My company has a web application hosted on a client's machine that uses forms authentication in ASP.net. When visiting the website http://www.client.com/Application and trying to authenticate on the login page the user gets redirected back to the login page. When accessing it via http://localhost/Application the authentication works fine and the user is able to get into the site. We cannot replicate this behavior in our development environment so we're pretty sure it has something to do with their server/environment.
The problem only happens when using Internet Explorer (tested with ie 6, 7, 8). When the client tries to get on with firefox, the authentication works fine.
I created a debug page that the logon page redirects to after a call to FormsAuthentication.SetAuthCookie that displays information about the authentication cookie. When hitting it in Internet Explorer, the authentication cookie does not exist. When hitting it in FireFox it does.
Has anyone encountered something like this before or have any suggestions about what could be the problem?
EDIT:
Web.config
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
<!-- Page used to display authentication cookie information -->
<location path="AuthDebugPage.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
LogOn.aspx.vb
If (adAuth.IsAuthenticated(Domain, txtUserName.Text, txtPassword.Text)) Then
Dim AuthDebug As Boolean = System.Configuration.ConfigurationSettings.AppSettings("AuthDebug")
If AuthDebug Then
FormsAuthentication.SetAuthCookie(SystemUserName, False)
Response.Redirect("AuthDebugPage.aspx")
Else
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False)
End If
End If
The admin of their domain looked through the group policy to see if they were pushing anything down to their nodes that prevented users from accepting cookies on IE and he didn't find anything. He also took a machine off the domain and cleaned it of all group policy and still had the same trouble authenticating in internet explorer.
I had this same issue when the servers Date/Time was incorrect and was causing the AuthCookie expiration date to be incorrect.
Check the date/time of the server is correct.
As John said it was something environmental. We turned on cookieless authentication and that worked just fine so users were being authenticated correctly. One of our customers discovered that when they used just the IP address to access the website (e.g. http://111.111.111.111) that the website behaved properly and they were able to get past the login page but when they used the DNS name it did not. Turned out their zones in internet explorer did allow enough trust to outside sites (which the DNS name resolved too) as it did local intranet sites to have cookies.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With