic

       bool isCookiePersistent = false;
        FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
                    txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(15), isCookiePersistent, groups);

        //Encrypt the ticket.
        string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

        //Create a cookie, and then add the encrypted ticket to the cookie as data.
        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

        //Add the cookie to the outgoing cookies collection.

Here is the authentication section in the web.config

<authentication mode="Forms">
  <forms loginUrl="login.aspx" name="adAuthCookie" timeout="15" path="/"/>
  <deny users="?"/>
  <allow users="*"/>
<identity impersonate="false"/>

Here is the screenshot of the authentication setting in the IIS

enter image description here

Can some one help how to stop the redirection back to a login page?

We use .NET 4.8



  1. Chosen as BEST ANSWER

    Found the solution, I had to remove this line from Web.config

    <httpCookies requireSSL="true" />

  2. In the web config file have you tried specifying the defaultUrl attribute?

     <authentication mode="Forms">
      <forms loginUrl="login.aspx" name="adAuthCookie" defaultUrl="index.aspx" timeout="15" path="/"/>
      <deny users="?"/>
      <allow users="*"/>
    <identity impersonate="false"/>
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top