Sign in
 
HomeInternet Explorer 10Internet Explorer 9Internet Explorer 8Previous VersionsLibraryForums
Internet Explorer TechCenter >
Internet Explorer 10 breaks our Forms Authentication websites

Answered Internet Explorer 10 breaks our Forms Authentication websites

  • Friday, November 09, 2012 3:34 PM
     
     
    Sign In to Vote
    0

    We have numberous websites that run a simple forms authentication against a SQL server database that contains user information.  They are all textbook implementations and have worked flawlessly for  years.  Opening the website in Internet Explorer, however, fails miserably.

    1. Navigate to website and the public facing page displays fine.

    2. Click on any content and reditedted to login page which displays fine.

    3. Login with username and password and you are properly directy to the content. However, every navigation request requires a new login.. URLs contain a hugely long and useless string, e.g.,

    http://www.website.com/(F(YDpijgiGuQXrUb0GIfPieYsWFmUx0qAf5o3zQfSyuCFKr3dhRjrzlVERuAnUNYfEgab9F7AXHnsm8DgphdFEPdYO7vm9uZE9Lm6ay1T3OrEncmh4SR9652iq-Ae7R7FlAUupG_-S2Lob-HEMe-iw7WUaBdY1))/default.aspx

    4. Here is our authorization tag from web.config:

        <authentication mode="Forms">
          <forms loginUrl="/login.aspx" name=".ASPXFORMSAUTH" protection="All" timeout="30" path="/"/>
        </authentication>

    5. What is going on? I need to get this fixed ASAP, certainly before the release of IE 10 for Windows 7.

    Thank you in advance for any help, suggestions, or pointers?

    ~ David Taylor

     

All Replies

  • Saturday, November 10, 2012 8:56 AM
     
     
    Sign In to Vote
    0

    Hi,

    Tools>Internet Options>Security tab, click "reset all zones to default"

    Trusted Sites icon, 'Sites' button.... what domains have you listed in the Trusted Sites list? Compare between IE9 and IE10 machines.

    there is an ie security zone setting to prevent navigation to domains of lower integrity...

    some sites may be using sub domains for authentication (eg... account.google.com handles googles forms authentication)...

    it is unusual to have your login and password forms in your server's root folder...usually it is placed in its own folder where https is required.

    for questions about html, css and scripting for web site developers please post to the IE Web Development forum with a link to your website for us to inspect the code...

    you can debug networking (redirects) issues in Ie10 Desktop mode using the Developer tool (f12>Networking tab, click "start capturing".... navigate to your site)...

    Rob^_^

     
  • Monday, November 12, 2012 5:39 PM
     
     Answered
    Sign In to Vote
    0

    Thank you for your reply.

    It turns out that the reason for this is that there is a known bug in the server (IIS), not in Internet Explorer. Basically, IIS does not know about IE10 and cannot send an appropriate response.  For Framework 4, there is a hotfix, for older versions there is a workaround.  We applied the workaround and everything is good now. More information is available here:

    http://stackoverflow.com/questions/6983732/ie10-user-agent-causes-asp-net-to-not-send-back-set-cookie-ie10-not-setting-coo

    ~ David Taylor

    • Marked As Answer by Pitcairnia Monday, November 12, 2012 5:39 PM
    •  
     
  • Tuesday, November 13, 2012 2:11 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi David,


    Glad to hear this issue has been solved. Thanks for sharing. We really appreciate your time and efforts. Hope your experience will help other community members facing similar problems.


    Regards,

    Vincent Wang

    TechNet Community Support