asp.net - RedirectToAction throws 400 error in IE10

Question

I have an ASP.Net MVC3 site using RedirectToAction like so:

return RedirectToAction("Index", interstitialController,
                        new { userName = model.logInInfo.UserName, redirectString = redirectUrl, authToken = login.authenticationToken, reason = login.reason, status = login.status, provider = login.provider });

For some reason this is causing IE10 to generate this as a request:

https://site.com/(F(7vkS9Als2GF4acdwa9JNTwHsOkeFIsGcdMGU-FIT0X1IC3UwpkeZrPvTp1WmCbC7aY890yhpaeS4dadGjjUrym9Z_UOHYUUezRjD_buWV8pJU35yl2MHLz_CqzpJx65UyW5qDYdBJ8RMVj5kp02eaKzhX2--JcFvwPsYKeGk11t5MHWU4sbnFYw7keYlAuB5p4_JSVnn99SS28M8wWjQPNzw89G5qXwFRyrCYgIDDrWUUsefofkfEB66gIF2Abet0))/Interstitial/Index?userName=user.name%40earthlink.net&redirectString=http%3A%2F%2Fwww.site.com%2Fcos_auth%2Fauthenticate.asp%3F_auth_token%3DPTZPGf5FDdVAtkXRXRd1piW5jTYSmjyraiQ79LEvrPsaf4kNDQLbJW%252bG5vZtRnSOZ50mLVm%252frF7Ne16uwQVXOOsnBzSeXj9RIUaEIpjmtFCUWOVDEldrVpIL6KBJasJ%252bac2pzS1oSKAqAK2kywt869NGQdWDM7u0%252fRHVikatRIHv8SpXiyz94eeaBEraKAnz%26persist%3D1&authToken=PTZPGf5FDdVAtkXRXRd1piW5jTYSmjyraiQ79LEvrPsaf4kNDQLbJW%2BG5vZtRnSOZ50mLVm%2FrF7Ne16uwQVXOOsnBzSeXj9RIUaEIpjmtFCUWOVDEldrVpIL6KBJasJ%2Bac2pzS1oSKAqAK2kywt869NGQdWDM7u0%2FRHVikatRIHv8SpXiyz94eeaBEraKAnz&status=Success&provider=COS

This should look like this:

https://site.com/Interstitial/Index?userName=user.name%40earthlink.net&redirectString=http%3A%2F%2Fwww.site.com%2Fcos_auth%2Fauthenticate.asp%3F_auth_token%3DPTZPGf5FDdVAtkXRXRd1piW5jTYSmjyraiQ79LEvrPsaf4kNDQLbJW%252bG5vZtRnSOZ50mLVm%252frF7Ne16uwQVXOOsnBzSeXj9RIUaEIpjmtFCUWOVDEldrVpIL6KBJasJ%252bac2pzS1oSKAqAK2kywt869NGQdWDM7u0%252fRHVikatRIHv8SpXiyz94eeaBEraKAnz%26persist%3D1&authToken=PTZPGf5FDdVAtkXRXRd1piW5jTYSmjyraiQ79LEvrPsaf4kNDQLbJW%2BG5vZtRnSOZ50mLVm%2FrF7Ne16uwQVXOOsnBzSeXj9RIUaEIpjmtFCUWOVDEldrVpIL6KBJasJ%2Bac2pzS1oSKAqAK2kywt869NGQdWDM7u0%2FRHVikatRIHv8SpXiyz94eeaBEraKAnz&status=Success&provider=COS

It works fine on IE10 in compatibility mode, but not in non-compatibility mode. Not sure what is causing this. As you can see, it is inserting some garbage into the request that is causing it to fail. Has anyone seen this before?

Answer 1

That garbage looks like what happens in cookieless sessions.

If you change your web.config to have <forms cookieless="UseCookies", it will get rid of that stuff.

From MSDN FormsAuthentication.CookieMode:

The CookieMode property reflects the value for the cookieless attribute of the forms configuration element. The CookieMode property determines whether the FormsAuthenticationTicket value will be stored in a session cookie in the browser or stored in the QueryString property.