------------------------ PROBLEM ---------------------------------
I see the warning msg that "Forms authentication failed for the request. Reason: The ticket supplied has expired..........." in the event viewer once the applicadtion gets inactive.
------------------------ FINDINGS ---------------------------------
Our DEV environment is running under windows 2003 server, whose web server is IIS 6.0.
Comparing with IIS 5.0, IIS 6.0 introduced a new concept of application pool.
Each application pool runs in its own worker process (w3wp.exe) that contains a bunch of separate App Domains.
App Domain provides context in which an asp.net web application is running.
By default, when we setup an asp.net web application in IIS, its App Domain is under "DefaultAppPool" application pool.
In IIS 5.0, the work process (w3wp.exe) runs as the account of "MACHINE NAME/ASPNET",
but in IIS 6.0, it runs as the account of "NT AUTHORITY/NETWORK SERVICE".
Once the application pool is recycled, all of the App Domains under this pool will lost their state information, including the Form Ticket created to identity the logged user.
In this case, if the user tries to access the web application after the recycle, "NT AUTHORITY/NETWORK SERVICE" will put a new event entry into the system's event viewer,
since one of the responsibilities of "NT AUTHORITY/NETWORK SERVICE" is to generate security audits.
------------------------ SOLUTION ---------------------------------
1). Prevent "NT AUTHORITY/NETWORK SERVICE" from writing event log if the form ticket is expired.
From my viewpoints, it's not necessary to prevent this account writing the event log.
It's not the true reason that causes the intermittent slowness.
2). we can create a new Application Pool for each web application, so that other applications will not affect the key web application.
Because one application’s change will cause the application pool to recycle, and then all of the web applications will lost state information.
Please be noticed that the account of the new application pool must be within the IIS_WPG user group, otherwise we will get "Service Unavailable" error message.