Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Login / auth cookie problem after migrating to .NET 2.0

Reply
Thread Tools

Login / auth cookie problem after migrating to .NET 2.0

 
 
jazzdrums
Guest
Posts: n/a
 
      08-24-2007
Hello,

we have migrated our website from .NET 1.1 to .NET 2.0.
After this, some of our users are unable to log-on our site, while for
the majority of them there's no problem.

We're using a standard procedure to login (see below).

The Request.Cookies[FormsAuthentication.FormsCookieName] returns NULL,
after their login attempt, on subsequent pages. We're setting other
cookies, for instance the cookies of google analytics, with no
problem.The're no problem too with the ASP.NET_SessionId cookie.

The only way for them to be able to logon, is to manually delete their
cookies.

Here is the code, we're using:

iduser = Encryption.Encrypt(userid.ToString());
FormsAuthentication.SetAuthCookie(iduser, false);
userdata = "XXX";

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // version
iduser, // user name
DateTime.Now, // issue time
DateTime.Now.AddHours(72), // expires
persistent, // persistent
userdata // user data
);
FormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket));
HttpContext.Current.Response.Cookies.Add(FormsCook ie);

Then we do a Response. Redirect.

Does anybody have an idea of what we can do ? It's a real problem for
us.
Thanks in advance

 
Reply With Quote
 
 
 
 
Kevin Spencer
Guest
Posts: n/a
 
      08-27-2007
I'm not sure how you would do this in .Net 1.1, but here is the
documentation and some samples for doing it in .Net 2.0. Notice that the
FormsAuthentication.SetAuthCookie method sets a Cookie, and that the
FormsAuthenticationTicket class example does not use
FormsAuthentication.SetAuthCookie to create a Cookie:

http://msdn2.microsoft.com/en-us/lib...ionticket.aspx
http://msdn2.microsoft.com/en-us/lib...uthcookie.aspx

--
HTH,

Kevin Spencer
Microsoft MVP

DSI PrintManager, Miradyne Component Libraries:
http://www.miradyne.net

"jazzdrums" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> Hello,
>
> we have migrated our website from .NET 1.1 to .NET 2.0.
> After this, some of our users are unable to log-on our site, while for
> the majority of them there's no problem.
>
> We're using a standard procedure to login (see below).
>
> The Request.Cookies[FormsAuthentication.FormsCookieName] returns NULL,
> after their login attempt, on subsequent pages. We're setting other
> cookies, for instance the cookies of google analytics, with no
> problem.The're no problem too with the ASP.NET_SessionId cookie.
>
> The only way for them to be able to logon, is to manually delete their
> cookies.
>
> Here is the code, we're using:
>
> iduser = Encryption.Encrypt(userid.ToString());
> FormsAuthentication.SetAuthCookie(iduser, false);
> userdata = "XXX";
>
> FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
> 1, // version
> iduser, // user name
> DateTime.Now, // issue time
> DateTime.Now.AddHours(72), // expires
> persistent, // persistent
> userdata // user data
> );
> FormsCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
> FormsAuthentication.Encrypt(ticket));
> HttpContext.Current.Response.Cookies.Add(FormsCook ie);
>
> Then we do a Response. Redirect.
>
> Does anybody have an idea of what we can do ? It's a real problem for
> us.
> Thanks in advance
>



 
Reply With Quote
 
 
 
 
jazzdrums
Guest
Posts: n/a
 
      08-28-2007
Hi,

thanks for the reply. Yes we're using .NET 2.0 already.

Anyway, I've found the solution but cannot really explain it and if
you have an idea about that, I would be really interested.

I realized that 2 cookies were actually created: one associated with
"mydomain.com" and one with "www.mydomain.com".

The problem was solved by setting the cookie domain to "mydomain.com".
It doesn't work when I set it to "www.mydomain.com" and I don't know
why.

Regarding the IIS configuraiton, the websites headers doesn't contain
"mydomain.com". We have a second website defined that redirect
"mydomain.com" to "www.mydomain.com" for the people just arriving on
our site using "mydomain.com".

What I don't understand is is why did the .NET framework create a
"mydomain.com" cookie by default (i.e. when no domain was set), even
if I came to the website with the "www.mydomain.com" URL ?

Then the problem occured when people logged in on the previous version
of the site (.NET 1.1) with an old "mydomain.com" cookie : the new
version of the site was unable to read this cookie or overwrite it.
And so the user was unable to logon. When we set the domain property
of the cookie to "mydomain.com", it works, the cookie can then be
overrided and everything works fine. Note that it wasn't systematics:
only around 20 to 30% of our users encountered it.

Thanks again for your reply

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Auth, but Forms Auth for one page? =?Utf-8?B?ZGhucml2ZXJzaWRl?= ASP .Net 1 01-08-2005 05:50 PM
Forms Auth cookie vanishes immediately after login 23s ASP .Net 4 07-03-2004 11:23 AM
Configuring Windows Auth & Forms Auth in Asp.Net =?Utf-8?B?Q2hyaXMgTW9oYW4=?= ASP .Net 0 04-28-2004 06:11 PM
Can't get Set-Cookie headers after posting to Forms Auth. login page =?Utf-8?B?SWdneSBFdmFucw==?= ASP .Net 2 04-25-2004 10:16 AM
container-auth vs servlet-auth role-checking? Mark Chai Java 1 10-01-2003 06:30 PM



Advertisments