Hi,
We have a SharePoint 2013 implementation in which our web application is using Forms Based Authentication (FBA).
There are 2 servers in the farm. A web front end server that resides in a DMZ and a SQL server that resides within the corporate network. A firewall separates them.
We are using the SQLMembershipProvider
We are using SQL Authentication to connect to the FBA database.
We created a custom FBA sign in page because there was a requirement to force the user to change their password after their first successful login.
It works but the problem we face is that, intermittently, it takes 20 seconds or more to complete the sign in process. This is not associated with AppPool or IIS resets.
The code in question is:
private void SignInUser()
{
SecurityToken token = SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url),
GetMembershipProvider(SPContext.Current.Site),
GetRoleProvider(SPContext.Current.Site),
_userName,
_password, SPFormsAuthenticationOption.None);
SPFederationAuthenticationModule fam = SPFederationAuthenticationModule.Current;
if (null == fam)
{
throw new ArgumentException(null, "FederationAuthenticationModule");
}
fam.SetPrincipalAndWriteSessionToken(token, SPSessionTokenWriteType.WriteSessionCookie);
SPUtility.Redirect(System.Web.Security.FormsAuthentication.DefaultUrl, SPRedirectFlags.UseSource, this.Context);
}public static string GetRoleProvider(SPSite site) {
// get role provider of whichever zone in the web app is fba enabled
SPIisSettings settings = GetFbaIisSettings(site);
return settings.FormsClaimsAuthenticationProvider.RoleProvider;
}public static string GetMembershipProvider(SPSite site)
{
// get membership provider of whichever zone in the web app is fba enabled
SPIisSettings settings = GetFbaIisSettings(site);
if (settings == null) return null;
return settings.FormsClaimsAuthenticationProvider.MembershipProvider;
}The code which takes the time is:
fam.SetPrincipalAndWriteSessionToken(token, SPSessionTokenWriteType.WriteSessionCookie);
From my understanding this line of code does the following:
- Invokes the OnSessionSecurityTokenCreated method to raise theSessionSecurityTokenCreated event
- Invokes the AuthenticateSessionSecurityToken method onSPFederationAuthenticationModule.Currentto set the thread principal and then write the session cookie.
Some other points to note are:
- This 20 second login time also occurs for the default sharepoint fba page (/_forms/default.aspx)
- It does not occur on a standalone dev machine.
For me this would indicate the bottleneck is network related.
Any help would be much appreciated.