none
ASP.Net 3.5 application forms authentication not working correctly on new server (2003) RRS feed

  • Question

  • We have an application that uses forms authentication which has worked fine in the local dev environment and on a windows server 2003/iis server in 4 different virtual directories.  We have gotten a new server, and set it up to work the same way, but we are experiencing problems with our forms authentication.  We use oracle and a 3rd party library for our membership provider.  I have gotten remote debugging working and have followed the chain on this new server, and the login control is posting back the username, and the membership code if retrieving the correct user, but the User.Identity.Name is not being set (auth cookie).  If we use the local browser on the server, it works correctly.  If we use firefox on a remote client browser, it works correctly (that part amazed me).  But if we use ie7 on a remote client browser, the auth cookie does not seem to be working, even with privacy level at accept all cookies, and the domain in the trusted sites.  Does anyone know what might be causing this strange behavior? 
    Monday, July 28, 2008 5:08 PM

Answers

  • The issue has been resolved and I am posting this in the hope that it will help someone.  I was scouring the internet looking for leads, and I came across a post that recommended Fiddler as a tool that could help diagnose what is happening between browser and server.  I compared the results of the cookie (header) traffic from the new server to the existing server, and I noticed the expiry times were an hour different in GMT time.  I checked the new server and its timezone was differrent (it is being delivered to another time zone), and the time was set incorrectly.  This had the effect of the cookie being issued expired, which caused the ie7 not to store it, but firefox stored it and used it anyway (maybe it was doing some kind of timezone mapping).  Anyway by setting the time correctly on the server, the issue has been resolved.
    • Marked as answer by mishalas Monday, July 28, 2008 11:19 PM
    Monday, July 28, 2008 11:18 PM

All replies

  •  Further investigation has revealed that the ie7 on xp sp3 is not storing the auth cookie.  This server is not in the domain, does that make a difference?
    Monday, July 28, 2008 7:15 PM
  • The issue has been resolved and I am posting this in the hope that it will help someone.  I was scouring the internet looking for leads, and I came across a post that recommended Fiddler as a tool that could help diagnose what is happening between browser and server.  I compared the results of the cookie (header) traffic from the new server to the existing server, and I noticed the expiry times were an hour different in GMT time.  I checked the new server and its timezone was differrent (it is being delivered to another time zone), and the time was set incorrectly.  This had the effect of the cookie being issued expired, which caused the ie7 not to store it, but firefox stored it and used it anyway (maybe it was doing some kind of timezone mapping).  Anyway by setting the time correctly on the server, the issue has been resolved.
    • Marked as answer by mishalas Monday, July 28, 2008 11:19 PM
    Monday, July 28, 2008 11:18 PM