I am having trouble with the PasswordRecovery control on my .NET 4 Web Forms app. I am using the ASP.NET Membership Provider and Forms Authentication. I am running IIS7 on Windows 2008R2 servers.
Everything works fine when the app is running on a Win2K8 server inside my company network, but when the app is deployed to Rackspace or a client Win2K8 box, my ResetPassword.aspx page gets a 302 "Object Moved" response, then redirects to my Login.aspx page, and does not send the Reset Password email.
Here's what Fiddler reports:
Here's the Response Headers detail from Fiddler:
I have all the Login and Password pages in the standard Account directory with it's own web.config:
Here's the web.config for the Account directory:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
Here are the web.config sections for the app (I shortened them where appropriate):
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="~/Account/Login.aspx"
defaultUrl="~/"
protection="All"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
</authentication>
<membership defaultProvider="MyCustomMembershipProvider">
<providers>
<clear />
<add connectionStringName="MyString"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
applicationName="/"
name="MyCustomMembershipProvider"
type="MyCustomMembershipProviderType" />
</providers>
</membership>
<authorization>
<deny users="?" />
</authorization>
I don't believe that this is an SMTP problem, as I can successfully ping the mail server and port using telnet on the Rackspace box, but I still get the 302 when I run the ResetPassword page. Also, everything works fine on servers inside my company network.
Also, the Account directory has full permissions on the Rackspace server.
I checked this SO answer, which offers solutions of fixing the web.config to allow anonymous access to the page that is getting the 302, but my Accounts folder allows all access to every page in there. The other solution in that answer has to do with turning off the <modules runAllManagedModulesForAllRequests="true"> in my web.config, which I am not sure applies here, since I am not using MVC Routing. (I'd be happy to be corrected on this, though!)
Are there some file permissions or user permissions on the Rackspace server that I need to look into, or am I missing something in my web.config?
I am facing a very close client deadline on this, so I could really use some help. Thanks!
UPDATE. More code posted by request:
PasswordRecovery Control Markup is here:
<asp:PasswordRecovery ID="PasswordReset"
runat="server"
EnableViewState="false"
ClientIDMode="Static"
RenderOuterTable="false"
onverifyinguser="OnVerifyingUser"
onsendingmail="OnSendingMail">
<UserNameTemplate>
<!-Here is there is just two Label and Input pairs.
One pair for user email, one pair for their db instance -->
</UserNameTemplate>
</asp:PasswordRecovery>
OnSendingMail function is here:
protected void OnSendingMail(object sender, MailMessageEventArgs e)
{
e.Message.Subject = "MySubject";
e.Message.IsBodyHtml = true;
e.Message.Body = "ItsHtmlInRealLife";
}