3

This is a really annoying issue and i don't know where to start to look to resolve it.

This issue does not happen when i run the code locally, only when i run it on the live environment. I know i am missing something, and its probably obvious i just can figure it out.

Okay I have an MVC 4 application where i have overridden MembershipProvider. I am pretty sure this is not the issue as the login does work. Login works on IE, Firefox, Safari but fails on Chrome Desktop (Windows 7), and Chrome IOS (on the Ipad).

On Chrome the user is required to log in twice. On the first attempt the ASPXAUTH element of the cookie is not being set. BUT it is set on the second attempt. (Reviewed in Fiddler)

I have looked around and found this suggestion and i have implemented it but i still have the issue. (This does not detail my issue completely but it was close)

http://www.hanselman.com/blog/FormsAuthenticationOnASPNETSitesWithTheGoogleChromeBrowserOnIOS.aspx

(I have 4.5 installed so i knew this was a very long shot)

I have no idea where to start to look to resolve this. Here is the code where i create the cookie.

    private void SignIn(string userName, bool RememberMe)
    {
        MyMembershipProvider provider = (MyMembershipProvider)System.Web.Security.Membership.Provider;
        MyMembershipUser user = (MyMembershipUser)provider.GetUser(userName, false);

        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
          user.UserName,
          DateTime.Now,
          DateTime.Now.AddMinutes(30),
          true,
          user.UserID.ToString(),
          FormsAuthentication.FormsCookiePath);

        // Encrypt the ticket.
        string encTicket = FormsAuthentication.Encrypt(ticket);

        // Create the cookie.
        HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);

        Response.Cookies.Add(authCookie);
    }

After the cookie has been created i Redirect

    return Redirect("Https://www.sitehome.local");

Please note i am running the whole site under HTTPS in case this is causing the issue

tereško
  • 58,060
  • 25
  • 98
  • 150
KevDevMan
  • 808
  • 11
  • 23
  • I can confirm this as an issue, with some additional notes: 1) it seems to be an issue on any iOS device using Chrome 2) it doesn't appear to be related to HTTPS; I was experiencing the issue under either scheme 3) in my case, it would not set the cookie at all, despite my audit log saying I'd logged in successfully. – moribvndvs Jan 18 '13 at 11:47
  • Hi HackedByChinese, Are you seeing this behavior in the windows version of Chrome? – KevDevMan Jan 18 '13 at 12:14
  • I apologize. I missed the part about forcing cookie tickets for iOS Chrome. Once I did that, it worked fine. One thing, though, is perhaps the issue is that you are omitting some potentially important info when you set your cookie. When I set the auth cookie, I do it like this: `var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketString) { Secure = FormsAuthentication.RequireSSL, Path = FormsAuthentication.FormsCookiePath, HttpOnly = true, Domain = FormsAuthentication.CookieDomain };` – moribvndvs Jan 18 '13 at 12:47
  • 1
    That's it, its all working. Thanks loads. Post the answer and i will mark as answered :) Was either the Domain or SSL but i added both and it all works fine now. – KevDevMan Jan 18 '13 at 13:29

1 Answers1

1

As we figured out in the comments, the cookie was not being forwarded upon redirect and was fixed by creating the cookie in this manner:

var authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, ticketString) 
    { 
       Secure = FormsAuthentication.RequireSSL, 
       Path = FormsAuthentication.FormsCookiePath, 
       HttpOnly = true, 
       Domain = FormsAuthentication.CookieDomain 
    };

Response.Cookies.Add(authCookie);
moribvndvs
  • 42,191
  • 11
  • 135
  • 149