Friday, November 09, 2012 3:34 PM
We have numberous websites that run a simple forms authentication against a SQL server database that contains user information. They are all textbook implementations and have worked flawlessly for years. Opening the website in Internet Explorer, however, fails miserably.
1. Navigate to website and the public facing page displays fine.
2. Click on any content and reditedted to login page which displays fine.
3. Login with username and password and you are properly directy to the content. However, every navigation request requires a new login.. URLs contain a hugely long and useless string, e.g.,
4. Here is our authorization tag from web.config:
<forms loginUrl="/login.aspx" name=".ASPXFORMSAUTH" protection="All" timeout="30" path="/"/>
5. What is going on? I need to get this fixed ASAP, certainly before the release of IE 10 for Windows 7.
Thank you in advance for any help, suggestions, or pointers?
~ David Taylor
Saturday, November 10, 2012 8:56 AM
Tools>Internet Options>Security tab, click "reset all zones to default"
Trusted Sites icon, 'Sites' button.... what domains have you listed in the Trusted Sites list? Compare between IE9 and IE10 machines.
there is an ie security zone setting to prevent navigation to domains of lower integrity...
some sites may be using sub domains for authentication (eg... account.google.com handles googles forms authentication)...
it is unusual to have your login and password forms in your server's root folder...usually it is placed in its own folder where https is required.
for questions about html, css and scripting for web site developers please post to the IE Web Development forum with a link to your website for us to inspect the code...
you can debug networking (redirects) issues in Ie10 Desktop mode using the Developer tool (f12>Networking tab, click "start capturing".... navigate to your site)...
Monday, November 12, 2012 5:39 PM
Thank you for your reply.
It turns out that the reason for this is that there is a known bug in the server (IIS), not in Internet Explorer. Basically, IIS does not know about IE10 and cannot send an appropriate response. For Framework 4, there is a hotfix, for older versions there is a workaround. We applied the workaround and everything is good now. More information is available here:
~ David Taylor
- Marked As Answer by Pitcairnia Monday, November 12, 2012 5:39 PM
Tuesday, November 13, 2012 2:11 AMModerator