469,602 Members | 1,912 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,602 developers. It's quick & easy.

Cookies from ASP.NET app not persisting even when enabled!

Dear All,

I'm new to ASP.NET and have been developing a small app at work to test
Forms Authentication. When running on my development machine (using
http://localhost/TestApp/Login.aspx for example) everything works fine -
that is, a successful (authenticated) login grants access to other app pages
and the authorization cookie is saved as expected on the local machine.

Unfortunately everything turns ugly when trying to 'test' the app from
another machine on the LAN (now using http://<dev machine
name>/TestApp/Login.aspx rather than 'localhost'). The user enters their
credentials as usual and hits 'login' (and this is where it gets
interesting...), the app correctly authenticates the given user details
(I've added suitable response.write's to show this) but FAILS to authorize
the user and promptly redirects them back to the login page.

Now having spent a 'good few' hours trying to figure this out, it seems that
for whatever reason, any browser OTHER THAN the one on the development
machine FAILS TO PERSIST the authorization cookie (or any other cookie
created by the app for that matter) even though cookies are clearly enabled
on these browsers! I've witnessed that cookies from 'external' web sites are
persisting okay and are subject to IE's cookie settings but those cookies
from my app are simply not working. I've even used an HTTP 'inspection tool'
to view the app's server responses and can clearly see the 'Set-Cookie'
sections in the header!

So in short I believe that authorization is failing because the app cannot
'identify' the client due to the client failing to provide valid
authorization details given to it after a successful login.

Here's some info about my setup that may help a diagnosis!:

Dev machine is XP Pro running ASP.NET 1.1 and IIS 5.1.
IDE is VS.NET 2003.
Remote test machies are W2K, XP Pro and NT4 all with IE6.

As far as I know all machines have latest service packs/patches. ANY help
would be much appreciated as this is driving me crazy.

Thanks in advance,

Lee Wilkie.
Nov 18 '05 #1
2 2313
if you site only works form a local browser, then your site is probably
requiring security access it doesn't have thru impersonation.

as a quick test, go to iis and change your site authentication to basic. if
it now works from other browsers, you need to work out how your site will
get the security access it needs to run. google for lots of answers on
impersonation.

-- bruce (sqlwork.com)


"Lee Wilkie" <le*********@hotmail.com> wrote in message
news:#q**************@TK2MSFTNGP12.phx.gbl...
Dear All,

I'm new to ASP.NET and have been developing a small app at work to test
Forms Authentication. When running on my development machine (using
http://localhost/TestApp/Login.aspx for example) everything works fine -
that is, a successful (authenticated) login grants access to other app pages and the authorization cookie is saved as expected on the local machine.

Unfortunately everything turns ugly when trying to 'test' the app from
another machine on the LAN (now using http://<dev machine
name>/TestApp/Login.aspx rather than 'localhost'). The user enters their
credentials as usual and hits 'login' (and this is where it gets
interesting...), the app correctly authenticates the given user details
(I've added suitable response.write's to show this) but FAILS to authorize
the user and promptly redirects them back to the login page.

Now having spent a 'good few' hours trying to figure this out, it seems that for whatever reason, any browser OTHER THAN the one on the development
machine FAILS TO PERSIST the authorization cookie (or any other cookie
created by the app for that matter) even though cookies are clearly enabled on these browsers! I've witnessed that cookies from 'external' web sites are persisting okay and are subject to IE's cookie settings but those cookies
from my app are simply not working. I've even used an HTTP 'inspection tool' to view the app's server responses and can clearly see the 'Set-Cookie'
sections in the header!

So in short I believe that authorization is failing because the app cannot
'identify' the client due to the client failing to provide valid
authorization details given to it after a successful login.

Here's some info about my setup that may help a diagnosis!:

Dev machine is XP Pro running ASP.NET 1.1 and IIS 5.1.
IDE is VS.NET 2003.
Remote test machies are W2K, XP Pro and NT4 all with IE6.

As far as I know all machines have latest service packs/patches. ANY help
would be much appreciated as this is driving me crazy.

Thanks in advance,

Lee Wilkie.

Nov 18 '05 #2
Hi Bruce,

Thanks for the quick reply. Your suggestion didn't work unfortunately but I
have since found the problem. It was all down to the use of 'illegal' DNS
characters in the dev machine name (an underscore in this case). I used the
IP address instead and everything was fine!

Thanks again,

Lee

"bruce barker" <no***********@safeco.com> wrote in message
news:er**************@TK2MSFTNGP09.phx.gbl...
if you site only works form a local browser, then your site is probably
requiring security access it doesn't have thru impersonation.

as a quick test, go to iis and change your site authentication to basic. if it now works from other browsers, you need to work out how your site will
get the security access it needs to run. google for lots of answers on
impersonation.

-- bruce (sqlwork.com)


"Lee Wilkie" <le*********@hotmail.com> wrote in message
news:#q**************@TK2MSFTNGP12.phx.gbl...
Dear All,

I'm new to ASP.NET and have been developing a small app at work to test
Forms Authentication. When running on my development machine (using
http://localhost/TestApp/Login.aspx for example) everything works fine -
that is, a successful (authenticated) login grants access to other app

pages
and the authorization cookie is saved as expected on the local machine.

Unfortunately everything turns ugly when trying to 'test' the app from
another machine on the LAN (now using http://<dev machine
name>/TestApp/Login.aspx rather than 'localhost'). The user enters their
credentials as usual and hits 'login' (and this is where it gets
interesting...), the app correctly authenticates the given user details
(I've added suitable response.write's to show this) but FAILS to authorize the user and promptly redirects them back to the login page.

Now having spent a 'good few' hours trying to figure this out, it seems

that
for whatever reason, any browser OTHER THAN the one on the development
machine FAILS TO PERSIST the authorization cookie (or any other cookie
created by the app for that matter) even though cookies are clearly

enabled
on these browsers! I've witnessed that cookies from 'external' web sites

are
persisting okay and are subject to IE's cookie settings but those cookies from my app are simply not working. I've even used an HTTP 'inspection

tool'
to view the app's server responses and can clearly see the 'Set-Cookie'
sections in the header!

So in short I believe that authorization is failing because the app cannot 'identify' the client due to the client failing to provide valid
authorization details given to it after a successful login.

Here's some info about my setup that may help a diagnosis!:

Dev machine is XP Pro running ASP.NET 1.1 and IIS 5.1.
IDE is VS.NET 2003.
Remote test machies are W2K, XP Pro and NT4 all with IE6.

As far as I know all machines have latest service packs/patches. ANY help would be much appreciated as this is driving me crazy.

Thanks in advance,

Lee Wilkie.


Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Marcin Gorzynski | last post: by
reply views Thread by dawson | last post: by
3 posts views Thread by damezumari | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.