1.4.5 Installed, but can't log in

Jan 13, 2009 at 4:26 PM
Hi all,

I have 1.4.5 installed in on a Win2003 Std Server, and configured the application to be .NET 2.0 and the App_Data directory to be R/W for the ASP.NET service account. I get to the home page, and click the login link, which loads the login form. Using the default admin/admin I click Log In and it takes me right back to the default.aspx page, but with no Admin panel, and still has a Log In link. If I use the wrong password, it tells me so, which means to me that it's working, but something is interfering with session cookies maybe? The server is a test web server, and the blog engine is installed to a subdirectory.

Any thoughts?

Thanks
Tony
Coordinator
Jan 13, 2009 at 5:00 PM
When on localhost and using IE (and also when on Windows Server), sometimes cookies are blocked.  When you're at your blog, in IE's status bar on the bottom right, it'll show you what 'zone' you're in.  It'll be the 'Internet' zone or 'Local intranet' zone or 'Trusted sites' or 'Restricted sites'.

If you double click on that zone in the status bar, it'll bring up the 'Internet Security' window -- which you can also get to under Tools -> Internet Options -> Security.  If you highlight the 'Trusted sites' zone at the top and click the 'Sites' button, you can add http://localhost as a website in the Trusted zone.  You may need to uncheck the box 'Require server verification (https:) for all sites in this zone' at the bottom.  Once this is done, when you're at your blog in IE, you should see 'Trusted sites' in the bottom right corner of the IE status bar.  And you should then be able to log into your blog.
Jan 13, 2009 at 5:05 PM
Hi Ben,

Thanks for the suggestion. I've tried logging in with the site in Trusted and Intranet zones. I've also changed the security level for each to try specific options. It won't log in even with the security level set to the lowest setting.

I do see the HTTP 302 Redirect status in the server logs, so I'm guessing it's something server-side ... I just don't know how to troubleshoot - I'm more of an admin than a developer.

Thanks
Tony
Coordinator
Jan 13, 2009 at 5:28 PM
If you have Firefox installed (or are allowed to install it on the server), you could try logging in with Firefox to see if that works and possibly help narrow down the reasons for these login problems.
Jan 13, 2009 at 5:38 PM
Thanks for the extra suggestions Ben - The same behaviour occurs in FireFox too, so it's definitely server-side.

Thanks
Tony
Coordinator
Jan 13, 2009 at 5:53 PM
I thought Firefox was going to work :-(

In Firefox, once you've logged in, if you click the little favicon to the left of the address bar (and to the right of the Homepage toolbar icon), something will pop up where you can click a 'More Information...' button.  Clicking that button will bring up the Page Info dialog (I guess you can get there by right-clicking on the page and selecting 'View Page Info' too).  If you go to the Security tab and click the 'View Cookies' button, the Cookies dialog window will open up, probably with 'localhost' already in the Search box at the top.  If not, then type 'localhost' at the top.  This should show you the cookies Firefox has for localhost.  If you're logged into BE, then you should see 2 cookies.  The cookie names are .BLOGENGINEROLES and .AUXBLOGENGINE.  If you click on each cookie, you can see the cookie information at the bottom of the window.  Do you see these 2 cookies?
Jan 13, 2009 at 6:00 PM
Hi Ben,

Thanks for the hints - I get the .AUXBLOGENGINE cookie, but not the .BLOGENGINEROLES cookie. Does that help?

Thanks
Tony
Coordinator
Jan 13, 2009 at 6:15 PM
Hmm... Offhand, I'm not sure why the .BLOGENGINEROLES cookie wouldn't be there.  In your web.config file in your blog's root folder, there's a <roleManager> section.  The line will probably look like:

<roleManager defaultProvider="XmlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">

You could try changing 'cacheRolesInCookie' to "false" and see if that works.

Although not shown above, there's an optional 'cookieTimeout' attribute that can be added.  It's very unlikely the cookie is timing out after 1 second.  But if you keep cacheRolesInCookie set to 'true', you could try adding cookieTimeout="30" in that line above which would be a 30 minute timeout.  Probably wouldn't make a difference though.  Hopefully just setting cacheRolesInCookie to 'false" will be a solution.
Jan 13, 2009 at 6:46 PM
Hi Ben,

Thanks for persisting with this, and your suggestions - it's been great seeing some of the under-the-hood options.

Turns out this was a conflict between the BE.NET authentication scheme and the custom authentication scheme our Intranet uses. One of the development team modified web.config files to allow the two mechanisms to co-exist.

Thanks again!

Regards,
Tony
Coordinator
Jan 13, 2009 at 6:52 PM
Glad you got it worked out ... good luck!
Feb 11, 2009 at 1:56 AM
what they do, I am having same issue