Application Pool + Domain User + Windows authentication - bug?

From: Nagyp?l G?bor (gnagypal_at_gmail.com)
Date: 02/24/05 

Date: 24 Feb 2005 13:20:16 -0800

Hello!

(Sorry for my english.)

We doing the stability test of our ASP.NET application, which has COM
components at client side.
For the succesful COM component testing, we created the AUTO POST
version of the application, where every page is atomatically posted to
forward. This works fine on Windows 2000, but on Windows Server 2003
the Windows Authentication is going to crazy after the lot of page
post.
Now I identified the reason, and i created a sample mini app, which
reproduces this error.

Situation:

Environment:
- Windows 2000 or Windows 2003 domain
- Server: Windows Server 2003, domain member
- Client: Windows XP or Windows Server 2003 (but _not_ the Server
machine), domain member
- This is a simple one page application (see attachment). The test
page is refreshed (posted) after 0.7 second.

Steps:
- Copy RefreshTest.aspx file to IIS folder
- Create IIS application for this folder.
- Disable Anonymous Access for this application - only Windows
authentication must enabled
- Create Application Pool for this application with domain user
indentity. The domain user must be in IIS_WPG group, and
servicePrincipalName must set in Active Directory (for Kerberos)
(see
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/ca_cfgwrkridentity.asp
)
- Client: Internet Explorer 6.0, logged with domain user
- Set the appropriate Intrenet Explorer settings:
-- trusted sites zone: Server url
-- settings for trusted sites zone:
--- Active Scripting - Enabled
--- User authentication - Logon : Automatic logon with current
username and password
-- Advanced Tab: Security - Enable integrated Windows authentication -
enabled
- Start the RefreshTest.aspx page in IE

After 500 or 1000 or 2000 or 3000 page post, the Windows
authentication is going to crazy, and the user authentication form is
showing. If I type the good account information, the authenticaion
fails.
Variations:
A) if explorer closed and opened, the authentication is good. (1
server)
B) server is glued in this state, and the Windows authentication
remain bad for _all_ clients (2 server).
At this point, I don't know, which is the magic trick, what can i do
to repare the Windows authentication for this server. I tryed to
remove IIS, remove from domain, delete appl pool, delete site, but it
has no effect

The trigger reason: application pool identity is domain user. If I
changed the identity to Network Service, the bug is solved (except B
variation!).

Regards
G.

RefreshTest.aspx
-----------------------------------------------------------------
<html>
<head>

<script language="C#" runat="server">

    protected void Page_Load(Object sender, EventArgs e)
        {
                try
                {
                        lblTime.Text = DateTime.Now.ToString("u");
                        lblUser.Text = System.Threading.Thread.CurrentPrincipal.Identity.Name.ToString();
                        lblCount.Text = Request.QueryString["count"];
                }
                catch(Exception ex)
                {
                        lblError.Text = ex.ToString();
                }
    }
        
    void btRefresh_Click(Object sender, EventArgs e)
      {
                try
                {
                        string count = Request.QueryString["count"];

                        if (count == null || count.Length == 0)
                        {
                                int i = 0;
                                count = i.ToString();
                        }
                        else
                        {
                                int i = int.Parse(count);
                                i++;
                                count = i.ToString();
                        }
                        
                        Server.Transfer("RefreshTest.aspx?count=" + count);
                        
                }
                catch(Exception ex)
                {
                        lblError.Text = ex.ToString();
                }
      }
        
</script>

<script language=javascript>

function autoTest()
{
        document.all.item("btRefresh").click();
}

</script>
    
<script language=javascript event=onload for=window>

        window.setTimeout("autoTest()", 700);
        
</script>
        
</head>
  <body>
    <form id="Form1" method="post" runat="server">
                <h1>Test Page</h1><br>
                Count:<asp:Label id=lblCount runat="server"></asp:Label><br>
                Last refresh time:<asp:Label id=lblTime
runat="server"></asp:Label><br>
                Client user:<asp:Label id=lblUser
runat="server"></asp:Label><br><br>
                <asp:button id=btRefresh runat="server" Text="Refresh"
OnClick="btRefresh_Click"></asp:button><br>
                <asp:Label id=lblError runat="server"
ForeColor="red"></asp:Label><br><br>
     </form>
  </body>
</html>
--------------------------------------------------