Scott Hanselman

FormsAuthentication on ASP.NET sites with the Google Chrome Browser on iOS

July 5, '12 Comments [19] Posted in ASP.NET | ASP.NET MVC | Bugs
Sponsored By

A few people have said that they have noticed problems the new iPhone/iPad Google Chrome apps as well as trouble with applications that use hosted Safari inside of UIWebView (which is what Chrome is) or apps that host a website in PhoneGap. If you're using FormsAuthentication (in WebForms or MVC, doesn't matter) then Google Chrome for iOS might switch FormsAuth to Cookieless mode, which sucks for everyone.

This has been fixed in .NET 4.5 and you won't see this problem if you have .NET 4.5 installed, even if you're running a .NET 4 application. For example, Bing.com is running .NET 4 applications under .NET 4.5 RC and wouldn't see this. If you install 4.5 (now or later) ASP.NET will always assume clients support cookies.

If you want to tell ASP.NET 4.0 or earlier that EVERY browser supports cookies for FormsAuth you can do ONE of these things:

1. Change Generic.Browser for your app (or machine)

Make a file called generic.browser in a folder called App_Browsers and put this in it:

image

<browsers>
<browser refID="GenericDownlevel">
<capabilities>
<capability name="cookies" value="true" />
</capabilities>
</browser>
</browsers>

2. Force Cookieless=UseCookies in your web.config

Add cookieless="UseCookies" for your forms element in web.config.

<authentication mode="Forms" >
<forms loginUrl="~/Account/LogOn" timeout="2880" cookieless="UseCookies" />
</authentication>

Hope this helps.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Thursday, July 05, 2012 11:40:28 PM UTC
Thanks.

I was just getting ready to start debugging.
Friday, July 06, 2012 12:45:38 AM UTC
Thanks!! this info helped one of my technical team member.
Friday, July 06, 2012 4:27:24 AM UTC
One of those annoying little things solved! Thanks!
Friday, July 06, 2012 6:31:18 AM UTC
Hi Scott, I got an error on the browser file. I had to put element "browsers" around it.
Hugo de Vreugd
Friday, July 06, 2012 3:51:31 PM UTC
This is also an issue with iOS PhoneGap apps - this setting fixed it. Perfect timing!
Saturday, July 07, 2012 8:36:28 AM UTC
Does Asp.Net 4.5 change the .browser file based cookie feature detecting mechanical or just fix this specific bug? Thanks
Saturday, July 07, 2012 10:26:46 AM UTC
4.5 assumes all browsers support Cookies.
Scott Hanselman
Sunday, July 08, 2012 5:23:50 AM UTC
This is good news. :)
Monday, July 09, 2012 1:52:28 PM UTC
Is this why some websites in desktop Chrome (on the Mac) don't think I have cookies enabled? For example, Nordstrom.com.
jinushaun
Thursday, July 12, 2012 1:53:44 PM UTC
Jinushaun - I'm not sure, but it's very likely that's why, yes.
Sunday, July 15, 2012 6:45:09 AM UTC
Had noticed this last week. Had forgot to get around to this. Thanks for info!
Mike
Wednesday, August 29, 2012 8:13:21 AM UTC
I have .NET 4.0 installed and I'm seeing the above behavior for Safari 5.1.7. Making either / both of the changes you recommend makes no difference - the user is still re-directed back to the login screen.

Is there anything else which can be done?
Pete
Thursday, November 01, 2012 7:27:54 PM UTC
Pete: We added cookieless="UseCookies" to the sessionState tag as well and that seemed to do the trick with Safari on iPads.

Thanks SH for the nuggets of wisdom that help keep things rolling over here!
Rob
Tuesday, November 27, 2012 10:18:15 PM UTC
Wow, this solved our problem. Our iphone app that uses a UIWebView running on an iPhone using ios 5.1.1 had the issue but the same app running on ios 6.0 device did not. Using solution 2 above fixed it. Funny enough the error did not occur in the ios 5 simulators only on a real device. I did not see the error on my machine as I have .net 4.5 installed, it only showed up on our hosted test site (Rackspace).
Brian
Thursday, December 20, 2012 4:50:41 AM UTC
Hi,
I am facing same issue on IPAD but scenario is when user clicks on "remember me" user is authenticated and cookie is set.But after few hours only on IPAD cookie expires giving 500 internal server error.I have used Approach 1 and Approach 2 of above mentioned suggestions.
Still no success. What is the root cause of this Issue.
Please can you explain !!
Ali Yasir
Monday, March 04, 2013 6:31:16 PM UTC
Thank you, you saved me a lot of time!
Samir
Tuesday, March 19, 2013 1:41:32 PM UTC
Thanks Scott, this really saved my day.

Was going crazy, not being able to figure this out.
Saturday, July 27, 2013 2:06:44 PM UTC
Thank you!
qxtxSoft
Monday, August 05, 2013 7:53:55 AM UTC
i tried this but its not working for me. still facing this problem on ipad3. even i tried by adding browser file too. but still doesn't work for me.

Thanks Regards
Parm
Parm
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.