L
Lee Wilkie
Dear All,
I'm new to ASP.NET and have been developing a small app at work to test
Forms Authentication. When running on my development machine (using
http://localhost/TestApp/Login.aspx for example) everything works fine -
that is, a successful (authenticated) login grants access to other app pages
and the authorization cookie is saved as expected on the local machine.
Unfortunately everything turns ugly when trying to 'test' the app from
another machine on the LAN (now using http://<dev machine
name>/TestApp/Login.aspx rather than 'localhost'). The user enters their
credentials as usual and hits 'login' (and this is where it gets
interesting...), the app correctly authenticates the given user details
(I've added suitable response.write's to show this) but FAILS to authorize
the user and promptly redirects them back to the login page.
Now having spent a 'good few' hours trying to figure this out, it seems that
for whatever reason, any browser OTHER THAN the one on the development
machine FAILS TO PERSIST the authorization cookie (or any other cookie
created by the app for that matter) even though cookies are clearly enabled
on these browsers! I've witnessed that cookies from 'external' web sites are
persisting okay and are subject to IE's cookie settings but those cookies
from my app are simply not working. I've even used an HTTP 'inspection tool'
to view the app's server responses and can clearly see the 'Set-Cookie'
sections in the header!
So in short I believe that authorization is failing because the app cannot
'identify' the client due to the client failing to provide valid
authorization details given to it after a successful login.
Here's some info about my setup that may help a diagnosis!:
Dev machine is XP Pro running ASP.NET 1.1 and IIS 5.1.
IDE is VS.NET 2003.
Remote test machies are W2K, XP Pro and NT4 all with IE6.
As far as I know all machines have latest service packs/patches. ANY help
would be much appreciated as this is driving me crazy.
Thanks in advance,
Lee Wilkie.
I'm new to ASP.NET and have been developing a small app at work to test
Forms Authentication. When running on my development machine (using
http://localhost/TestApp/Login.aspx for example) everything works fine -
that is, a successful (authenticated) login grants access to other app pages
and the authorization cookie is saved as expected on the local machine.
Unfortunately everything turns ugly when trying to 'test' the app from
another machine on the LAN (now using http://<dev machine
name>/TestApp/Login.aspx rather than 'localhost'). The user enters their
credentials as usual and hits 'login' (and this is where it gets
interesting...), the app correctly authenticates the given user details
(I've added suitable response.write's to show this) but FAILS to authorize
the user and promptly redirects them back to the login page.
Now having spent a 'good few' hours trying to figure this out, it seems that
for whatever reason, any browser OTHER THAN the one on the development
machine FAILS TO PERSIST the authorization cookie (or any other cookie
created by the app for that matter) even though cookies are clearly enabled
on these browsers! I've witnessed that cookies from 'external' web sites are
persisting okay and are subject to IE's cookie settings but those cookies
from my app are simply not working. I've even used an HTTP 'inspection tool'
to view the app's server responses and can clearly see the 'Set-Cookie'
sections in the header!
So in short I believe that authorization is failing because the app cannot
'identify' the client due to the client failing to provide valid
authorization details given to it after a successful login.
Here's some info about my setup that may help a diagnosis!:
Dev machine is XP Pro running ASP.NET 1.1 and IIS 5.1.
IDE is VS.NET 2003.
Remote test machies are W2K, XP Pro and NT4 all with IE6.
As far as I know all machines have latest service packs/patches. ANY help
would be much appreciated as this is driving me crazy.
Thanks in advance,
Lee Wilkie.