This project has moved and is read-only. For the latest updates, please go here.

Cookie authentication not working on IIS 8.5

Oct 3, 2016 at 2:26 PM
I have developed an ASP.NET webapp with OWIN authentication, which works fine on my development machine (Windows 10/IIS 10), but when the webapp is published to my Windows 2012 server with IIS 8.5, the cookie authentication does not seem te work.

When I login (with the IsPersistent setting to true) and close the browser I am still logged on, when I start my browser again, so that's OK. But when I restart IIS and startup the browser, I have to logon again, while I still should have been logged on!

I have created a very simple application to test this, with the following code:

Startup.cs
public void ConfigureAuthentication(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Login"),
            CookieName = "ThisIsTheAuthCookie"
        });
    }
AuthenticationController.cs
public ActionResult Login(string userName, string password)
    {
        //For testing purposes every user/pwd is fine
        var identity = new ClaimsIdentity(new [] { new Claim(ClaimTypes.Name, userName), },
            DefaultAuthenticationTypes.ApplicationCookie,
            ClaimTypes.Name, ClaimTypes.Role);

        HttpContext.GetOwinContext().Authentication.SignIn(new AuthenticationProperties { IsPersistent = true }, identity);

        return RedirectToAction("index", "home");
    }
Even Chrome shows the cookie, but it looks like OWIN is not using, or handling it incorrectly, it on IIS 8.5:
Image

Does anybody have an idea what the problem is?

Thx, Danny
Oct 3, 2016 at 6:20 PM
If the cookies are being invalidated after restarting IIS then you may have an issue with your MachineKey configuration and it's generating a dynamic key for each lifetime of your app. You can read up on Machine Keys here: https://msdn.microsoft.com/en-us/library/ff649308.aspx
Marked as answer by scheelings on 10/3/2016 at 2:59 PM
Oct 3, 2016 at 10:59 PM
@Tratcher, it was indeed the MachineKey.
Great.
Thx!