I hope nobody will mind if I chip in a late contribution on this one. I was having the same problem: logging in to my ASP.NET MVC 4 app wasn't working from an iPhone Safari browser. I ended up opening the relevant port on my development machine to allow my iPhone to access the application instance running in IISExpress, so that I could debug it.
I set a breakpoint in my application code and made the relevant request from my phone. I then compared that header content with the header content of a request that I knew was working (from a desktop browser). I found that there was no cookie header information associated with the iPhone request.
So...that led me to my iPhone's Safari settings page. For some reason my privacy settings were set such that 'Accept Cookies' was 'Never'. I changed it to 'From visited' and it solved my problem. According to what uncle Google tells me, 'From visited' is the default setting for iPhones. I guess if we wanted to support the 'Never' case then we'd have to look down the path of implementing cookieless forms authentication (along the lines discussed here).
Hope that helps somebody :).