2

today I've encountered with strange issue. My site was running on application pool under .NET 4 and today we noticed that it can't authenticate users under IE 10 (with other browsers everything is ok). Here's the exception that was thrown:

Server Error in '/' Application.

Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.GenericIdentity' to type 'System.Web.Security.FormsIdentity'.

But after upgrading .NET 4 to version 4.5 error has gone away. The strange thing is that we didn't change the version of .NET on application pool, it is still .NET 4.

By the way I'm using custom principal and I'm attaching userData to AuthenticationTicket. Here's my code from the Global.asax:

protected void Application_PostAuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie authCooke = Request.Cookies[FormsAuthentication.FormsCookieName];
        if (authCooke != null)
        {
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCooke.Value);
            if (authTicket != null)
            {
                var identity = new GenericIdentity(authTicket.Name, "Forms");
                var principal = new CustomPrincipal(identity);

                string userData = ((FormsIdentity)(Context.User.Identity)).Ticket.UserData;
                var serializer = new JavaScriptSerializer();
                principal.User = (User)serializer.Deserialize(userData, typeof(User));

                Context.User = principal;
                Thread.CurrentPrincipal = principal;
            }
        }
    }

Could anybody explain to me what I am doing wrong and how updating version of .NET without changing it on application pool could affect the site?

Oleksii Aza
  • 5,368
  • 28
  • 35

2 Answers2

0

Similar problem on my site. Authentication fails only with IE10 but works fine in Firefox and IE8, IE9. To solve the problem I added the parameter cookieless="UseCookies" in web.config

<authentication mode="Forms" >
  <forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" />
</authentication>
Renzo Ciot
  • 3,746
  • 2
  • 25
  • 29
  • Did you have the same exception? If not - I assume that you had a problem discussed in this post: http://stackoverflow.com/questions/6983732/ie10-user-agent-causes-asp-net-to-not-send-back-set-cookie-ie10-not-setting-coo – Oleksii Aza Jun 15 '13 at 10:26
-3

Could it be due to your mis-spelling in your code (HttpCookie authCooke). Should it be "authCookie"?

user1828542
  • 15
  • 1
  • 1
  • 3
  • 2
    -1 `authCooke` is just a variable name, and while it probably _should_ be `authCookie` that is irrelevant. It could have been called `fred` if the OP had wanted to. – DeanOC Mar 23 '13 at 09:45