FormsAuthentication working in every browser except for IE

Question

This certainly is a strange one...

I have an ASP.net 4.0, C# website that has a login page using FormsAuthentication to handle user access. There's also code throughout the site that boots the user back to the login page whenever a session times out or something else that requires them to login again happens. This is all really basic stuff that I've done about a dozen times before.

I know this whole process is working, because I've been able to login to the site running through VS2010 on EVERY browser I tried. It also works perfectly fine when it's sitting on the development server using Chrome, Firefox, Safari (Mac), and two Cellphone browsers. The only thing I've had a problem with is Internet Explorer.

Now, this one is a bit hard to debug considering it works in IE locally but not on the server. The fact that it also works in other browsers on the server is also sort of ruling out a server configuration issue.

What I did to try and figure out where it could be going wrong was add a query string to my FormsAuthentication.RedirectToLogin("WhateverPage=WhateverSectionOfCode"); line to try and solve this. The problem is that when I run the site in IE, it never appends that Query String, which leads me to believe that it never hits any of those "RedirectToLogin" lines.

I know it authenticates, because the code that updates the Last Login timestamp in the database only fires if the user is authenticated. It looks as if the "RedirectFromLogin" line does go out and find the proper entry in the web.config...and it might actually be redirecting me, but even if it does, it always bounces me back to the login screen.

I've been through all of the really basic ID-10T errors (heh) that could possibly be causing this: Heightened security settings, disabled cookies, etc., but I'm getting the same results on multiple machines.

I'm really sort of stumped as to what to check for next. I've already had two other sets of eyes on the code, but they couldn't come up with any reason as to why this was happening. If anyone has any suggestions as to what could be happening, I'd love to hear them.

Thanks!

Answer 1

i think it is something about cookies..

did you set the domain attribute in the web.config?

<authentication mode="Forms">
  <forms loginUrl="~/login.aspx" name="cookiename" domain="domain.com" cookieless="UseCookies" slidingExpiration="true" timeout="60"/>
</authentication>

forms Element for authentication (ASP.NET Settings Schema)

Answer 2

I know this ticket is a bit old, but apparently IE can't set forms authentication on a domain with an underscore in the name. So if the issue appeared on a development server that was, say Dev_XP, then IE won't be able to set an authentication cookie.

That's what happened with me. Here's the link: http://orwin.ca/2012/02/09/formsauthentication-setauthcookie-not-working-in-ie-but-works-in-other-browsers/

This is the KB artical that outlines the issue http://support.microsoft.com/kb/316112