.NET表单身份验证不起作用

Question

I have an issue with my .NET application and it can only be reproduced sometimes and only on client's location, which makes it extremely difficult to resolve. In the application the forms authentication is used. There is a login page to which every anonymous user is redirected. After user enters username and password, it redirects to DefaultURL or some predefined page. The problem is that sometimes when user enters correct username and password, it doesn't login, instead it just refreshes the login page without any error messages. After several tries of inputing username and password, user is able to login to the system.

See my login page Submit_Click code below:

    Dim userName As String = tbUsername.Text
    Dim password As String = tbPassword.Text
    Dim returnUrl As String = Request("returnUrl")

    If IsValidated() Then
        FormsAuth.SignIn(userName, False)

        If password = WebConfigurationManager.AppSettings("PasswordDefault") Then
            FlashMessage.ErrorMessage("You have default password """ & password & """. Please change it")
            Response.Redirect("~/ChangePassword.aspx")
        End If
        If Not String.IsNullOrEmpty(returnUrl) Then
            Response.Redirect(returnUrl)
        Else
            If Roles.IsUserInRole(userName, Constants.SOME_ROLE) Then
                Response.Redirect("~/Forms/SomePage.aspx")
            Else
                Response.Redirect("~/Default.aspx")
            End If
        End If
    Else

    End If

UPDATE:
I checked the windows Event Viewer and it has the following events:

Event Type: Information
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1315
Date: 4/29/2010
Time: 11:55:56 AM
User: N/A
Computer: TWDWEB1
Description:
Event code: 4006
Event message: Membership credential verification failed.
Event time: 4/29/2010 11:55:56 AM
Event time (UTC): 4/29/2010 3:55:56 PM
Event ID: 9e5aea5a6d6b4f7a96fc38a334d181dd
Event sequence: 26
Event occurrence: 4
Event detail code: 0

Application information:
Application domain: /LM/W3SVC/1/Root/DataManipulationsService-1-129170192766483624
Trust level: Full
Application Virtual Path: /DataManipulationsService
Application Path: F:\\Development\\DataManipulationsService\\
Machine name: TWDWEB1

Process information:
Process ID: 7948
Process name: w3wp.exe
Account name: NT AUTHORITY\\NETWORK SERVICE

Request information:
Request URL:
Request path:
User host address:
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\\NETWORK SERVICE

Name to authenticate: xxxxxx

Custom event details:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .

Answer 1

What do you mean by "client location". Do you mean logging in from the client's machine (to the same web server as you would from any place else) or do you mean that they have their own copy of the website?

Without knowing the answer to that question, the first thing I would suggest is that if you're running from a web farm, you need to ensure that the machineKey element in the web.config file is set and is identical on each of the servers in the web farm.

Answer 2

Add a try/catch block around the signin() call. If that call is failing due to some misconfiguration on your client's system, you can expose the error to the user or log. Perhaps is the code doing any exception handling that could be burying the error?