I have an ASP.NET 4.0 application that works well under the development machine (WXP), using IE8. When I transfer the hole project to the windows 2008 R2 server (IIS7, .NET Framework 4.0 and ASP.NET 4 are running on it) and start the web-application (on the
local browser IE9 on the web server) it runs fine, too.
But in the network (intranet) the application is getting crazy, even in the development machine, When I access the first page I got the login page (it's ok), but when I try to access it on the second page under a subfolder, I got the login page again!, it is
losing the authenticated user session.
I realized that only with pages under subfolder is losing authenticated user session.
The application uses Forms Authentication.
I have discovered that the site runs ok on FireFox (client and server)
Can anyone give me a hint on what the problem could be?
So it works fine on firefox but no IE? I'd run some network traces to see if (or moreover why) the forms auth cookie is not being issued or delivered back to the website.
I'm running Fiddler to see this, but honestly I don't have any clue how to decypher this
BrockAllen
I'd run some network traces to see if (or moreover why) the forms auth cookie is not being issued or delivered back to the website.
But the question, Why doesn't it work with subfolder ?. Default.aspx, about.aspx & contact.aspx are under root directory and I can see them good after the authentication, but when I want to see any page under any subfolder, it send me to the login page again
for each of them in each subfolders
Another thing, what's wrong with IE on the client side?, on the local browser IE9 on the web server it runs fine, too.
So first thing is to check if the cookie is sent on every request even to those pages where you're redirected. I have a feeling that it is. The next thing is to then find out is if the cookie is being read correctly, so this means seeing if User.Identity.Name
is correctly populated from the cookie. Then if that's working then I suspect it's some authorization issue since you're getting redirected back to login. I just don't know why it'd work in FF but not IE.
Try changing <forms cookieless="AutoDetect"> to: <forms cookieless="UseCookies">. I want to try to get IE to use cookies and in any event, cookieless authentication is dangerous. Once you've made this change and it doesn't work, then I'm guessing it's a
configuration issue with the browser not accepting cookies from your website, given that FF works.
Ok, using "UseCookies", with IE8 I can't sign in and it doesn't show any message, it stays in login page, FF works fine.
How can I fix this?
BrockAllen
Once you've made this change and it doesn't work, then I'm guessing it's a configuration issue with the browser not accepting cookies from your website, given that FF works.
tonycompu
Member
2 Points
11 Posts
App losing the authenticated user session with IE8/9
Nov 09, 2012 06:16 PM|LINK
I have an ASP.NET 4.0 application that works well under the development machine (WXP), using IE8. When I transfer the hole project to the windows 2008 R2 server (IIS7, .NET Framework 4.0 and ASP.NET 4 are running on it) and start the web-application (on the local browser IE9 on the web server) it runs fine, too.
But in the network (intranet) the application is getting crazy, even in the development machine, When I access the first page I got the login page (it's ok), but when I try to access it on the second page under a subfolder, I got the login page again!, it is losing the authenticated user session.
I realized that only with pages under subfolder is losing authenticated user session.
The application uses Forms Authentication.
I have discovered that the site runs ok on FireFox (client and server)
Can anyone give me a hint on what the problem could be?
BrockAllen
All-Star
28052 Points
4996 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 06:20 PM|LINK
So it works fine on firefox but no IE? I'd run some network traces to see if (or moreover why) the forms auth cookie is not being issued or delivered back to the website.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 06:29 PM|LINK
Correct
I'm running Fiddler to see this, but honestly I don't have any clue how to decypher this
But the question, Why doesn't it work with subfolder ?. Default.aspx, about.aspx & contact.aspx are under root directory and I can see them good after the authentication, but when I want to see any page under any subfolder, it send me to the login page again for each of them in each subfolders
Another thing, what's wrong with IE on the client side?, on the local browser IE9 on the web server it runs fine, too.
BrockAllen
All-Star
28052 Points
4996 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 06:35 PM|LINK
So first thing is to check if the cookie is sent on every request even to those pages where you're redirected. I have a feeling that it is. The next thing is to then find out is if the cookie is being read correctly, so this means seeing if User.Identity.Name is correctly populated from the cookie. Then if that's working then I suspect it's some authorization issue since you're getting redirected back to login. I just don't know why it'd work in FF but not IE.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 08:00 PM|LINK
Ok, this is what I got:
BrockAllen
All-Star
28052 Points
4996 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 08:02 PM|LINK
Are you configured to use cookieless forms auth?
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 08:09 PM|LINK
I tested in 3 different clients, 2 with WXP IE8 and 1 with W7 IE9 and the same thing
Server with IE9 works fine!
Firefox works well everywhere, server and clients
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 08:10 PM|LINK
My web.config:
<authentication mode="Forms">
<forms slidingExpiration="true" timeout="30" cookieless="AutoDetect" protection="All" loginUrl="~/Account/Login.aspx" defaultUrl="default.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users = "*" />
</authorization>
<membership defaultProvider="SAASqlMembershipProvider">
<providers>
<clear/>
<!-- Add a customized SqlMembershipProvider -->
<add name="SASqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="SAConnectionString" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="SAWebApp" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression=""/>
</providers>
</membership>
<roleManager enabled="true" defaultProvider="SASqlRoleProvider" cacheRolesInCookie="true" createPersistentCookie="false" cookieProtection="All">
<providers>
<add name="SASqlRoleProvider" type="System.Web.Security.SqlRoleProvider" applicationName="SAWebApp" connectionStringName="SAConnectionString"/>
</providers>
</roleManager>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.web>
<customErrors mode="Off"/>
</system.web>
BrockAllen
All-Star
28052 Points
4996 Posts
MVP
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 08:45 PM|LINK
Try changing <forms cookieless="AutoDetect"> to: <forms cookieless="UseCookies">. I want to try to get IE to use cookies and in any event, cookieless authentication is dangerous. Once you've made this change and it doesn't work, then I'm guessing it's a configuration issue with the browser not accepting cookies from your website, given that FF works.
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
tonycompu
Member
2 Points
11 Posts
Re: App losing the authenticated user session with IE8/9
Nov 09, 2012 09:01 PM|LINK
Ok, using "UseCookies", with IE8 I can't sign in and it doesn't show any message, it stays in login page, FF works fine.
How can I fix this?