Revenge of the underscore!

18 Oct

The problem

I had put a couple of web sites required for testing and proof of concept onto a newly built web server. The main web site used FORMS authentication to accept the users email address and password. The site required the use of JavaScript and cookies needed to be enabled on the web browser (Internet Explorer 7) and as far as I could see this appeared to be the case.

The main observation in trying to access the main web site using the web servers hostname was that I couldn’t  get past the LOGIN screen. I would be able to login in but then the details would be ignored and the LOGIN screen would be served again. However if I accessed the web site via its IP address it worked fine. I had also been informed that the tech’ chap had been having problems setting up the DNS entry for the server so I was stuck with accessing the web server through its hostname which was xxxxxxxxx_xxweb (name changed for obvious reasons).

First I tried pinging the web server using the server name containing the underscore and this worked fine.

I then tried tracert to the web server and that worked fine too (arrived in 7 hops).

I then employed the services of the web analyser tool (FIDDLER) between client and web server to analyse what was going on with session cookies, custom cookies, forms cookie, etc and the problem appeared to be that when accessing the server by it hostname (containing the underscore), the web server sent back the session cookie to the client browser but it was discarded by the client browser in subsequent requests back to the web server. This is the flow of messages that I saw:-

1. Client issues a GET request on page Login.aspx
2. Server responds with a status 200 message (it worked) and creates and attaches a session cookie used by ASP.NET
3. Client POSTS the form data to Login.aspx but DOES NOT attach the session cookie details (it should attach them)
4. Server authenticates the client and attempts to redirect to the relevant page after login
5. Client issues a GET request on the page being redirectd to but DOES NOT attach any FORMS authentication cookie or session cookie details (again it should do this)
6. Web server cannot now recognise the request as authenticated and so issues a redirect to the LOGIN page

The above sequence works fine if I use the IP address of the web server instead of the web servers host name.

I tried turning off Windows Firewall on the client machine and this made no difference. I also turned off the McAfee Anti-virus scanner and this made no difference (I also did the same on the web server before re-enabling again and no difference).

This for me points to something about the hostname being the problem and the way that the browser interprets responses from that hostname. If cookies were going to be a problem on the client browser they would not work when using the IP address.

I wasn’t at all sure whether there was some sort of group policy thing going on that restricted traffic for certain hostnames but having checked that out, this didn’t seem to be the problem either. So now to the solution.

The solution

OK after trying absolutely everything at the code and browser level I “went a googling” and came across the following :-

http://support.microsoft.com/kb/909264

It basically says that the computer name / hostname within DNS cannot contain an underscore as it is an illegal character. Is this why the tech guy couldn’t insert the relevant DNS entry? Seems likely to me.  The consequence of naming the host with an underscore is that every version of I.E beyond 5.5 automatically blocks cookies from a hostname or DNS name containing underscores but doesn’t tell you, doesn’t issue a privacy report icon or error icon so you have no way whilst browsing to know that it has taken this course of action.

Based on the investigation previously carried out, this fit the problem description perfectly so it would be possible to replace the underscore character with say a hyphen for the computer name (right click My Computer >> Properties >> Change Settings >> Change Name) and the DNS entry was inserted no problems. Voila.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.