Reputation: 5182
Microsoft Authentication loop with ASP.NET MVC 5 application
I have an ASP.NET MVC 5 web application deployed on Azure which suffers from an authentication loop.
At first I discovered that it was an HTTP problem, so I forced HTTPS from Azure. The problem went away, but it reappears after a while after the deploy. Deploying again (the same version) resolves the loop, which comes back after a while. What can it be? What should I look for?
So far I've tried to include the following in my Web.config
<add key="owin:AppStartup" value="false"></add>
And this in my Startup.auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieSecure = CookieSecureOption.SameAsRequest,
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri
});
}
I've created the MVC 5 project by specifying login with organization account, and enabled the same thing in the deploy profile:
I don't know what else to try, help.
Upvotes: 1
Views: 807
Answers (1)
Reputation: 11
The same here, I'm out off options on this one. You just cannot reproduce this to find the exact cause.
This is what I did in the meantime:
AuthStartup.cs:
app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieSecure = CookieSecureOption.Never });
Global.asax.cs
protected void Application_BeginRequest(object sender, EventArgs e) { if (!Request.IsSecureConnection) Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + httpContext.Current.Request.RawUrl); }
Overriding the Authorize Attribute:
public class AuthorizeFromHTTPAttribute: AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { if (!filterContext.HttpContext.Request.IsSecureConnection) { UriBuilder redirectUrl = new UriBuilder( filterContext.HttpContext.Request.Url); redirectUrl.Scheme = "HTTPS"; redirectUrl.Port = 443; filterContext.HttpContext.Response.Redirect(redirectUrl.ToString()); return; } else { base.OnAuthorization(filterContext); } } }
A new publish from Visual Studio to Azure solves it for a certain period. So is this something serverside??
Working InPrivate or InCongnito does not solve it either. Cleaning up your cookies either...
Upvotes: 1
Related Questions
- asp.net mvc azure AAD authentication infinite loop
- Azure AD authentication in ASP.NET MVC 5
- Azure AD Signin from MVC App Redirect Loop
- Asp mvc User Login using Azure
- `[Authorize(Roles = "admin")]` Infinite loop ASP.NET MVC and Azure Active Directory B2C
- OWIN Authentication in MVC 5 Loops while User.IsAuthenticated = false
- How to fix infinite loop with Asp.NET Identity Login using AuthorizeAttribute?
- How to stop authorization loop?
- Application_AuthenticateRequest infinite loop
- Authentication using Azure