-1

We have implemented Office 365 Azure AD authentication for our application. However, after office 365 authentication, it is going in continuous loop till it throws an errors "Bad Request"

Vikrant More
  • 5,182
  • 23
  • 58
  • 90
  • 1
    This happens to me on occasion too. First suggestion I found was 'use HTTPS instead of HTTP' when typing the address into the browser. Second suggestion I found was a code change, which I'll try and track down. – Nick.Mc Feb 26 '17 at 13:18
  • i am already using HTTPS instead of HTTP, even publishing the code with HTTPS since Office 365 only work for HTTPS. – Vikrant More Feb 26 '17 at 13:20
  • Jusy saying... when you type the address in to actually access your application, make sure you enter https, not http – Nick.Mc Feb 26 '17 at 13:21
  • yes that what i am doing while accessing application. – Vikrant More Feb 26 '17 at 13:22
  • 1
    Some links to consider: http://stackoverflow.com/questions/34169635/azure-infinite-redirect-loop-in-chrome https://github.com/aspnet/Security/issues/219 https://social.technet.microsoft.com/Forums/windowsserver/en-US/bf7358da-0f7b-4ae9-b37b-0713b03041fc/infinite-loop-when-configuring-azure-active-directory-as-an-identity-provider?forum=sharepointgeneral https://social.msdn.microsoft.com/Forums/sqlserver/en-US/94cfe1b5-15c8-420e-92ce-93c90cd7246f/aad-authentication-infinite-loop?forum=WindowsAzureAD – Nick.Mc Feb 26 '17 at 13:24
  • @Nick.McDermaid we will try it out the solutions you provided and update you accordingly Thanks!!!. – Vikrant More Feb 26 '17 at 13:41
  • @Nick.McDermaid https://github.com/KentorIT/owin-cookie-saver this link provide the solution in our case, could you put this in the "answer your question" part, so that i will select your answer as acceptance and you will be avail for bounty Thanks!!. – Vikrant More Feb 27 '17 at 07:05
  • 1
    Oh! I'm pleased this solved your issue. I don't know if I really deserve a bounty for it - I just googled it! I will put a explanation and let the community decide if I am deserving. – Nick.Mc Feb 27 '17 at 07:18

1 Answers1

1

Apparently this solved issue:

https://github.com/KentorIT/owin-cookie-saver

Taken verbatim from the site:

There is a bug in Microsoft's Owin implementation for System.Web. The one that is being used when running Owin applications on IIS. Which is what probably 99% of us do, if we're using the new Owin-based authentication handling with ASP.NET MVC5.

The bug makes cookies set by Owin mysteriously disappear on some occasions.

This middleware is a fix for that bug. Simple add it before any cookie handling middleware and it will preserve the authentication cookies.

The process I followed, which appears to work so far is:

  1. Using Project / Manage NuGet properties, add Kentor.OwinCookieSaver
  2. In Startup.Auth.cs, inside public partial class Startup, before app.UseCookieAuthentication(new CookieAuthenticationOptions());, add app.UseKentorOwinCookieSaver();

abridged code sample

  public partial class Startup
  {
    // LOTS OF STUFF
    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseKentorOwinCookieSaver();

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

UPDATE:

After this change the issue still exists

Nick.Mc
  • 18,304
  • 6
  • 61
  • 91
  • I really don't think I should accept this.. because I have exactly the same problem but I don't actually understand how to implement this. Instead I implemented this: http://stackoverflow.com/questions/20737578/asp-net-sessionid-owin-cookies-do-not-send-to-browser – Nick.Mc Feb 28 '17 at 10:08
  • Nope that implementation (Setting a cookie before authorisation) did not fix it either. I can't believe this authorisation system is so unreliable! – Nick.Mc Feb 28 '17 at 22:18
  • Yes that was my first suggestion. I'm going to have to work out how to include this code – Nick.Mc Mar 03 '17 at 08:35
  • This middleware is a fix for that bug. Simple add it before any cookie handling middleware and it will preserve the authentication cookies. app.UseKentorOwinCookieSaver(); app.UseCookieAuthentication(new CookieAuthenticationOptions()); – Vikrant More Mar 03 '17 at 18:59
  • So I have the template code that is generated when you pick "Organizational Accounts" when you create the project. It creates a bunch of boilerplate code (in `Startup.Auth.cs` and `AccountController.cs` . I don't know which parts of this code are 'cookie handling middleware'/ Based on the github guide I found the existing line `app.UseCookieAuthentication(new CookieAuthenticationOptions());` and put `app.UseKentorOwinCookieSaver();` before it. If this works I will edit my answer (a guess really) and add more detailed info – Nick.Mc Mar 05 '17 at 02:05