2

After logging in, the value of Request.IsAuthenticated does not remain true. It works perfectly on all major desktop browsers, but not on mobile safari on iPad.

I've tried both the solutions posted Asp.Net Forms Authentication when using iPhone UIWebView and ASP.NET authentication cookies not stored when using jQueryMobile on iPad and none of them seem to work. Any idea why it's not working?

Thanks for any help in advance.

Community
  • 1
  • 1
WhatsInAName
  • 675
  • 2
  • 12
  • 32
  • Have you found a solution? I'm having the same problem (i.e., using an ASP.NET MVC 4 site and forms authentication, I cannot log in from an iPad/iPhone, have it store a persistent cookie, and remember the login the next time the site is accessed from the iPad/iPhone). Anyone??? I've spent days on this, trying all sorts of different things, searching the Internet, and even posting my own question(s), but no luck in solving it. – lmttag Oct 08 '12 at 17:04
  • Bump. Me too... Very frustrating... – Boycs Nov 10 '12 at 10:22

3 Answers3

4

Sorry to dig up an old thread, but this is one of the top results when searching for MVC and ipad login issues.

The solution that I found is to force the cookieless="UseCookies" attribute of the authentication tag in the web conifg.

<authentication mode="Forms">
  <forms loginUrl="~/LogOn" timeout="2880" cookieless="UseCookies"/>
</authentication>

For some reason the Mobile Safari browser sends a header that requests cookieless sessions, and if the attribute isn't set it will default to rewriting the url with a session token. For some reason this doesn't always work, resulting in a broken login.

Jason Kulatunga
  • 5,606
  • 1
  • 23
  • 50
1

OK I solved this by a bit of a brute force on the response caching...

public void Application_PreSendRequestHeaders(Object sender, EventArgs e)
{
    Response.Cache.SetCacheability(HttpCacheability.NoCache);
}

This forced the response header to be set to Cache-Control:no-cache which forced Safari under iOS6 to stop caching the POST.

Hat tip to https://stackoverflow.com/a/7087989/10573

Community
  • 1
  • 1
Boycs
  • 5,344
  • 2
  • 25
  • 23
1

I hope nobody will mind if I chip in a late contribution on this one. I was having the same problem: logging in to my ASP.NET MVC 4 app wasn't working from an iPhone Safari browser. I ended up opening the relevant port on my development machine to allow my iPhone to access the application instance running in IISExpress, so that I could debug it.

I set a breakpoint in my application code and made the relevant request from my phone. I then compared that header content with the header content of a request that I knew was working (from a desktop browser). I found that there was no cookie header information associated with the iPhone request.

So...that led me to my iPhone's Safari settings page. For some reason my privacy settings were set such that 'Accept Cookies' was 'Never'. I changed it to 'From visited' and it solved my problem. According to what uncle Google tells me, 'From visited' is the default setting for iPhones. I guess if we wanted to support the 'Never' case then we'd have to look down the path of implementing cookieless forms authentication (along the lines discussed here).

Hope that helps somebody :).

sammy34
  • 5,212
  • 4
  • 25
  • 34