1

My ISP has recently had several permission issues on my site which is hosted on a shared IIS box.

My MVC5 application has no code on the default page which requires authentication, but there are areas which do

I have webpublished my application to a subdirectory "test" and I'm currently getting a infinite redirect loop when I try to load any of the [AllowAnonymous] pages which as a result give a 404.

http://www.mywebsite.co.uk/test/Account/Login?ReturnUrl=%2Ftest%2FAccount%2FLogin%3FReturnUrl%3D%252Ftest%252FAccount%252FLogin%253FReturnUrl%253D%25252Ftest%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252Ftest%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252Ftest%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252Ftest%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252Ftest%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252Ftest%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252Ftest%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252Ftest%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252Ftest%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252Ftest%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252Ftest%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252Ftest%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252Ftest%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252Ftest%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252Ftest%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252Ftest%25252525252525252525252525252525252Fhome%25252525252525252525252525252525252Ffeedback

(i think this 404 is the result of a query string too long)

If I webpublish to test2 the "same" code works without this issue.

I've tried removing items from the _layout.cshtml to see if I can spot what call is causing this but after stripping all items out I still get this error.

Does anyone have any suggestions what I can use to diagnose where the problem lies?

Tim
  • 7,401
  • 13
  • 61
  • 102
  • 1
    @mason that's my point I'm pretty sure I'm not doing this on my default page and with it being MVC I'm not using query strings really. and the same code works on a seperate virtual directory. – Tim Oct 03 '14 at 17:19
  • See the question mark after `Login`? That means you have a query string. – mason Oct 03 '14 at 17:21
  • @mason if you read the url u can see its not a lot of data its the same url redirected infinately – Tim Oct 03 '14 at 17:21
  • in fact the logic behind the authentication is the "vanilla" code for asp.net Identity2 which i haven't altered. TBH this isn't the point of my question anyway its how would i diagnose this infinate redirect loop – Tim Oct 03 '14 at 17:25
  • Its about endless login redirection. Read please http://stackoverflow.com/a/26018385/2115690 – Ahmet Arslan Jul 01 '16 at 07:56

1 Answers1

2

Usually that is the problem, that Login page does not allow unauthorized users: you get endless loop - unauthorized user is not allowed to see login page, so he is redirected to login page to get authorization.

So either need [AllowAnonymous] attribute on your login action in controller or add to web.config:

 <location path="/test/account/login">
  <system.web>
     <authorization>
        <allow users="?"/>
     </authorization>
  </system.web>
 </location>
Giedrius
  • 8,430
  • 6
  • 50
  • 91
  • its already got allowanonymous on it, adding that webconfig snippet just gave me a "404.15 - Not Found The request filtering module is configured to deny a request where the query string is too long." So reveiled the inner error but not the cause. – Tim Oct 03 '14 at 19:27
  • 1
    have you seen this: http://stackoverflow.com/a/26072693/212121. Also may be somewhere in your login page/layout temaplate another action is called (may be home/feedback), which is missing allow anonymous attribute? – Giedrius Oct 03 '14 at 19:33
  • I know this is old, but I recently had this problem trying to convert a windows based authentication app to an aspnet identity app. I had a partial menu on the home page that required to identify the user. In the windows authentication the authentication was made before the page was rendered. The aspnet authentication required the page to be rendered in order to identify the user but the page couldn't be rendered because it was requiring that the user be identified before the page could be rendered. Thus creating an endless loop of calls to the login page. – Haim Katz Aug 10 '23 at 07:17