Thursday, December 19, 2013

Solving login problems with framework 4.0 and Internet Explorer 11

So, the joys of working with IE is not only related to layout and javascript, also server functionality can totally stop working, hooray!

 One fun problem is that if you do not have 4.5 installed on your server, the server will not recognize IE11 as a cookie enabled browser (among other things), making things like session state and forms authentication stop working.

 There are a number of things one can try to resolve this, the most efficient one, but not always available is to simply install .net framework 4.5 on the server, it should be “100%” backwards compatible with 4.0, but somehow I doubt that. Do be aware that you do not have to update your application to compile against .net 4.5, you only need the framework installed on the server.

The second way is to use a custom browser file for IE11, like seen in this SO topic:
This should “solve everything”, including ajax and other framework functionality that previously did not work in IE11. A problem with this approach is that once you update the server, this browser file will override any potential changes in the machine wide browser files that is added/updated later on (like if you install .net framework 4.5 I can imagine), so this file have to be deleted manually.

The third way is to simply use the old school method of “downgrading” using the IE meta tag, the obvious downside here is that you downgrade any IE11 to run as IE10, but on the other hand, this fix is simple and can be done quite fast:

<meta http-equiv="X-UA-Compatible" content="IE=10" />

And the final way I found, which I used myself on the site I had troubles with (that uses very little ajax/control features anyways), is to install a patch on the server, and modify web.config. We are not 100% sure the patch is needed, but the blog below seem to suggest that you need it anyways:
The blog:
The patch:
After the patch is installed (or not, you can try without first), you need to update your web.config, and change to cookieless=”UseCookies” in the forms, and sessionstate tags, like for example:
<authentication mode="Forms">
  <forms name=".EPiServerLogin" loginUrl="Logga-in/" timeout="120" defaultUrl="/" cookieless="UseCookies" />

<sessionState mode="InProc" stateConnectionString="tcpip=" sqlConnectionString="data source=;user id=sa;password=" cookieless="UseCookies" timeout="20" />

This forces all browsers to try and use cookies for session and authentication regardless if they are cookieless or not, which isn't really a big problem cause it wouldn't’t work anyways, so you are not breaking anything that wasn't previously broken.