Cookies from ASP.NET app not persisting even when enabled!

Dear All,

I'm new to ASP.NET and have been developing a small app at work to test
Forms Authentication. When running on my development machine (using
http://localhost/TestApp/Login.aspx for example) everything works fine -
that is, a successful (authenticated) login grants access to other app pages and the authorization cookie is saved as expected on the local machine.

Unfortunately everything turns ugly when trying to 'test' the app from
another machine on the LAN (now using http://<dev machine
name>/TestApp/Login.aspx rather than 'localhost'). The user enters their
credentials as usual and hits 'login' (and this is where it gets
interesting...), the app correctly authenticates the given user details
(I've added suitable response.write's to show this) but FAILS to authorize
the user and promptly redirects them back to the login page.

Now having spent a 'good few' hours trying to figure this out, it seems that for whatever reason, any browser OTHER THAN the one on the development
machine FAILS TO PERSIST the authorization cookie (or any other cookie
created by the app for that matter) even though cookies are clearly enabled on these browsers! I've witnessed that cookies from 'external' web sites are persisting okay and are subject to IE's cookie settings but those cookies
from my app are simply not working. I've even used an HTTP 'inspection tool' to view the app's server responses and can clearly see the 'Set-Cookie'
sections in the header!

So in short I believe that authorization is failing because the app cannot
'identify' the client due to the client failing to provide valid
authorization details given to it after a successful login.

Here's some info about my setup that may help a diagnosis!:

Dev machine is XP Pro running ASP.NET 1.1 and IIS 5.1.
IDE is VS.NET 2003.
Remote test machies are W2K, XP Pro and NT4 all with IE6.

As far as I know all machines have latest service packs/patches. ANY help
would be much appreciated as this is driving me crazy.

Thanks in advance,

Lee Wilkie.

if you site only works form a local browser, then your site is probably
requiring security access it doesn't have thru impersonation.

as a quick test, go to iis and change your site authentication to basic. if it now works from other browsers, you need to work out how your site will
get the security access it needs to run. google for lots of answers on
impersonation.

-- bruce (sqlwork.com)


"Lee Wilkie" <le*********@hotmail.com> wrote in message
news:#q**************@TK2MSFTNGP12.phx.gbl...

Dear All,

I'm new to ASP.NET and have been developing a small app at work to test
Forms Authentication. When running on my development machine (using
http://localhost/TestApp/Login.aspx for example) everything works fine -
that is, a successful (authenticated) login grants access to other app

pages

and the authorization cookie is saved as expected on the local machine.

Unfortunately everything turns ugly when trying to 'test' the app from
another machine on the LAN (now using http://<dev machine
name>/TestApp/Login.aspx rather than 'localhost'). The user enters their
credentials as usual and hits 'login' (and this is where it gets
interesting...), the app correctly authenticates the given user details
(I've added suitable response.write's to show this) but FAILS to authorize the user and promptly redirects them back to the login page.

Now having spent a 'good few' hours trying to figure this out, it seems

that

for whatever reason, any browser OTHER THAN the one on the development
machine FAILS TO PERSIST the authorization cookie (or any other cookie
created by the app for that matter) even though cookies are clearly

enabled

on these browsers! I've witnessed that cookies from 'external' web sites

are

persisting okay and are subject to IE's cookie settings but those cookies from my app are simply not working. I've even used an HTTP 'inspection

tool'

to view the app's server responses and can clearly see the 'Set-Cookie'
sections in the header!

So in short I believe that authorization is failing because the app cannot 'identify' the client due to the client failing to provide valid
authorization details given to it after a successful login.

Here's some info about my setup that may help a diagnosis!:

Dev machine is XP Pro running ASP.NET 1.1 and IIS 5.1.
IDE is VS.NET 2003.
Remote test machies are W2K, XP Pro and NT4 all with IE6.

As far as I know all machines have latest service packs/patches. ANY help would be much appreciated as this is driving me crazy.

Thanks in advance,

Lee Wilkie.