Problem with asp.net forms authentication in internet explorer

Question

My company has a web application hosted on a client\'s machine that uses forms authentication in ASP.net. When visiting the website http://www.client.com/Application and tr

Answer 1

Use this way:

int timeoutValue = 20; // This value is actually returned from a method;
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(txtLogin.Text, false, timeoutValue);            
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);                 
authCookie.Domain = "uptime.com.br";
authCookie.Expires = DateTime.Now.AddMinutes(timeoutValue);
HttpContext.Current.Response.Cookies.Add(authCookie);  

Answer 2

Speaking of IIS, have you checked the authentication method that IIS is trying to use on the site instance? I believe Firefox will convince IIS to use "basic" authentication, while IE would try to use its fancy Windows authentication, etc.

Also, do you have the site's IP/hostname specified in the HOSTS file? That might make a difference one way or another (sometimes good, sometimes bad).

Answer 3

As John said it was something environmental. We turned on cookieless authentication and that worked just fine so users were being authenticated correctly. One of our customers discovered that when they used just the IP address to access the website (e.g. http://111.111.111.111) that the website behaved properly and they were able to get past the login page but when they used the DNS name it did not. Turned out their zones in internet explorer did allow enough trust to outside sites (which the DNS name resolved too) as it did local intranet sites to have cookies.

Answer 4

It is extremely unlikely that Forms Authentication, in Microsoft .NET since 2002, is breaking with Microsoft Internet Explorer, as a general rule. This is clearly something environmental.

The thing to do is watch the network with Fiddler or something and see what's going on. Then do the same with Firefox, and compare.

Once you see the difference, try to figure out how that difference could be limited to IE.

Answer 5

I had this same issue when the servers Date/Time was incorrect and was causing the AuthCookie expiration date to be incorrect.

Check the date/time of the server is correct.

Answer 6

Like ajh1138 said, it's possible that IE is negotiating to "integrated auth" while FireFox is using HTTP auth or plain old form-POST.

IE may be mapping to an actual Windows username (such as the user running IE), and that user may not have access to that web page (even when the anonymous user does). That could produce the behavior you described.