Home » SQL Server

Windows authentication login form issue

Hi guys,

I have an application that requires windows authentication to login, the problem is that every time an user logs in under IE and win XP, the username is pre filled with the IP address of the server as instance and the username. I need to replace the server ip with  XXXX instance name instead of doing this manually.

Could anyone pleas help me out with this one?

Thanks in advance,



7 Answers Found


Answer 1

Hi gromikov,

it will work only when Windows Integrated Authentication is turned on and Anonymous Access is turned off.

Returns the Windows account that the user  is logged into

REMOTE_USER: Returns an unmapped user-name string sent in by the user

It will give the visitor IP address  and in cases this will be affected by firewalls and proxy servers of commercial companies

AUTH_USER: Returns the raw authenticated user name

Please check the following link:





Answer 2

 Hi  Hua-Jun Li,

I just specified windows  in the config file as authentication  mode and the login  form prompts when I try to access the website, The problem  is that for some IE users the login is matching the credentials with the server  (ip address/username) and not with the Instance (Companyname/username) as i am working on a corporate network I would like the users to login with the company domain (Companyname/username). This is working if thew users access the site trought mozilla or IE on win  7.


Thanks for your help,




Answer 3


This may be more of a client-side problem  than an asp.net problem.

Since the problem happens for some clients and not others, I wonder if this might be a case of the client saving the credentials.  Sometime when a users is prompted for credentials, there is the option to "save this password" and that could play a part in this type of problem.   Which version of IE is seeing the problem?  IE 6? IE 7?

Typically windows  integrated authentication  shouldn't prompt a client for credentials if that client is on a workstation that is joined to the same (or trusted) domain.  You may want to check to see which internet zone IE thinks the address  is in.  Which zone shows up in IE when the problem is reproduced?

Ideally you'll want the website to be set in IE's "local intranet" zone.  Also ideally the IE client should have the default setting of "Automatic logon only in Intranet Zone." 


For IE7 or IE8 you might try clearing passwords to see if that makes any difference.

Internet Explorer 8
To remove a stored password or other stored information in Internet Explorer 8:

1.From the Tools menu, select Internet Options.

2.On the General tab, under "Browsing history", click Delete... .

3.Check the item(s) you want to delete:

?Temporary Internet files (copies of web pages, images, and media that are saved for faster viewing)
?History (the lists of web sites you have visited)
?Form data (saved information you have typed into forms)
?InPrivate Filtering data (saved data used by InPrivate Filtering to detect where web sites may be automatically sharing details about your visit)
To delete everything, uncheck Preserve Favorites website data and check all the other options.

4.Click Delete.
Internet Explorer 7
To remove a stored password or other stored information in Internet Explorer 7:

1.From the Tools menu, select Internet Options.

2.On the General tab, under Browsing history, click Delete... . You now have several options:

?To delete temporary Internet files (copies of web pages, images, and media that are saved for faster viewing), click Delete files... .
?To delete cookies, click Delete cookies... .
?To delete the history (the lists of web sites you have visited), click Delete history... .
?To delete form  data (saved information that you have typed into forms), click Delete forms... .
?To delete passwords, click Delete passwords... .
?To delete all of the above, click Delete all... .
3.Click OK twice.



For IE6 you might experiment with http://support.microsoft.com/kb/229940 - How to disable Internet Explorer password caching.   "When you try to view a Web site that is protected with a password, you are prompted to type your security credentials in the Enter Network Password dialog box. If you click to select the Save this password in your password list check box in this dialog box, the computer saves your password so that you do not have to type the password again when you try to use the same document. This behavior is known as password caching."




Answer 4

This is working if thew users access the site trought mozilla or IE on win  7.

There are three reasons why experts advise not to use windows  Authentication. The reasons are:

• It’s tied to Windows users.

• It’s tied to Windows client machines.

• It doesn’t provide much flexibility or control and can’t be customized easily.

I'd elaborate only the second one which may be related to your problem:

The second problem  is that some of the authentication  methods that IIS uses require users to ave compatible software on their computers. This limits your ability to use Windows authentication for users who are using non-Microsoft operating systems or for users who aren’t using Internet Explorer.

Best of luck. I hope you'd find a good solution.


Answer 5

If the clients are part of the same domain as the servers, and the clients are connected to that domain, Windows Integrated authentication  is a great thing.  High recommendations for it under these conditions.

But if the clients are coming across the www without a VPN connection, I'd tend to recommend the website be set to use anonymous authentication (if the intent is for everyone to reach it of course) or basic authentication (if the clients have valid UN and PW for an account either on that local server  or an account in the active directory) protected by SSL.


Answer 6

Thank you all for your replay


The problem  is that the server  is part of xxx1 domain and the users are coming from xxx domain, so when the users try to login, the form is pre  loading domain xxx1, so once clicking ok, the login  form will prompt again showing  on the username  field : xxx1/username and not xxx/username. However if I manually  change thedomain name from xxx1 to xxx the application  will login just fine.

Does anyone know a way to set xxx as default domain? 


Thanks in advance,



Answer 7

If the iis website were set to use basic authentication, yes.  This can be set in the advanced properties of the IIS manager.  

If it is set to use windows  integrated authentication, no.

But if it is using windows integrated authentication, and your client machine is part of a domain that is trusted by the domain your web server  is on, you probably shouldn't be prompted for credentials at all.  This assumes that there is a trust in place.  This also assumes that your IE client has the address  it is browsing to in its local intranet zone list.  It also might assume that certain firewalls have certain ports open. 

Is the website (from the IIS perspective, not the web.config perspective) using Integrated authentication  only?

And is the address you're browsing to recognized by the IE client as being part of the local intranet zone?

If you click CANCEL when prompted for authentication, do you get a 401.2 error or a 401.1 error?




I just recent added another authentication provider for form authentication. i am able to log in and browse around the site with the permission i gace my test SQL authenticated user however.... the first time i log in every time i recieve access denied on thefirst subsite of my main site, all i need to do is simply hit "go back to site" and it takes me to where i want to go. This happens ONCE with what ever user i initally log in as. I am able to from there log in as any other user with no other issues until i reopen the browser.

Recap: Inital access denied on main sites subsite(not my search center site)

Hit "go back to site" and it takes me to where i want to go

happens every time i open a new browser(firefox, Ie) once it fails once its fine till i reopen the browser.


Any help or thoughts would be appreciated im banging my head on this.




Please be advised I have followed the steps on http://donalconlon.wordpress.com/2010/02/23/configuring-forms-base-authentication-for-sharepoint-2010-using-iis7/. I have tried to fix the following issue for a week using different farms and SharePoint 2010 installations, however I am getting the following error when trying to authenticate using Forms Based into a Claims site:

Cannot get Membership Provider with name FBARoleProvider The membership provider for this process was not properly configured. You must configure the membership provider in the .config file for every SharePoint process.

1. I am certain the membership provider is configured in the SecurityTokenServiceApplication webservice as I can manage users and roles in IIS7 using the SecurityTokenServiceApplication website.

2. I am certain that membership provider is configured in the both the Claims Web Application and Central Admin as I can manage users and roles in IIS7 using their websites.

3. I know the issue is the SecurityTokenServiceApplication service as I had to set <serviceDebug includeExceptionDetailInFaults="true" /> to get the error above.

4. I can log into the Claims Based Application using windows authentication, however I am unable to see the users on the people picker despite that I can see them from the application's site on IIS and the fact that I added <add key="FBARoleProvider" value="%" />
      <add key="FBAMembershipProvider" value="%" /> to the <PeoplePickerWildcards> tag.

5. The Sharepoint Account for all involved application Pools is the same and it has full permissions to the FBA users database.

6. Weird enough I confirmed everywhere that FBARoleProvider is a SqlRoleProvider and that FBAMembershipProvider is a SqlMembershipProvider, and not the other way around.

I am just short of creating my own STS service, and I am hoping someone has encountered this issue before.



I am using authentication mode="Forms" with ldap, i manage to login and logour fine but when user 1 is logged and when user2 logs, user1 gets the user2 session. Any idea why this might be happening? Here is some code:

     <authentication mode="Forms">
            <forms name="login" loginUrl="Login.aspx" />
            <allow roles="auditor"/>
            <allow roles="approver"/>
            <allow roles="user"/>
            <deny users="?"/>
        <identity impersonate="true"/>

protected Boolean ValidateUser(String strUsername, String strPassword)
            //Return true if the username and password is valid, false if it isn't
            ExpensesWebsite.LDAP aLDAP = new ExpensesWebsite.LDAP();
                return (aLDAP.Authenticate(strUsername, strPassword));
                //    lblError.Text = "Binding successful.";
                    //  FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);

               // }
               // else
               // {
               //     lblError.Text = "Username found, wrong password.";
               // }

            catch (Exception ex)
                lblError.Text = "* Incorrect username or password";
                return false;
        private String AssignRoles(String strUsername)
            //Return a | separated list of roles this user is a member of
            if (txtUserName.Text == "ahmadk")
                return "bigboss";
                return String.Empty;

        protected void btnLogon_Click(object sender, EventArgs e)

            if (ValidateUser(txtUserName.Text, txtPassword.Text))
                String strRole = AssignRoles(txtUserName.Text);

                //The AddMinutes determines how long the user will be logged in after leaving
                //the site if he doesn't log off.
                FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
                    txtUserName.Text, DateTime.Now,
                    DateTime.Now.AddMinutes(30), false, strRole,
                Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
                Session["LoggedIn"] = "Yes";

                lblError.Visible = true;


Many thanks in advance

Here's an issue I didn't see coming for our forms based authentication users. 

We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...

Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com

When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.

How do we fix this? 


Hi all !

Okay, my question is related to http://social.msdn.microsoft.com/Forums/en/messengerconnect/thread/8c79ebba-59de-48be-b308-db139ad430c3 but the thread is closed, so I suppose I have to open a new one.

To clarify my project :

I have my own logon form and the SSO is working fine, but I need a Live token for my user to access to other Live application without login again.

What I am trying to do is to avoid the login process by microsoft (consent UI ) but use my custom logon form instead, then get a verification code and integrate the code you sent from  http://msdn.microsoft.com/en-us/library/ff752581.aspx

I managed to get the verification code using the OAuth Wrap Exemples. Could I use this unique code for my application, or will it be subject to changes ? I suppose : No, because each verification code is affected to one unique user. And if I get a token, it is actually the token of this user. Is there a way to get a verification code for all my users ?

It is maybe not the best way to do it.

Is this possible to make my own logon form and use it with Windows Live ?

thanks for your help



What do I need to do in order to change an application from Forms Authentication to windows authentication?


Hi everyone,

I am not sure if this is the correct forum - apologies in advance - I could not identify where it should go!

I have an ASP.NET Web Application that uses Forms Authentication using System.Web.Security.ActiveDirectoryMembershipProvider for signing on using Windows credentials.  This works nicely and is solid.

The problem I have is connecting to SQL Server.  I need to be able to connect to SQL Server using Windows Authentication (trusted_connection=yes or Integrated Security=SSPI).  This is critical so I can record the user that created/last modified specific records and also to collect "Task-based" records that are relevant to the currently authenticated user.

I have tried Google and a tonne of variations of web.config entries, using Win API to impersonate etc...  The only way that I could make it happen was to:-

1. Use the web.config entry:  

(please entry at the bottom of the post.  For some reason it won't go into the right spot in this post!)

2. Log on specifically as the user specified in the above web.config entry.  If I log on as anyone else (ie Authenticate as anyone else), then SQL server simply gets the ASPNET service account as the Windows user.

I have laboured over this for hours upon hours.  I really would appreciate some assistance.

Thanks in Advance,



"<identityimpersonate="true" username="DOMAIN\User" password="thepassword"/>"

 I want to change the skin(means change the colours) of the login page of forms authenticated sharepoint site. Please reply me ASAP as it is a high priority task for me.
I was given this REST WCF Web Services (VS2008) deployed in virtual machine.  There is a login form authentication when I hit the web service URL (e.g. http://www.test.com/myservice.svc)
I want to create an application client in java to access this web service.  However, I'm not sure how to go about doing this.
So I've tried to change the Authentication to "None" in IIS (ASP.NET Configuration Settings).
When I enter the above URL, the login form is no longer there.
But if I want to "drill down" to a specific entity, there is no data returned (e.g. http://www.test.com/myService.svc/Address)
Note that when the web service is running with login form authentication, http://www.test.com/myService.svc/Address returns a list of address entities.
1. Why does it behave this way?
2. What can I do to get away with the login form authentication so that it'll return the list of addresses?
3. Or any suggestion how my application client should handle the login form authentication. Note: client app is written in Java.



I have succeeded in setting up SharePoint foundation 2010 to use forms authentication with anonymous access enabled but am having some problems accessing my site from the internet. Running locally on the server everything works fine. From the internet the site displays for the anonymous user but when I try to sign in the following message is displayed:

The Web application at http://<serverurl>/SitePages/Home.aspx could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application

The actual url when this error occurs is http://<serverurl>/_login/default.aspx?ReturnUrl=/_layouts/Authenticate.aspx%3fSource%3d%252FSitePages%252FHome%252Easpx&Source=/SitePages/Home.aspx


http://<serverurl>/SitePages/Home.aspx is the initial page that displays fine as an anonymous user so the message is clealy misleading. I suspect that I need to set some permissions that will allow an internet user to access the login screen but am not sure why this would have different permissions from other content.

Any thoughts?


Hey Guys,

I am trying to use HTTPWebRequest to login to a site and then retrieve the page after login. However, it seems as if I can't get past the login. I also investigated with Fiddler and tried mimicking Fiddler almost completely and still no luck.

Any idea what I am doing wrong?




Dim webRequest As HttpWebRequest
Dim responseReader As StreamReader
Dim responseData As String
Dim postData As String = "login=testexpert@yahoo.com&password=testexpert"
Dim cookies As CookieContainer = New CookieContainer()
Dim requestWriter As StreamWriter

'post form data to page
    strUrl = "https://www.ideeli.com/login"
    webRequest = HttpWebRequest.Create(strUrl)
    webRequest.Method = WebRequestMethods.Http.Post
    webRequest.ContentType = "application/x-www-form-urlencoded"
    webRequest.CookieContainer = cookies
    webRequest.ContentLength = postData.Length

    requestWriter = New StreamWriter(webRequest.GetRequestStream)

'recieve cookie

'now we send the cookie
    webRequest = HttpWebRequest.Create("http://www.ideeli.com")
    webRequest.CookieContainer = cookies
    responseReader = New StreamReader(webRequest.GetResponse.GetResponseStream())
    responseData = responseReader.ReadToEnd()
    strRequestedHTML = responseData

Catch ex As Exception
    ErrorLabel.Text += "<br />There was an error going to this site: " + strUrl + "<br> Error: " + ex.Message
End Try




Hi, good day,

i have a web application called, Universal Login System, by its name, it is the one and only Login page that all of our users is login in whenever they need to access one or more web application. this is how it happen, e.g. the user types the URl www.uniuser.com then he logs in then if authenticated, a list of links of allowed application for the user will be displayed, then when the user click on application1 he will be redirected to www.application1.com

what i want to do is in the web.config of the application1, i would like to place these codes. will this be possible?

<authentication mode="Windows">




We have sharepoint 2007 site deployed on Windows server 2008, IIS 7.0.  We extended the web application to enable forms based authentication referring to link http://msdn.microsoft.com/en-us/library/bb975136(office.12).aspx#MOSS2007FBAPart1_Intro, we selected Kerberos instead of NTLM, behavior is like, when user tries to login into the site using OOB login.aspx, user again gets redirected to the login page.

We tried to extend the web application again but this time we selected NTLM, but this time farm account (also is application pool identity) is not able login and exhibits same behavior as above, but for other users we are able to login.

Has anyone come across this behavior? can anyone please guide me in correct the behavior?





my scenario is: Single Sign-on Within a Sub Domain (two virtual directories under the same sub domain)

I've setup both sites using the same forms authentication info in my web.config. both sites have the same machine key's as well.

I sign into site1. i click a link that directs to site2.

site2 still redirects me to the login page, however on the login page I test HttpContext.Current.User.Identity.IsAuthenticated and it returns true. I also tested on site2's login page to pull the ticket's information and it's pulling everything.

so it looks like SSO is working as far as sharing the authentication ticket, yet I cannot figure out why it still puts me on the login page?

site 1: https://mysub.mydomain.com/site1/

link in site1 that directs to site2: site 1: https://mysub.mydomain.com/site2/mypage.aspx

any ideas? appreciate any help someone could give.



I have successfully enabled and set up FBA (Forms Based Authentication) on my SharePoint 2010 Foundation server. The thing is that I need to customize the look and feel of the login page. I have successfully customized the page (and master page) to look the way I want, however, when I try to log in, I get the following error/message on the page:
"Forms Based Authentication on classic Web applications has been deprecated".

What I've done:
Made copies of /_layouts/simple.master and /_layouts/login.aspx and renamed the copies. The markup in the master page is MUCH simpler than the original, but I've kept all the ContentPlaceholders that I don't use (most of them) in a hidden <asp:Panel at the bottom of the page.

I've changed the web.config file:
<authentication mode="Forms">
      <forms loginUrl="/_layouts/loginCustom.aspx" />

So, I'm not getting any errors on the page until I try to log in. When I use the default settings (login.aspx and simple.master) it works just fine (but damn that page looks ugly!).

Does anyone know what I might be missing?

Update: I believe the reason it doesn't work is because my custom login aspx is not part of the Claims Based Web Application (because it's sitting in the 14 hive). So the question is how to get around this?

Anybody? Please!





 I just created a small site with form authentication with route handling.  Without forms authentication, the pages route just fine.  With forms, it returns back to the login page as it is not one of my allowed locations specified in my web.config file.


I know I probably need to write a custom route handler.  Does anyone have an example I can follow for this?  Thanks.


I can login in locally using the development server, but after uploading the files- including MySql.Data.dll and MySql.Web.dll - to my hosting server I can't. There is no errors, it just won't login. I can get records from my database, so I know it's not the connection.

Here is my Web.config

<?xml version="1.0"?>

    <clear />
    <add name="LocalMySqlServer" connectionString="server=db_server_name;database=tempdb;user id=user_name; password=my_password" providerName="MySql.Data.MySqlClient" />

    <customErrors mode="Off"/>

    <membership defaultProvider="MySQLMembershipProvider">
        <clear />
        <add connectionStringName="LocalMySqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" name="MySQLMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=, Culture=neutral, PublicKeyToken=c5687fc88969c44d" autogenerateschema="true" />
        <clear />
        <add name="MySQLProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider, MySql.Web, Version=, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/" />
    <roleManager enabled="true" defaultProvider="MySQLRoleProvider">
        <clear />
        <add connectionStringName="LocalMySqlServer" applicationName="/" name="MySQLRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=, Culture=neutral, PublicKeyToken=c5687fc88969c44d" autogenerateschema="true"/>
	<authentication mode="Forms" />

  <compilation debug="true" strict="false" explicit="true">
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Generic"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>


      <clear />
      <add name="MySQL Data Provider" invariant="MySql.Data.MySqlClient" description=".Net Framework Data Provider for MySQL" type="MySql.Data.MySqlClient.MySqlClientFactory, MySql.Data, Version=, Culture=neutral, PublicKeyToken=c5687fc88969c44d" />





Hi all

I have cuccessfully implemented Form Bases authentication, when user clicks on login button a pre defined login page is shown.

i want my own customized page should be shown up wheneve user clicks on "Login" button.

Is it possible?



We have created a sharepoint site with Commerce server site deployed on it.  We have deployed Extensitblity Kit of CS 2009. This site has Form and windows based authetication. Then we have extended that site to intranet zone so new iis site was created.

Problem we are facing is as and when we are logging in with form based authentication, user is getting authenticated but page is redirecting again to signout.aspx page asking to close the brower". windows based authentication is working fine. Also Extended site is also not working facing the same problem of login/logout cycle.

Please Advice.


Siddharth Vaghasia




I have a question regarding SharePoint Foundation 2010 and backup / restore jobs...

I'm doing nightly farm backups using PowerShell:

Add-PsSnapin Microsoft.SharePoint.PowerShell
Set-location $home
Backup-SPFarm -Directory \\same-server\***** -BackupMethod Differential

This morning I decided to try and restore a single web application, just to make sure it works. In Central Administration I selected the latest farm backup and then selected the node for the Web Application and choose restore (using option: Same configuration) because it's the same server. Restore process went fine, no failure messages, and I can see that it has restored the content I deleted for testing.

BUT when I enter the site. I'm presented with a Login page (that you would see if you have also configured Forms Authentication for the same zone, which I have not) and the drop down box show two options: "Windows Authentication" and "Windows Authentication". Both let me use windows credentials to login so basically the login page is pointless and it wasn't there before.

I should note: The Web Application was and is configured to use Claims Based Authentication and for Windows Authentication: Kerberos. Nothing for forms. Default sign in page. And I was never presented with this redundant login page before the restore.

Anyone knows why this could be happening and how to solve it??



<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure