I have an ASP.NET website on a WinServer2k8 machine, which is protetced through Forms Authentication. At the moment, if one person logs in on Machine A, all login attempts on Machine B will fail (A & B are using the same internet connection to access the server). The login request doesn’t return any errors, rather it simply redirects back to a login screen as though the authentication never happened. I would like to know how to configure this site either through IIS7 or a web.config file so that it will allow any number of simultaneous user sessions. All of the settings for the website are set to the IIS7 defaults. I’ve tried changing session-state modes, the Maximum sessions property, and the Forms Authentication settings in IIS7.
Any help is appreciated.
P.S. – I have also tested machines that are using a different IP Address for their internet connection and I am still unable to start a simultaneous session from that end as well.
P.P.S – If I attempt to start a session from a web browser on the server machine itself, it will work every time, regardless of who is logged in. Thoughts?
EDIT – I’m using Windows session credentials for authentication – the method used by the webpage back-end is LogonUser, which is imported from advapi32.dll
I discovered the source of my problem, and as it turns out, there was nothing wrong with the way I was using Forms Authentication.
The error, as it turns out was a timeout value for the authentication request that was too low for any machine to beat except for the very server that hosts the website. I modified the timeout value for the Forms tag in the web.config file from 5 to 5000 and that did the trick.
So what appeared to be a problem of the server mishandling sessions was actually just the inability of other machines to complete an authentication request in time. Thanks for your help anyway.