Sunday, November 2, 2014

ASP.NET Form Authentication Issue with IE10

Recently one of the application that maintained by our company faced an issue with IE10, where user is logged out once he has successfully log in to the system. The application does store the authentication piece of information in cookies after successful login, however, this piece of information does not persist in the http context on subsequent requests.

After 2 days of googling, debugging and trial and error, I found out that it has to do with the form authentication setting in web.config file. And this issue only happens on IE10 browser. We can get rid of this error by explicitly setting the IE Browser Mode (through developer tools F12) to compatibility mode, however, it does not make sense at all to tell all of our users to do that.

We then discover that we have to explicitly specify in web.config file on form authentication section, to include an attribute called cookieless="UseCookies". This magic attributes save us from continuous consumption of caffeine. Below is the sample on the form authentication setting. Hope it helps.

<authentication mode="Forms">
 <forms cookieless="UseCookies" loginurl="/" name="authCookies" timeout="60000000">
</forms></authentication>