A user of our system (Silverlight 4/WCF Ria Services) has a problem using Internet Explorer 9 and our application. Using FireFox isn´t a problem. I tried to reproduce the problem on other systems, with an equal configuration as the user´s system has, but i can´t reproduce the problem. So i think it´s a wrong configuration on the user´s system.
The problem is that the access to all domain service operations is denied, although the user logged in successfully to our application.
The server log contains for each operation that is called by the above user the following entry:
Exception of type System.UnauthorizedAccessException logged
Extended Properties: StackTrace - System.UnauthorizedAccessException: Access to operation 'xxxx' was denied. at System.ServiceModel.DomainServices.Server.DomainService.ValidateMethodCall(DomainOperationEntry domainOperationEntry, Object[] parameters, List`1 validationResults)
at System.ServiceModel.DomainServices.Server.DomainService.Query(QueryDescription queryDescription, IEnumerable`1& validationErrors, Int32& totalCount)
Each DomainService class is decorated with the RequiresAuthentication-Attribute. No other attributes are applied on classes or methods. We are using a custom authentication service derived from AuthenticationBase and a custom user class derived from UserBase.
The user has the following programm versions: IE9 Version: 9.0.8112.16421 Silverlight Version : 4.0.60531.0
Ok, i found the solution. The problem was that some Internet Options of the IE 9 in the Advanced Privacy Settings were set wrong.
The automatic cookie handling was overridden (CheckBox checked) and all cookies (First-party and Third-Party) were blocked. Also session cookies were denied.
After disabling the override of automatic cookie handling or allowing session cookies, the user can use our application as expected in the IE 9.