2

I have a working IdentityServer2 auth server that works fine. I am creating a new .NET MVC application and following this article (http://www.cloudidentity.com/blog/2014/02/20/ws-federation-in-microsoft-owin-componentsa-quick-start/) to set up MS OWIN with IDS2. I can reach the login screen but after logging in, the user is sent back to the calling website and gets stuck in an endless loop.

Startup.Auth.cs

using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;

namespace AZBarMail
{
    public partial class Startup
    {
        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(
                new CookieAuthenticationOptions
                {
                    AuthenticationType =
                       WsFederationAuthenticationDefaults.AuthenticationType
                });
            app.UseWsFederationAuthentication(
                new WsFederationAuthenticationOptions
                {
                    MetadataAddress = "https://auth.azbar.org/federationmetadata/2007-06/federationmetadata.xml",
                    Wtrealm = "https://localhost:44310/",
                });
        }
    }
}

Portion of web.config

<system.web>
  <authentication mode="None" />
  <compilation debug="true" targetFramework="4.6.1" />
  <httpRuntime targetFramework="4.6.1" />
</system.web>

Startup.cs

using Microsoft.Owin;
using Owin;

[assembly: OwinStartup(typeof(AZBarMail.Startup))]
namespace AZBarMail
{
    public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
        }
    }
}

Redirect URL in IDS2

https://localhost:44310/
Connie DeCinko
  • 996
  • 5
  • 19
  • 39
  • For my case, it turns out that I already got another account signed in from other web application. Found it out when everything works just fine in incognito browser mode. – Rohim Chou Apr 20 '21 at 05:48

2 Answers2

0

Redirect your user to /account/login.

app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/account/Login"),
                CookieName = CookieAuthenticationDefaults.CookiePrefix + "SampleClient",
                ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter,
                LogoutPath = new PathString("/account/Logout")
            });

app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

From /account/login, redirect to the external provider.

The externalprovider will create a cookie on its domain and you will create a cookie on your domain after receiving the response from external provider.

Rajat
  • 410
  • 4
  • 19
  • But what if I don't have anything in my site called /account/Login? I removed all the login pages from the project since the login is all handled on the SSO site. Can I not redirect from the home page back to my home page? – Connie DeCinko May 25 '16 at 15:52
  • SSO creates one cookie on its domain and another your site's domain, so SSO page needs to be told a redirect_uri, so that the SSO can redirect back to your page and you can create a cookie at your domain. – Rajat May 26 '16 at 10:48
0

Issue finally resolved. Seems to have been an issue with the cookie type/settings.

Connie DeCinko
  • 996
  • 5
  • 19
  • 39
  • 1
    Any chance you remember what exactly you did here? I'm facing the same issue at the moment. – Drew Nov 01 '17 at 23:07
  • @Drew, I had this where cookies/authtoken was only being sent to xxx.net domain. anyone out site this domain weren't getting the token so these users were stuck in a loop. – RayLoveless May 31 '18 at 18:50