Jeff and .NET

The .NET musings of Jeff Putz

Sponsors

News

My Sites

Why would .ASPXAUTH be ignored?

I've developed a strange problem. I'm using FormsAuthentication to login users. I persist the .ASPXAUTH cookie and set its expiration to today plus 30 days.

The cookie doesn't go anywhere, but the app stops recognizing it. I check it and, indeed, the cookie is still there with an expiration a month away. The only thing "exotic" that I can think of that I do is assign some roles to the principal, but I've done that before without consequence.

Any suggestions? 

Posted: Jan 18 2007, 04:29 PM by Jeff | with 5 comment(s)
Filed under:

Comments

Ogre said:

"Machine key" issues?

# January 18, 2007 4:34 PM

AndrewSeven said:

Is it possible that the roles are stored in the same cookie and the code that sets the roles does something odd?

# January 18, 2007 5:14 PM

Jeff said:

Nope... the roles are added to the Principal object in an HttpModule. It doesn't really have anything to do with the login code, which is just the normal SetAuthCookie stuff.

# January 18, 2007 8:31 PM

ScottGu said:

Could you be running into this: http://weblogs.asp.net/scottgu/archive/2005/11/08/430011.aspx

One thing to check is whether it is a role-based persmission isue.  Within your login page add a <asp:loginstatus> control to the page, or just do a response.write of User.Identity.Name or check the Request.IsAuthenticated property.

That will tell you whether you are being redirected because they aren't logged in, or whether it is because of an authorization failure.

# January 18, 2007 10:03 PM

oddurmag said:

I ran into the same problem a while ago, but only in IE, not firefox. That was because our server names had a underscore in it, and it looks like IE does not persist cookies of the server name are not valid servernames( probably according RFC1738.

# January 19, 2007 5:36 AM
Leave a Comment

(required) 

(required) 

(optional)

(required)