Reputation: 77
Cannot Log Into ASP.NET MVC App Using Azure AD/OpenID Connect After HTTP POST
I deployed an ASP.NET MVC app to Azure. It uses Azure AD/OpenID Connect. I can log into and log off the app if I do not perform an HTTP POST, such as update a record.
If I update a record and then log off, I cannot log back in. I see a login loop and then the Microsoft "Pick an account" page with the error "We couldn't sign you in. Please try again."
To log back in, I can either (delete the browser history/cache and then redeploy the app to Azure) or restart the app service.
App_Start/Startup.Auth.cs:
using System.Configuration;
using System.Globalization;
using System.Threading.Tasks;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin;
using Owin;
namespace InternalAppsWeb
{
public partial class Startup
{
private static readonly string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static readonly string aADInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static readonly string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
private static readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
private static readonly string authority = string.Format(CultureInfo.InvariantCulture, aADInstance, tenantId);
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/Home/Index");
return Task.FromResult(0);
}
}
}
);
}
}
}
Controllers/AccountController.cs:
using System.Web;
using System.Web.Mvc;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.Owin.Security;
namespace InternalAppsWeb.Controllers
{
public class AccountController : Controller
{
public void SignIn()
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType
);
}
}
public void SignOut()
{
HttpContext.GetOwinContext().Authentication.SignOut(
OpenIdConnectAuthenticationDefaults.AuthenticationType,
CookieAuthenticationDefaults.AuthenticationType
);
}
}
}
Global.asax.cs:
using System.IdentityModel.Claims;
using System.Web.Helpers;
using System.Web.Mvc;
using System.Web.Optimization;
using System.Web.Routing;
using InternalAppsWeb.Extensions;
namespace InternalAppsWeb
{
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
MvcHandler.DisableMvcResponseHeader = true;
ModelMetadataProviders.Current = new CustomModelMetadataProvider();
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
}
}
}
Web.config:
<appSettings>
<add key="ida:ClientId" value="fg4267g4-gc5b-57e1-8968-be31258g2b42" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
<add key="ida:TenantId" value="eg92d42g-b9d1-5bg4-b293-dg4cdf483125" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:45471/" />
</appSettings>
Upvotes: 0
Views: 1053
Answers (1)
Reputation: 10831
When asp.net application fails to recognize the authenticated request from azure ad , it fails to login and then asks to login again.This is because of issue with owin/katana which makes cookies disappear.
- In this case, please make sure the cookie is managed properly .
Ensure the following are in order :
app.UseAuthentication();
app.UseAuthorization();
and Use Cookie manager which secures cookie data Startup.Auth.cs :
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
});
Referred from : infinite redirect loop between Azure AD and MVC Asp.net application due to old version of OWIN | (aaddevsup.xyz)
Upvotes: 0
Related Questions
- Login not working using Azure Active Directory for ASP.NET Core app
- Authenticating MVC application causes endless redirect loop with OpenID Connect 3
- Issue on Redirect URI in DotNet MVC Web App during Authentication
- Unable Authenticate - Azure web app with Azure Active Directory (OpenIdConnect)
- Azure AD Open ID Connect OAuth 2.0 in ASP.NET Web APP and Web API Infinite redirect loop
- Adding Azure AD authentication to existing .Net MVC app: id_token not being validated
- Request.IsAuthenticated is always false after logging into Microsoft AD
- Azure AD Signin from MVC App Redirect Loop
- Azure AD Signin from MVC: Response status code does not indicate success: 404 (Not Found)
- Can't access web app on Azure without hitting Microsoft Login page