Getting into an infinite redirect loop when integrated with Azure AD #219
Comments
We just added some logging that may help. Can you turn on logging and show what is going on? |
Does the latest work on the runtime I am on: 1.0.0-beta4-11532? |
It's checked into the dev branch, I can build and run against that. |
Cool, thx for this! I will give this a go shorthly. |
@brentschmaltz I figured out what was going wrong and didn't have try logging (but logging is always good! 😄) I was only getting into this redirect loop when I visited the application without HTTPS. I am guessing it has something to do with cookie and its secure flag. I could be mistaking. I forced HTTPS on my application through an IIS URL Rewrite rule an the problem is solved. I would say this is not a problem on OpenId Connect middleware but could be something that can be documented. Thanks for the help! |
@tugberkugurlu that's one of the most common reasons for the redirect loop (also with the katana middleware) |
I'm late to this party, but thought I'd add for anyone else who happens along that this isn't an ASP 5 issue. The same thing happens with the current shipping version of MVC. |
I had the same problem and my solution was this: // (...)
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "cookies",
AutomaticAuthenticate = true,
CookieName = "AuthenticationCookie",
// if this is "always" we get a infinite loop when authentication on HTTP (HTTPS is fine)
CookieSecure = CookieSecurePolicy.SameAsRequest
}); Thanks @tugberkugurlu you saved my day! I would never have though the problem would be on this line!! |
That said, authenticating over HTTP is a terrible idea... |
yes @Tratcher . |
I am also having this issue when trying to access an MVC app written in the full .net framework 4.6 on azure websites (XXX.azurewebsites.net) with Azure AD auth. I published a web forms app instead and it works just fine. :( |
How would you set
Currently we are not on HTTPS, but we just need to make authentication working from now as it will take for us some time to switch to HTTPS. as far as I know when you call UPDATE:
However it is seams like it is didn't help UPDATE |
@kuncevic None of this applies to JWT. [edit] |
I've mdified my Web.config with this, and all is good now:
|
@lukastheiler That did it for me! Thank you! |
This problem is infuriating. I am using Visual studio 2017 and have deployed the changes above to an azure website. After deployment everyone can login fine. The next day, visit the same site and the redirect keeps happening. I have checked to ensure the changes were deployed using websitename.csm.azurewebsites.net and the correct config and azure AD settings are present. |
It's pretty strange for the behavior to change like that. Can you share a Fiddler trace? |
@TheMasterPrawn were you able to resolve your problem? I have a similar problem |
I implemented the web.config as above. I had the same problem, so I implemented the change detailed in http://katanaproject.codeplex.com/wikipage?title=System.Web%20response%20cookie%20integration%20issues&referringTitle=Documentation to manage cookies. The app has been working fine for a month now with no complaints. I have not tested .NET 5 as suggested as a fix in the article due to time constraints. |
Thanks for replying @TheMasterPrawn. My problem turned out to be that I had the authentication cookie set to SameSite = SameSiteMode.Strict, I changed it Lax and all is good. And, my problem occurred with Chrome. |
##Solved by using Never option for CookieSecureOption## app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieSecure = CookieSecureOption.Never
}) |
That's concerning. You've downgraded your security. Were you able to capture a Fiddler trace of the issue? |
I am getting into a very interesting state when I try to integrate with Azure AD in an ASP.NET 5 application. I have it working locally but when I deploy to azure web sites, it goes into an infinite redirect loop. It is a single instance Azure Web App and running on DNX 1.0.0-beta4-11532.
I am looking at the azure web app logs and it seem this (roughly, not the whole log):
My guess is that this has something to do with data protection but not sure.
Startup
class:project.json file:
The text was updated successfully, but these errors were encountered: