Click here to Skip to main content
15,867,871 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
I am working on creating a legal case management system using ASP.net SQL Server 2012 & C#. I have this app hosted in the local intranet IIS on windows 10 pro system. I am using .NET 4.0.
<compilation debug="true" targetFramework="4.0"/>
<httpRuntime requestValidationMode="2.0" />

<pages enableEventValidation="true" validateRequest="false" controlRenderingCompatibilityVersion="4.0" clientIDMode="AutoID">


So long everything was working as expected on the development system and on the production server. The issue is that now on login the app is creating the cookies in the login page but once it reaches the dashboard page the cookies disappear/deleted in all major browsers. But on my dev machine, this issue is only on the Edge & explorer 11 other browsers are loading them properly.
Since I moved this app to the Win 10 Pro production server I am facing this issue previously it was hosted on Win 7 Pro.

What I have tried:

I tried setting the cookies on the dashboard page itself by passing the login user details to it in encrypted format in the querystring. but cookie just dont stay in the browser.
Posted
Comments
Richard Deeming 6-Nov-18 8:06am    
"... Win 10 Pro production server ..."
Windows 10 is not a server OS. It is deliberately limited to 10 concurrent connections to prevent you from using it as such. You should be using a proper server OS to host your production site.

"... passing the login user details to it in encrypted format in the querystring ..."
Don't do that. The login credentials should be passed in a POST request to your login page to prevent caching. The login page should validate the credentials and set the authentication cookie. The forms authentication module should then validate that cookie on each subsequent request. Everything should be served over HTTPS.


Use your browser's developer tools to check the network requests to see if you can spot what's going wrong. One possible cause would be setting the authentication cookie from an HTTPS page and then redirecting to an HTTP page, rather than serving the whole site over HTTPS.
Christopher Fernandes 6-Nov-18 8:42am    
I am not passing the login credentials in the query string but the auth key in an encrypted format.
Richard Deeming 6-Nov-18 8:58am    
Again, don't do that. The authentication key should be stored in a cookie.

Anything you put in the query string will appear in the browser's history, your log files, your user's ISP's log files...

(If you're using HTTPS, then the ISP won't be able to see it. But my point still stands.)
Christopher Fernandes 6-Nov-18 9:57am    
ok
Christopher Fernandes 20-Nov-18 12:45pm    
Which Windows server version would be best to host ASP.NET Webforms & ASP.NET MVC Apps Also Sql Server Enterprise Edition?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900