ASP.NET Identity login does not work on ipad/iphone

Question

User788713029 posted

Dear Support,

I have created a web application with identity login and that works everywhere except iphone and ipads. I tried setting the web.config cookieless="UseCookies" but no luck.

Answer 1

User475983607 posted

I'm unable to reproduce this issue.  Verify your iPhone and iPad browsers accept cookies as Identity uses an authentication Cookie.

Answer 2

User788713029 posted

it is the safari browser I am talking about. I did tested it on two devices to be honest... on an iphone 8 and on the ipad pro...

Answer 3

User788713029 posted

I also have this in my app broswer...

<browsers>
<browser refID="Default">
<capabilities>
<capability name="cookies" value="true" />
</capabilities>
</browser>
</browsers>

and this in my web.config

<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="540" cookieless="UseCookies" />
</authentication>

Answer 4

User475983607 posted

it is the safari browser I am talking about. I did tested it on two devices to be honest... on an iphone 8 and on the ipad pro...

As stated above, I'm unable to reproduce this issue.   Since ASP Identity uses Cookie authentication by default, I assume Safari is configured to block cookies.  

Otherwise explain how your security works.

Answer 5

User788713029 posted

This is my code that handle the login logic

Private Sub btnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
        Dim manager = Context.GetOwinContext().GetUserManager(Of ApplicationUserManager)()
        Dim signinManager = Context.GetOwinContext().GetUserManager(Of ApplicationSignInManager)()
        Dim user = manager.FindByName(Email.Text)

        If user IsNot Nothing Then
            If Not user.EmailConfirmed Then
                FailureText.Text = "Invalid login attempt. Your account is not confirmed - Please check your email for the confirmation link."
                ErrorMessage.Visible = True
            Else
                ' This doen't count login failures towards account lockout
                ' To enable password failures to trigger lockout, change to shouldLockout := True
                Dim result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout:=True)

                Select Case result
                    Case SignInStatus.Success
                        IdentityHelper.RedirectToReturnUrl(Request.QueryString("ReturnUrl"), Response)
                    Case SignInStatus.LockedOut
                        Response.Redirect("/LockedOut")
                    Case SignInStatus.RequiresVerification
                        Response.Redirect(String.Format("/Account/TwoFactorAuthenticationSignIn?ReturnUrl={0}&RememberMe={1}", Request.QueryString("ReturnUrl"), RememberMe.Checked), True)
                    Case Else
                        FailureText.Text = "Invalid login attempt"
                        ErrorMessage.Visible = True
                End Select
            End If
        End If
    End Sub

Answer 6

User475983607 posted

Have you verified cookies are not blocked?

https://help.overdrive.com/customer/portal/articles/1481678-how-to-enable-cookies-on-your-mobile-device

Use developer tools to verify the auth cookie exists and is being submitted to the web application.

https://www.dummies.com/web-design-development/how-to-use-developer-tools-in-safari-on-ios/

Answer 7

User788713029 posted

Yes the cookies are no blocked and the issue still persist. Dont knwo what else to do :/

Answer 8

User475983607 posted

iioannou-tech

Yes the cookies are no blocked and the issue still persist. Dont knwo what else to do :/

I issue points to the browser not the server as the application works with other browsers.  Make sure the iPad and iPhone time zone settings are correct.

Did you try basic debugging using developer tools as suggested above?

Answer 9

User788713029 posted

I did check timezone settings and are correct, I cannot debug on the iphone as I dont have one for development...

Answer 10

User753101303 posted

I would create a test page showing cookies to make 100% sure it works. Seems you have a redirect when the user is authenticated. What if you avoid that for now ? (I've seen some discussions in the past about issues apparently when defining new cookies and doing a redirect in a single response).

Answer 11

User788713029 posted

To me it seems that the cookies do not work because after I enter correctly the credentials I tryied accessing a secure page without success which means that thie sign in code does nothing for some reason on the iphone and ipad...

Answer 12

User475983607 posted

iioannou-tech

To me it seems that the cookies do not work because after I enter correctly the credentials I tryied accessing a secure page without success which means that thie sign in code does nothing for some reason on the iphone and ipad...

You are jumping to conclusions...

Login does not happen on the iPad or iPhone.  Login happens in the web application which is running on a server.  The result of the login is an authentication cookie passed back to the browser in the response.  You would have to write code or install an API that runs on the server to stop the cookie.

Browsers handle cookies in a deterministic manor.  Since the app work in other browsers, there must be something different about the iPad and iPhone Safari clients.  

As suggested above, use developer tools to view the cookie or write a custom page to show the cookie.

Can you explain what "does nothing" means?  Is the browser redirected to the login page?  Are there error messages?  Does the page post?

Answer 13

User-1322356719 posted
Anybody figure out a solution ? I am seeing the same issue after upgrading web servers .
Thanks in advance .