I am experiencing a strange problem with asp.net forms authentication. This problem only occurs for 3 users out of 30+ users that have successfully logged in. I am using very basic auth code that I have used many times and have never seen this problem. After the users successfully authenticates and the auth cookie is created, cookie added, and response.redirect to FormsAuthentication.GetRedirect(userid, false) is called. The Application_AuthenticateRequest method in Global.asax is hit.
// Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];
if (null == authCookie)
{
// There is no authentication cookie.
return;
}
So immediately after a “good” cookie is saved and the redirect occurs the cookie is null. I have run the code through the debugger and the cookie is only null on these 3 users. But the cookie looks the same as the cookie for the many users that login successfully.
Any ideas? This is standard code that should just work.
Are you sure the “good” cookie is saved and exits to the response? It is possible in FormsAuthentication for a good cookie to be added to the header but the response is killed on the way out by some other system error (w3wp.exe crashing for instance) so a new response is generated without the cookie and the redirect occurs anyway.
In my own experience with a problem similar to this, I had a custom Principal class that was crashing after authentication (and cookie creation) and instead of writing an appropriate cookie, removed the cookie from the response entirely.