Skip to content

Infinite loop on auth failed #6

Open
Open
Infinite loop on auth failed#6
@frozen-eye

Description

@frozen-eye
frozen-eye
opened on Jan 21, 2017

Authorize causes infinite retrying loop with the default setup (appending URL with ReturnUrl):
Setup.cs -> ConfigureServices():

            services.AddAuthentication(options => new ActiveDirectoryCookieOptions());

Setup.cs -> Configure():

            app.UseCookieAuthentication(
                new ActiveDirectoryCookieOptions(
                    new CookieAuthenticationOptions()
                    {
                        AuthenticationScheme = typeof(ActiveDirectoryCookieOptions).Namespace + ".Application",
                        AutomaticAuthenticate = true,
                        AutomaticChallenge = true,
                        ReturnUrlParameter = "ReturnUrl",
                        LoginPath = new PathString("/windowsauthentication/ntlm"),
                        AccessDeniedPath = new PathString("/Home/Error"),
                        LogoutPath = new PathString("/windowsauthentication/logout")
                    }).ApplicationCookie
            );

            app.UseNtlm(new ActiveDirectoryOptions
            {
                AutomaticAuthenticate = false,
                AutomaticChallenge = false,
                AuthenticationScheme = ActiveDirectoryOptions.DefaultAuthenticationScheme,
                SignInAsAuthenticationScheme = ActiveDirectoryOptions.DefaultAuthenticationScheme,
                CallbackPath = new PathString("/windowsauthentication/ntlm"),
            }

LOG:

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://localhost:60386/windowsauthentication/ntlm?ReturnUrl=%2Fwindowsauthentication%2Fntlm%3FReturnUrl%3D%252Fwindowsauthentication%252Fntlm%253FReturnUrl%253D%25252Fwindowsauthentication%25252Fntlm%25253FReturnUrl%25253D%2525252Fwindowsauthentication%2525252Fntlm%2525253FReturnUrl%2525253D%252525252Fwindowsauthentication%252525252Fntlm%252525253FReturnUrl%252525253D%25252525252Fwindowsauthentication%25252525252Fntlm%25252525253FReturnUrl%25252525253D%2525252525252Fwindowsauthentication%2525252525252Fntlm%2525252525253FReturnUrl%2525252525253D%252525252525252Fwindowsauthentication%252525252525252Fntlm%252525252525253FReturnUrl%252525252525253D%25252525252525252FMaintenance
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method Microsoft.AspNetCore.Authentication.ActiveDirectory.WindowsAuthenticationController.Ntlm (Microsoft.AspNetCore.Authentication.ActiveDirectory) with arguments (/windowsauthentication/ntlm?ReturnUrl=%2Fwindowsauthentication%2Fntlm%3FReturnUrl%3D%252Fwindowsauthentication%252Fntlm%253FReturnUrl%253D%25252Fwindowsauthentication%25252Fntlm%25253FReturnUrl%25253D%2525252Fwindowsauthentication%2525252Fntlm%2525253FReturnUrl%2525253D%252525252Fwindowsauthentication%252525252Fntlm%252525253FReturnUrl%252525253D%25252525252Fwindowsauthentication%25252525252Fntlm%25252525253FReturnUrl%25252525253D%2525252525252Fwindowsauthentication%2525252525252Fntlm%2525252525253FReturnUrl%2525252525253D%252525252525252FMaintenance) - ModelState is Valid
info: Microsoft.AspNetCore.Mvc.StatusCodeResult[1]
      Executing HttpStatusCodeResult, setting HTTP status code 401
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action Microsoft.AspNetCore.Authentication.ActiveDirectory.WindowsAuthenticationController.Ntlm (Microsoft.AspNetCore.Authentication.ActiveDirectory) in 47.2936ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 97.4098ms 401
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://localhost:60386/windowsauthentication/ntlm?ReturnUrl=%2Fwindowsauthentication%2Fntlm%3FReturnUrl%3D%252Fwindowsauthentication%252Fntlm%253FReturnUrl%253D%25252Fwindowsauthentication%25252Fntlm%25253FReturnUrl%25253D%2525252Fwindowsauthentication%2525252Fntlm%2525253FReturnUrl%2525253D%252525252Fwindowsauthentication%252525252Fntlm%252525253FReturnUrl%252525253D%25252525252Fwindowsauthentication%25252525252Fntlm%25252525253FReturnUrl%25252525253D%2525252525252Fwindowsauthentication%2525252525252Fntlm%2525252525253FReturnUrl%2525252525253D%252525252525252Fwindowsauthentication%252525252525252Fntlm%252525252525253FReturnUrl%252525252525253D%25252525252525252FMaintenance
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method Microsoft.AspNetCore.Authentication.ActiveDirectory.WindowsAuthenticationController.Ntlm (Microsoft.AspNetCore.Authentication.ActiveDirectory) with arguments (/windowsauthentication/ntlm?ReturnUrl=%2Fwindowsauthentication%2Fntlm%3FReturnUrl%3D%252Fwindowsauthentication%252Fntlm%253FReturnUrl%253D%25252Fwindowsauthentication%25252Fntlm%25253FReturnUrl%25253D%2525252Fwindowsauthentication%2525252Fntlm%2525253FReturnUrl%2525253D%252525252Fwindowsauthentication%252525252Fntlm%252525253FReturnUrl%252525253D%25252525252Fwindowsauthentication%25252525252Fntlm%25252525253FReturnUrl%25252525253D%2525252525252Fwindowsauthentication%2525252525252Fntlm%2525252525253FReturnUrl%2525252525253D%252525252525252FMaintenance) - ModelState is Valid
info: Microsoft.AspNetCore.Mvc.StatusCodeResult[1]
      Executing HttpStatusCodeResult, setting HTTP status code 401
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action Microsoft.AspNetCore.Authentication.ActiveDirectory.WindowsAuthenticationController.Ntlm (Microsoft.AspNetCore.Authentication.ActiveDirectory) in 41.1997ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 88.1989ms 401
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://localhost:60386/windowsauthentication/ntlm?ReturnUrl=%2Fwindowsauthentication%2Fntlm%3FReturnUrl%3D%252Fwindowsauthentication%252Fntlm%253FReturnUrl%253D%25252Fwindowsauthentication%25252Fntlm%25253FReturnUrl%25253D%2525252Fwindowsauthentication%2525252Fntlm%2525253FReturnUrl%2525253D%252525252Fwindowsauthentication%252525252Fntlm%252525253FReturnUrl%252525253D%25252525252Fwindowsauthentication%25252525252Fntlm%25252525253FReturnUrl%25252525253D%2525252525252Fwindowsauthentication%2525252525252Fntlm%2525252525253FReturnUrl%2525252525253D%252525252525252Fwindowsauthentication%252525252525252Fntlm%252525252525253FReturnUrl%252525252525253D%25252525252525252FMaintenance
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method Microsoft.AspNetCore.Authentication.ActiveDirectory.WindowsAuthenticationController.Ntlm (Microsoft.AspNetCore.Authentication.ActiveDirectory) with arguments (/windowsauthentication/ntlm?ReturnUrl=%2Fwindowsauthentication%2Fntlm%3FReturnUrl%3D%252Fwindowsauthentication%252Fntlm%253FReturnUrl%253D%25252Fwindowsauthentication%25252Fntlm%25253FReturnUrl%25253D%2525252Fwindowsauthentication%2525252Fntlm%2525253FReturnUrl%2525253D%252525252Fwindowsauthentication%252525252Fntlm%252525253FReturnUrl%252525253D%25252525252Fwindowsauthentication%25252525252Fntlm%25252525253FReturnUrl%25252525253D%2525252525252Fwindowsauthentication%2525252525252Fntlm%2525252525253FReturnUrl%2525252525253D%252525252525252FMaintenance) - ModelState is Valid

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions