Problem with forms authentication

Discussion in 'General troubleshooting' started by Equilibrium, Mar 14, 2011.

  1. I have my web site which I published on
    I use forms athentication on my web site.
    It works fine when I run it on localhost or on the servers of another hosting company but here it does not work at all and I don't understand why.
    Previously I used to have this kind of problem when publishing the web sites but I resolved it by adding machineKey section to my web.config.
    Now I already have this marchineKey section but the problem still remains...
    Although the problem is a bit different from what I used to have:
    It's not that I get logged in for 1 min and then it logs me off. For some reason it's like I'm not logged at all, even for 1 min! Although the password, etc is 100% correct and I can log in when I run this app on my localhost using the database of Winhost.
    Any help in resolving this issue is welcome. Thanks in advance.
    Last edited by a moderator: Oct 14, 2015
  2. Ray


    Do you have a URL and a way we can test this? Also give us instructions on how we can go through the test and create or make up a new test user for us to use.
  3. Equilibrium:

    You said that you solved a previous problem by adding machineKey to your web.config.

    What problem were you having that this solved? Because I'm having a problem where I login, i stayed logged in for 2-3 minutes and then I get kicked out right away? Is that what was happening to you?
  4. Ray


    It sounds like your application pool is being recycled. Here are the conditions set in place to protect the server from a single web application consuming all of its resources.

    1) More than 20 minutes of idle time (no http request in 20 minutes)
    2) The application uses more than 100 MB of memory for the Basic plan and 200 MB of memory for the Max and Ultimate plan.
    3) The application uses more than 70% of CPU resources for more than 5 minutes
  5. Me too

    Hello all,

    I'm having this trouble as well. And yes, my app pool is being recycled.

    I'm storing session state in SQL. The session is fine. My problem sounds the same and seems to be to do with the client's cookie being rejected by forms authentication after a recycle.

    This person discusses the issue, and in their case setting a machineKey worked fine [1].

    I'm still researching this issue and will post back here if I find anything useful.


  6. Got it

    Try setting a machineKey in your Web.config file. I had exactly what you described and this was all it took to fix the issue for me.

    The reason this works, as far as I can tell, is because your site needs a consistent cryptographic key between recycles. Winhost can't set one for the whole machine, as otherwise multiple websites would have the same key which wouldn't be secure. This key is used to encrypt the cookie sent to visitors, and consequently ensure it's the same user when they return. This relates to forms authentication, and is distinct from session state.

    You can use IIS manager to generate machine keys on your local machine then copy them over. It writes them directly into your Web.config file.

    Hope that helps.
    Last edited by a moderator: Oct 14, 2015
  7. Ray


    Last edited by a moderator: Oct 14, 2015

Share This Page