Search code examples
c#asp.netcookiesasp.net-membershipiis-8

SetAuthCookie does not set cookie on our test server


I am trying to setup my website on a new environment, and I have a problem with the membership provider.

I can call Membership.ValidateUser, which returns true and false, as it should. That is perfect.

However, on my new environment, the cookie is never set. I can see on localhost and our production server, that it sets a cookie called CommunityServer, but not on our new environment.

Web.config code:

<authentication mode="Forms">
      <!-- development -->
      <forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="~/user/login" slidingExpiration="true"/>
      <!-- deployment -->
      <!--<forms name=".CommunityServer" domain="domain.com" protection="All" timeout="60000" loginUrl="~/user1.aspx" slidingExpiration="true" />-->
    </authentication>
    <authorization>
      <allow users="?"/>
    </authorization>

Log in code:

if (String.IsNullOrEmpty(UsernameLogin)) {
                ModelState.AddModelError("UsernameLogin", Strings.Error_NoLoginUsernameEntered);
            }
            if (String.IsNullOrEmpty(PasswordLogin)) {
                ModelState.AddModelError("PasswordLogin", Strings.Error_NoLoginPasswordEntered);
            }
            if (!Membership.ValidateUser(UsernameLogin, PasswordLogin)) {
                ModelState.AddModelError("UsernameLogin", Strings.Error_LoginFailed);
            }


            if (!ModelState.IsValid) {
                return View(new UserLoginModel() { Title = String.Format(Strings.Site_Title, Strings.UserLogin_Title) });
            }

            FormsAuthentication.SetAuthCookie(UsernameLogin, true);

            // we know this code is run and I am being redirected to the return url
            if (!String.IsNullOrEmpty(ReturnUrl)) {
                return Redirect(ReturnUrl);
            }

Any ideas of hints about why our cookie is never set? It is an IIS 8 server.


Solution

  • Add the domain="domain.com" on the parametre of authentication, to say to the cookie to be valid to the full domain, and to the correct domain, or else there is the possibility to not been able to be set.

    <authentication mode="Forms">
          <!-- development -->
          <forms name=".CommunityServer" domain="domain.com" protection="All" timeout="60000" loginUrl="~/user/login" slidingExpiration="true"/>