ASP.NET Forms Authentication authenticates in localhost server, but not on the web server

Question

Hello all,

I've been implementing the Forms Authentication in ASP.NET with C# (v3.5).

I created a simple login form, when the users' email & passwords are stored in my SQL db.

When I login in my localhost, everything works just fine, but when I published the project and uploaded it on to my production web server, things got a little bit wierd for me.

The HttpContentxt.Current.User.Identity.IsAuthenticated variable return false, even if the login was successfull (and again, in localhost everything works fine).

This is the following login button click code (I'm using my own DataAccess, ignore it's irrelevant code):

    protected void btnLogin_Click(object sender, EventArgs e)
    {
        Page.Validate("Login");
        if (Page.IsValid)
        {
            string email = txtEmail.Text;
            string passwd = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPassword.Text, "MD5");
            WebFactory.DataAccess.Users.Data userData = new WebFactory.DataAccess.Users.Data(ConnectionString);
            userData.Load(new WebFactory.DataAccess.Users.Item[] {
                new WebFactory.DataAccess.Users.Item(WebFactory.DataAccess.Users.Columns.Email, email),
                new WebFactory.DataAccess.Users.Item(WebFactory.DataAccess.Users.Columns.Password, passwd)
            });
            if (userData.HasData) // Login Success
            {
                if (!cbRememberMe.Checked)
                {
                    FormsAuthentication.SetAuthCookie(userData.Id.ToString(), false);
                }
                else
                {
                    FormsAuthentication.Initialize();
                    DateTime expires = DateTime.Now.AddDays(20);
                    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
                        userData.Id.ToString(),
                        DateTime.Now,
                        expires,
                        true,
                        String.Empty,
                        FormsAuthentication.FormsCookiePath);

                    string encryptedTicket = FormsAuthentication.Encrypt(ticket);
                    HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
                    authCookie.Expires = expires;
                    Response.Cookies.Add(authCookie);
                }
                lblStatus.Text = "";
                if (Common.QS.HasRefUrl)
                {
                    Response.Redirect(Common.QS.RefUrl);
                }
                else
                {
                    Common.UserTools.RedirectLoggedInUser(userData.Id);
                }
            }
            else // Login failed
            {
                lblStatus.Text = "Email or password is wrong. please try again."
            }
        }
    }

Thanks for all helpers, and sorry for the english mistakes.

Answer 1

Hi Gal V,

Try checking the Forms Authentication Configuration in your web.config. Specifically the domain and path variables. The domain should match the domain of your website and the path should match the application folder name. You probably won't have one of these, so just set it to "/"

You can also set up tracing to make sure that the cookie is actually being read by the application.

Answer 2

Thanks all, I solved the problem.

I just needed to enter a name attribute in the <forms> clause and everything works perfectly now.

Thanks again!