Forms Authentication fails for IE only in IIS 7.5 classic mode

Thought is was time to bring this to the Stack. We have IIS 7.5 (classic mode), .net 2.0 on Windows Server 2008. The app was upgraded from .net 1.1 with no issues/changes needed. It was migrated from Server 2000. Once in its new home, Forms Authentication started to hiccup for IE users. IE users 开发者_Python百科can log in, arrive at the successful login destination page which has a paragraph of text, a WebControlLibrary sound bit (mp3) and an asp button. Upon button click, IE users are immediately sent back to login. It happens so fast, does not appear to postback, but fiddler says it does and shows it posts back twice with a sneaky 302 redirect mixed in.

On fiddler, Firefox shows no 302s and works fine as does Chrome. This only happens externally to our network as well, on IE7/8, internal testing is fine.

I have seen where users have reported that an underscore in the url can cause this..don't have one. Mixing authentication modes in IIS 7.5 can cause issues, we use classic mode. I have seen where javascript used to call the postback for the button can cause this, we use standard .net button onclick event in code behind (that simply checks a page number then does a response redirect to the next page in the app.)

I have roamed google and bing (and here) for the better part of a few days to no avail. I apologize for the vagueness of the question.

EDIT: No underscores in server name. Here is the process as visible by a user. You Login, login page refreshes and asks you to verify you are who you say you are. If you say yes, you go to instructions.aspx. This pages buttons will postback as you hit "continue". IE dies on first conitnue click and note the odd stuff in fiddler...FF is fine and moves on to rest of app.

IE 8
Result  Protocol    Host        URL                 Body
200     HTTP        CONNECT     /                   0
200     HTTPS       xxxxxx.com  /                   12,354
200     HTTPS       xxxxxx.com  /login.aspx         8,139
302     HTTPS       xxxxxx.com  /login.aspx         137
200     HTTPS       xxxxxx.com  /instructions.aspx  6935
302     HTTPS       xxxxxx.com  /                   131
302     HTTPS       xxxxxx.com  /logout.aspx        130
200     HTTPS       xxxxxx.com  /login.aspx         12,354
302     HTTPS       xxxxxx.com  /insturctions.aspx  167
200     HTTPS       xxxxxx.com  /login.aspx?ReturnUrl=&...


FireFox
Result  Protocol    Host        URL                 Body
200     HTTP        CONNECT     /                   0
200     HTTPS       xxxxxx.com  digicert.com        12,354
200     HTTPS       xxxxxx.com  /login.aspx         8,139
302     HTTPS       xxxxxx.com  /login.aspx         137
200     HTTPS       xxxxxx.com  /instructions.aspx  6935
200     HTTPS       xxxxxx.com  /images/xxx.jpg     47
200     HTTPS       xxxxxx.com  /images/xx2.jpg     46
200     HTTPS       xxxxxx.com  /instructions.aspx  12,354
200     HTTPS       xxxxxx.com  /images/xx3.jpg     49

---

It appears that as of IE8, the forms tag attribute "domain='domain.com'" is required. Found this blob post Persistent Cookies Fail in IE8 and Windows 7 and this has solved the issue based on prelim testing.

---

The _ issue is not for the URL... it is for the server name. Can you please check and confirm if that's not the case?

Also install Fiddler (www.fiddlertool.com), and browse the site from IE. Save the logs. Clear the logs now... browse the site from Chrome, and save it again. Once done with this exercise, check and compare the logs.

[I can help if you send me the logs saved as suggested from fiddler]