Lost Cookie during Authentication

[yofnik]

Hello All,
I am going crazy trying to figure out why my ASP.NET web application
cannot get beyond the login screen. It is using very simple Forms based
authentication:

if(!FormsAuthentication.Authenticate(tbUserName.Value,
tbPassword.Value))
{
pageInfo.Text = "Invalid user name or password. Please try again.";
}
else
{
FormsAuthentication.RedirectFromLoginPage(tbUserName.Value, false);
}

If the username and password are wrong, the Authentication fails as
expected and the error message is displayed. If the credentials are
correct, the Redirect does not happen and it returns to the login page.
After turning Tracing on, I noticed that the authentication cookie is
not getting saved. It gets created after the Login POST, but then the
next page, the cookie is gone. Where in my development environment, the
cookie gets created and remains on every page thereafter.

I have seen this questions in a few other posts, but none of them had
an answer. Why does the Authentication Cookie go away after the login
page? Can anyone please help!

Thanks in advance.

 

[Guest]

While this may not solve this particular problem, make sure you have a check
for the redirect page. Microsoft hard coded default.aspx for cases when the
login page was hit directly. If you do not have a default.aspx, this will
cause errors.

As for determining the scope of the problem, I would use a tool that can
capture the HTTP request and response. I do not have the link saved on this
machine, so I will have to respond back later, if I get the time.

I wish I had a better answer, but I am stumped, as well. And, I have little
information to go on to figure out the extent of the problem.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[yofnik]

I do have a default.aspx. That is the page I want to redirect to.

I can see the entire request through trace.axd. The redirect IS
happening. However, because the cookie does not get saved, it directs
BACK to the login page because it still thinks authentication should
occur.

So again, my question is what could cause the cookie to not get saved?

I did just notice one thing that is odd about the environment I am
using. The machine is a dual boot between XP Pro and Windows Server
2003. Could this cause any issues?

 

[peshekeedweller]

I have the same problem. Additionally, the IsAuthenticated property turns up
"False" despite the fact that the database returns the authentication data.

 

[yofnik]

I am pretty certain that there is something wrong with the
configuration of my server causing the authentication cookie to not get
set. It works fine on other machines. The fact this one server is a
dual boot may have something to do with it. Unfortunately, I don't know
what else to check. Very strange.

 

[yofnik]

Ok, I think I have finally figured out the problem. Microsoft Security
patch MS01-055 caused any hostname with an underscore "_" to stop
processing cookies properly.

http://support.microsoft.com/default.aspx?scid=kb;en-us;312461

I wish I can charge Microsoft for my lost productivity. The question
now is whether there is a reasonable workaround without having to go
around and rename my servers.