ASP.NET MVC 4 cookie disappears

Question

I have an ASP.NET application that sends an authentication cookie to an ASP.NET MVC application, used as an back office application.

I've added a global filter that checks every controller action for the authentication cookie. If the cookie exists, it allows the user to enter the page.

The code looks like this:

 public class SecurityFilter : FilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            // TODO: For some reason .AUTHCookie cookie isn't exist in request context of filter,

                           HttpCookie cookie = filterContext.RequestContext.HttpContext.Request.Cookies[".AUTHCookie "];


            if (cookie != null)                 {

From the other side I can see the cookie sent from the ASP.NET application in Application_BeginRequest event in the Global.asax file.

Where and why the cookie disappeared? In what part of the MVC Request-Handling pipeline was the cookie thrown away?

  protected void Application_BeginRequest(object sender, EventArgs e)
        {
            var cookies = HttpContext.Current.Request.Cookies;
            // HERE I CAN SEE BOTH cookies. In filter action only one cookie was found. The authentication cookie is thrown somewhere ...
        }

Make sure the cookie path is "/" and that it has sufficient expiration date. — Nick, Nov 12 '12 at 11:46
what do you mean by word "sufficient" ? is {01/01/0001 00:00:00} is sufficient ? — StringBuilder, Nov 12 '12 at 11:53
Try setting expiry to something like `DateTime.UtcNow.AddDays(1);` Could be that the browser considers the cookie to be expired with a datetime as the above. — Nick, Nov 12 '12 at 12:08
DateTime.UtcNow.AddDays(1); Still doesn't helped , Still getting in Application_BeginRequest of MVC {01/01/0001 00:00:00} expiration date like this ... oh mother nature , what's happening there ? :-) — StringBuilder, Nov 12 '12 at 12:44
I am facing a similar issue; I can't view my cookies created from my VB.NET application on my C# MVC application. They are both running on the same machine, with same machine key, same domain (each one is a subdomain). But works on the other way round, VB.NET can view cookies from the MVC app. Any ideas what is going on? Btw on any browser I can see the cookie on both applications :S Plz help — julianox, Jun 26 '13 at 09:35

score 3 · Accepted Answer · answered Jun 27 '13 at 03:34

I found a solution for my scenario. I've added a compatibilityMode="Framework45" into the machinekey in both applications and it's all working perfectly.

Note: If one of your applications is using an older versions of the .NET framework, you must explicitly configure your .NET 4.5 apps to use the earlier machine compatibility modes, or they will not be able to encrypt/decrypt the forms authentication ticket.

Just to remind you my scenario:

WebForms ASP.NET 4.5

<machineKey compatibilityMode="Framework45" decryption="AES" validation="SHA1" decryptionKey="your_key1" validationKey="your_keu2" />
  <authentication mode="Forms">
    <forms name="_authcookie" domain=".domain.com" loginUrl="Default.aspx?View=1" defaultUrl="Default.aspx?View=1" timeout="30" path="/" protection="All" slidingExpiration="true" enableCrossAppRedirects="true" />
  </authentication>

MVC 4
<machineKey compatibilityMode="Framework45" decryption="AES" validation="SHA1" decryptionKey="your_key1" validationKey="your_keu2" />
   <authentication mode="Forms">
     <forms name="_authcookie" domain=".domain.com" defaultUrl="~/" timeout="30" path="/" protection="All" slidingExpiration="true" enableCrossAppRedirects="true" />
    </authentication>

Possible values for the compatibility mode:

http://msdn.microsoft.com/en-us/library/system.web.configuration.machinekeysection.compatibilitymode.aspx

ASP.NET MVC 4 cookie disappears

1 Answers1

Linked