I was just shutting off the pc at work, and I had to quickly check if something was fixed. But I clicked on my mobile google chrome browser for the desktop and went to test if a bug was fixed or not.
This is where the trouble started, all of a sudden I couldn't hold session. I could login on the web application, but I couldn't hold session. Weird character strings were put in the url each time I logged in but I just couldn't get my browser to hold session. I checked the browser settings, I deleted all cookies, I restarted the browser, etc. Nothing helped to hold session.
While testing I noticed I was using my mobile google chrome browser, where after I checked with the normal google chrome for desktops I was able to hold session.
Im using the normal asp.net authentication implementation, nothing important is custom. But its rather disturbing for maybe future expansions to mobile platforms.
Any of you people know what could've caused this error? Is it an error in google chrome (mobile)? Is it possible
Make a file called generic.browser in a folder called App_Browsers and put this in it:
<browsers>
<browser refID="GenericDownlevel">
<capabilities>
<capability name="cookies" value="true" />
</capabilities>
</browser>
</browsers>
This will fix the problem that cookies aren't enabled. Apperently this is fixed in ASP.NET 4.5.
Source:
http://www.hanselman.com/blog/FormsAuthenticationOnASPNETSitesWithTheGoogleChromeBrowserOnIOS.aspx
This is because Cookies are probably disabled. Forms Authentication relies on Cookies.
Mobile chrome occasionally tends to do that with mvc3 and mvc4. I'm not sure if anyone yet knows why. Having cookies on and setting the UseCookies in Web.Config doesn't help. Furthermore, I'm not sure if Web Forms is affected. But since I've seen this only in Mobile Chrome, I'd say it's something Google needs to fix.
Related
I am currently making an asp.net web application that can work in Eve Online in-game browser. This app is connected to a database so I wanted to encrypt the web.config file so that the password and username do not end up being in clear text.
I used this method to do so:
http://www.codedigest.com/Articles/ASPNET/242_Tips_for_Deploying_ASPNet_Application_in_Production.aspx
It works very well but there is a big problem. While the app runs in normal browsers such as IE or chrome, when I try to run in in-game browser I get an error. I made custom errors off for a bit and checked out where the error happens. The error seems to be directing the encryption tag in web.config. But since I cant reproduce this in any other browser I cant find a solution.
Then I try to run the app without encrypting the web.config file and it ran perfectly even in the in-game browser.
I contacted the developers about this issue and posted on their forums but I couldnt get an answer yet.
Also the app has to work in in-game browser because I can get various information with headers about client through in-game browser which I use as inputs in my app.
So my question here is since the database I use does not have any vital information(not even e-mails) just username and password for simple authentication, can I get away with not encrypting the web.config file?
Thanks.
I upgraded a .net 2.0 application to net 4.0 and now if I try to login with IE the session instantly expires.
Does anyone have any ideas on where to look for this problem?
Firefox works fine to log in.
Thanks.
Edit, More Information: Checking IE's cookies and firefox's cookies, it appears that a cookie is not being created in I.E, but it is being created in firefox.
Any ideas on why this might be? Still digging into it but having a hard time...
LAST EDIT; FIXED: Turns out this was not relevant to asp 4.0. I upgraded the application and set it up on a subdomain for testing to ensure everything worked, and the sub domain had an _ in it. After much research, IE will not take cookies from a domain with an _. This is done on purpose by design, apparently, since technically DNS rules forbid underscores in a domain. Changed to a - and it works.
LAST EDIT; FIXED: Turns out this was not relevant to asp 4.0. I upgraded the application and set it up on a subdomain for testing to ensure everything worked, and the sub domain had an _ in it. After much research, IE will not take cookies from a domain with an _. This is done on purpose by design, apparently, since technically DNS rules forbid underscores in a domain. Changed to a - and it works.
If your application is working fine on Firefox and then it might be because of IE 8. IE 8 have different settings for cookie handling. Here is the remedy for that problem:-
1) Tools -> Internet Options ->Privacy -> Advance-> Check Override automatic cookie handling.
2) Select Accept in First-party Cookies and Select Accept Third-party cookies
3) Check Always allow session cookies
If you can't change the settings on client browser then try cookieless sessions. To do this just define:-
<sessionState cookieless="true" />
in your web config file.
For Details of cookieless sessions:-
http://msdn.microsoft.com/en-us/library/aa479314.aspx
I'm developing an ASP.NET 4 webforms app on my Windows 7 PC. I'm running VS2010 and IIS7.5.
I have a weird problem where after a few page loads (anywhere from 1 to 20ish) I get NO response from IIS. I can't even hit a breakpoint in Application BeginRequest, I just get nothing. But, if I delete all cookies from the browser for the development domain, the website will load perfectly again for a few more requests.
This happens in all browsers I have installed (IE9, Firefox, Chrome, Safari, Opera).
However, if I deploy the app to our hosted server, all works fine.
Anyone had this issue before?
Many thanks for any help you can provide.
After the comments I add for reference here an answer.
This is an issue when you place too large cookie to the browser and browser can not handle them.
The reason that is play here, not play there maybe because of the data that you have type on it and save on cookies.
You can search for cookie limits on the internet and for different browsers. For ie for example http://support.microsoft.com/kb/306070
Try to keep the cookie size as low as you can.
From antmx
For reference, here is what I changed in web.config to fix this problem.
<roleManager cacheRolesInCookie="false" />
Note, though, that now a user's roles will be read from the database each time they're needed, which could cause a performance issue. (I am not think that there is any performance issue and is more secure this way)
A tester of my new app reported problems with authorization support in ASP.NET MVC app: Whenever he switches to a new tab (different controller), he's prompted for his login again.
After investigation, I found that the server forcibly wants to use cookieless forms authentication using URLs such as in this question.
The problem appears in his Firefox 3.6.15. Not on other browsers on his computer, not on Firefox on other computers. I checked his Firefox options: Cookies are enabled. HTTPfox even says there is an ASPNetSessionId exchanged!
How come? Can anyone shed some light? FWIW, my web.config doesn't say anyhting about cookies or sessions. I didn't even know of these cookieless URLs before seeing them on this computer and doing some research.
Uninstall and reinstall Firefox from his machine. backup his bookmarks first so he doesnt lose anything. It sounds like its an installation issue rather than a coding problem.
In my asp.net webforms application I am using plain and simple forms authentication hooked up into my database (with the standard membership provider). Everything works well, I can log in , log out, get roles, etc...
However, after deploying my site to the intranet IIS server I noticed that IE cannot be authenticated. The actual authentication process for logging in works (as it does tell you when your password/username is wrong) but after authentication completes it claims you aren't logged in.
This is only on my deployed IIS environment as locally while in my VS environment everything works just fine in IE. While in the deployed IIS chrome and Firefox work just fine.
The only thing I can tell is it looks like IE isn't getting or saving the authentication cookie. This is not IE setting related as I have my IE8 set to accept all cookies, and I tested on a coworker's IE8 machine and another's IE7 with the same results.
My web.config is using the following settings:
<authentication mode="Forms" >
<forms cookieless="UseCookies" />
</authentication>
Does anyone at least have a clue on where I would look to begin debugging this issue?
Thanks,
Edit: I have been forced to fix this issue now, since my webserver is not working well with URL authentication.
I have used fiddler and figured out that IIS7 is not sending any cookies to me when I am in IE. No cookies are in the headers. The cookies are correctly in the headers when serving the site to Mozilla and Chrome browsers though. I am at a loss as to why.....
Edit2: As a side note, when I log into the web server directly, if I go to Http://localhost/ IIS sends IE the cookies fine, but if I go to http://qa_build/ (that's the computer name for the server) IIS won't send the cookies to IE.
Finally figured out the answer. It turns out if the domain has an underscore in it, Internet Explorer will not store cookies. Changing the computer's name to qabuild fixed it.
http://support.microsoft.com/kb/316112
Is there another submit button on the page somewhere that is not related to the login?
I had a similar problem when trying to log in once, and discovered it only happened when I hit enter instead of clicking the login button, and it was being caused by another button taking the default button click. It would authenticate, but it would not give me any user roles.