0

I'm having an interesting problem with FormsAuthentication on a client project I'm trying to assist with. Here's the problem:

  • The domain of web app was changed from .companyA.com to .companyB.com and I set up an IIS redirect to send anyone attempting to go to .companyA.com to .companyB.com. That works just fine.

  • Now I can't log in to the site. I did some digging and found out that there are authCookies being defined in the web.config, so I changed the the authCookie domains to match .companyB.com. I was still not able to log in.

  • I did some more digging and found that there was a SQL Reporting server set up. I changed the domain in the config files of the reporting server to match .companyB.com. Still can't log in.

For general purpose troubleshooting of this type of issue is there anywhere else I could look? I've just been put on this as a firefight so I've limited domain knowledge and can't open the solution in VS because the only VS they have available is too old for the solution.

EDIT: OK, after further digging, I found out that the user isn't authenticating wasn't the main issue. There was a problem with connecting to the reporting service DB and the exception was being swallowed up. Thankfully it showed up in the event viewer. Unfortunately this still leaves me with problems, I can't figure out why SQL won't authenticate me anymore and how changing domain names could possibly lead to that.

cledfo
  • 1
  • 1
  • Which site are you authenticating on? After changing the domain in the web.config, did the cookie domain change? – CoderMarkus Aug 30 '12 at 19:29
  • I changed the cookie domain in the web.config. I'm not sure if this needs to be changed elsewhere. The cookies currently being created on the site all have the correct domain. – cledfo Aug 30 '12 at 20:22

1 Answers1

0

Debugging is really simple. Just get any http debugger (Fiddler will do) and run your application. You will see a list of requests. Just pay attention to the response which sets the auth cookie and then what happens in consecutive requests.

You will probably see that the cookie is set but is missing futher on. This could be because the cookie is issued for domain A (you will see the cookie's domain in the debugger) and the browser is not delivering it to the domain B (which the browser is supposed to do; it will never carry cookies to other domains).

Anyway, an http debugger will be a great help here.

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
  • I'm using firebug to see responses. There is a session cookie being created only, but it does have the correct domain. It seems as though the authCookie isn't being created, which doesn't make sense since I never changed any of that logic. – cledfo Aug 30 '12 at 18:43
  • I don't know what firebug shows. To be 100% sure, use Fiddler. – Wiktor Zychla Aug 30 '12 at 19:01
  • It looks like it isn't even getting to the point where it can set an authCookie. I guess this is domain-specific and I'll have to figure it out myself. – cledfo Aug 30 '12 at 19:52