Forms Authentication Doesn't Work In IE11 But Does In Older Versions
IE11 for Windows 7 was released today. And much like when IE10 came out, Forms Authentication has stopped working for me after updating.
Using the dev tools to switch the document mode to IE10 or lower didn’t help, but switching the user agent string did.
This is because IE11’s user agent string no longer identifies itself as Internet Explorer and ASP.NET sniffs the user agent string to determine what JavaScript to render, or in this case how to handle cookies.
The default value for IE11 on Windows 7 is
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoWhile the value used for IE10 is
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Microsoft previously released an update that patches the browser definition files in %windir%\Microsoft.NET\Framework\v4.0.30319\Config\Browsers so they’ll correctly detect IE11, and all of our machines were up to date.
Or so I thought.
Managed Hosting Isn’t Always Hands Off
It turns out one of our servers was setup to use the hosting provider’s internal WSUS server, while the rest of them were using the default Windows Update servers. For some reason this update, along with about 45 others that were also needed, have yet to be approved by our hosting provider which left this machine severely outdated without us realizing it.
The update in question is KB2836939, and requires a reboot. You may also need one or more of the updates listed in this post that explains IE’s new user agent string a bit more.
Lessons Learned
- Make sure all of your servers are using the same Windows Update feed
- Managed hosting isn’t always hands off like they advertise
- Bring snacks when installing 101 updates, it took 2 hours and 45 minutes to fully update this server