Issues with ASP.NET Forms Authentication on Phonegap (Android) Issues with ASP.NET Forms Authentication on Phonegap (Android) asp.net asp.net

Issues with ASP.NET Forms Authentication on Phonegap (Android)


android asp.net cordova authentication cookies

I believe I have found the solution. The Phonegap version on your config.xml file is cli-5.1.1, which includes Android Phonegap version 4.0.2 according to the documentation.

The problem with the versions is it seems the Android Phonegap team eventually fixed the cookie storage problem on version 5.2.0. It can be found in release notes as:

CB-10896 We never enabled cookies on the WebView proper

Therefore, updating your Phonegap to latest version should solve the problem.

android asp.net cordova authentication cookies

PhoneGap loads files from file:// protocol. Unfortunately, cross origin requests are not allowed and unless you open cross origin requests from all hosts *, this problem will not resolve.

There are multiple ways this can be fixed but they are really long.

Load Html from http://

Load entire website from web server instead of local storage. This removes all issues with cross origin requests. Benefit is you don't need to publish new version of app when you change UI. But you will have to implement very powerful caching and first time opening app will take longer time.

Intercept http:// and deliver local files

As you know, phonegap simply uses WebView, in all platforms, you can simply override Url protocol to inject files from your app's local storage. This will be faster, and browser will think that it is loading html from same resource.

Setup OAuth + custom header for authentication

  1. Redirect to a login page hosted at your website say http://domain.com/api/login
  2. After successful login, use PhoneGap localStorage (not browser's localStorage) to store authorization.
  3. Navigate to your local html pages from app and for each json api request you send to server, send authorization header as separate header in ajax request.
  4. Setup a Authorization module, where you can manually authorize asp.net request if your authorization was sent through custom header in http request

android asp.net cordova authentication cookies

According to MSDN:

The FormsAuthentication.SignOut method removes the forms-authentication ticket information from the cookie.

And that's all you need to log the user out. You don't need to expire or remove your cookie itself. Simply change your Logout() to:

[ActionName("logout")][AllowAnonymous]public String Logout(){    FormsAuthentication.SignOut();    return "home";}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last