ASP.Net Mobile Authentication

Posted by on October 28, 2007

I had the opportunity last week to help a co-worker trouble shoot some authentication issues with his ASP.Net mobile web site.  This is the first mobile site the company has created and is response to creating some applications that can be made available on blackberry devices.  The site was put together rather quickly using Forms authentication.  It was interesting to see that on  the blackberry 8800 the site worked fine.  We were able to log in and navigate from page to page.  To my surprise, my Cingular 8525 did not work quite as well.  I was able to log in to the site but as soon as I selected one of the links to another page I was sent back to the log in screen. 

It turns out that pocket IE does not support redirect with cookies.  This is the default for forms authentication.  To solve this issue, one must make sure that they do not use relative urls.   What happens in this scenario is that the authentication token is inserted into the url to be passed between the pages.  If your page path is like this:

It would be changed to be:<authtoken>/Somepage.aspx

Notice how the authtoken is inserted.  By default, when you add a link to the web page on a mobile device it sets the navigateurl to "~Somepage.aspx".   This causes the issue with ie because it overwrites the authtoken piece.   The simple fix was to remove the ‘~’ in the path.  With that small change, the links work fine with pocket ie. 

One other note about the forms authentication for Mobile web sites.  They use a different object for setting the authentication cookie.   Instead of FormsAuthentication you need to use MobileFormsAuthentication.


Comments are closed.