Login / auth cookie problem after migrating to .NET 2.0

Discussion in 'ASP .Net' started by jazzdrums, Aug 24, 2007.

  1. jazzdrums

    jazzdrums Guest

    Hello,

    we have migrated our website from .NET 1.1 to .NET 2.0.
    After this, some of our users are unable to log-on our site, while for
    the majority of them there's no problem.

    We're using a standard procedure to login (see below).

    The Request.Cookies[FormsAuthentication.FormsCookieName] returns NULL,
    after their login attempt, on subsequent pages. We're setting other
    cookies, for instance the cookies of google analytics, with no
    problem.The're no problem too with the ASP.NET_SessionId cookie.

    The only way for them to be able to logon, is to manually delete their
    cookies.

    Here is the code, we're using:

    iduser = Encryption.Encrypt(userid.ToString());
    FormsAuthentication.SetAuthCookie(iduser, false);
    userdata = "XXX";

    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    1, // version
    iduser, // user name
    DateTime.Now, // issue time
    DateTime.Now.AddHours(72), // expires
    persistent, // persistent
    userdata // user data
    );
    FormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
    FormsAuthentication.Encrypt(ticket));
    HttpContext.Current.Response.Cookies.Add(FormsCookie);

    Then we do a Response. Redirect.

    Does anybody have an idea of what we can do ? It's a real problem for
    us.
    Thanks in advance
     
    jazzdrums, Aug 24, 2007
    #1
    1. Advertising

  2. I'm not sure how you would do this in .Net 1.1, but here is the
    documentation and some samples for doing it in .Net 2.0. Notice that the
    FormsAuthentication.SetAuthCookie method sets a Cookie, and that the
    FormsAuthenticationTicket class example does not use
    FormsAuthentication.SetAuthCookie to create a Cookie:

    http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthenticationticket.aspx
    http://msdn2.microsoft.com/en-us/library/system.web.security.formsauthentication.setauthcookie.aspx

    --
    HTH,

    Kevin Spencer
    Microsoft MVP

    DSI PrintManager, Miradyne Component Libraries:
    http://www.miradyne.net

    "jazzdrums" <> wrote in message
    news:...
    > Hello,
    >
    > we have migrated our website from .NET 1.1 to .NET 2.0.
    > After this, some of our users are unable to log-on our site, while for
    > the majority of them there's no problem.
    >
    > We're using a standard procedure to login (see below).
    >
    > The Request.Cookies[FormsAuthentication.FormsCookieName] returns NULL,
    > after their login attempt, on subsequent pages. We're setting other
    > cookies, for instance the cookies of google analytics, with no
    > problem.The're no problem too with the ASP.NET_SessionId cookie.
    >
    > The only way for them to be able to logon, is to manually delete their
    > cookies.
    >
    > Here is the code, we're using:
    >
    > iduser = Encryption.Encrypt(userid.ToString());
    > FormsAuthentication.SetAuthCookie(iduser, false);
    > userdata = "XXX";
    >
    > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    > 1, // version
    > iduser, // user name
    > DateTime.Now, // issue time
    > DateTime.Now.AddHours(72), // expires
    > persistent, // persistent
    > userdata // user data
    > );
    > FormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
    > FormsAuthentication.Encrypt(ticket));
    > HttpContext.Current.Response.Cookies.Add(FormsCookie);
    >
    > Then we do a Response. Redirect.
    >
    > Does anybody have an idea of what we can do ? It's a real problem for
    > us.
    > Thanks in advance
    >
     
    Kevin Spencer, Aug 27, 2007
    #2
    1. Advertising

  3. jazzdrums

    jazzdrums Guest

    Hi,

    thanks for the reply. Yes we're using .NET 2.0 already.

    Anyway, I've found the solution but cannot really explain it and if
    you have an idea about that, I would be really interested.

    I realized that 2 cookies were actually created: one associated with
    "mydomain.com" and one with "www.mydomain.com".

    The problem was solved by setting the cookie domain to "mydomain.com".
    It doesn't work when I set it to "www.mydomain.com" and I don't know
    why.

    Regarding the IIS configuraiton, the websites headers doesn't contain
    "mydomain.com". We have a second website defined that redirect
    "mydomain.com" to "www.mydomain.com" for the people just arriving on
    our site using "mydomain.com".

    What I don't understand is is why did the .NET framework create a
    "mydomain.com" cookie by default (i.e. when no domain was set), even
    if I came to the website with the "www.mydomain.com" URL ?

    Then the problem occured when people logged in on the previous version
    of the site (.NET 1.1) with an old "mydomain.com" cookie : the new
    version of the site was unable to read this cookie or overwrite it.
    And so the user was unable to logon. When we set the domain property
    of the cookie to "mydomain.com", it works, the cookie can then be
    overrided and everything works fine. Note that it wasn't systematics:
    only around 20 to 30% of our users encountered it.

    Thanks again for your reply
     
    jazzdrums, Aug 28, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SWdneSBFdmFucw==?=
    Replies:
    2
    Views:
    3,135
    =?Utf-8?B?SWdneSBFdmFucw==?=
    Apr 25, 2004
  2. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    743
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  3. 23s
    Replies:
    4
    Views:
    2,544
    Raterus
    Jul 3, 2004
  4. Chris Mohan

    Configuring Windows Auth & Forms Auth in Asp.Net

    Chris Mohan, Apr 28, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    466
    Chris Mohan
    Apr 29, 2004
  5. Ed Staffin
    Replies:
    1
    Views:
    394
    Ken Schaefer
    Apr 17, 2006
Loading...

Share This Page