I have created ASP.NET MVC project using internet template. Then I have enabled external(facebook) authentication in AuthConfig file. Now when I run my project and get authenticated with facebook it is working just fine, but the problem is that associated iis express worker process is just closing approximately within 1 minute and VS debugging stops(as if I manually press the Shift+F5). I am getting no errors at all. This doesn't happen when I run the project with Chrome or if I just don't authenticate when using Internet Explorer. It only happens in Internet Explorer when I am authenticating with facebook.
Can anyone suggest what is going on?
Several observations:
when I am authenticated with local account problem doesn't occurs.
when I am authenticated with facebook it redirects to
http://localhost:27264/#_=_. May be #_=_ this is the problem?
Related
I'm trying to migrate from local NLTM authentication to Azure AD login for an on premise app. I have set up the connected service, but everytime the SignIn method is called:
The request is already authenticated and it's using my local PC name, so the O365 log in is never triggered. Debugging doesn't help as the User info and Request don't seem to exist outside of the AccountController. Does anyone know what is going on and how I can get it to load up the login instead?
If anyone else finds this, check and triple check your web config and project files for any lingering windows authentication variables. Failing that try creating a new project with authentication and then copy the content of the old project across bit by bit. It turned out for me to be something dodgy in the project, but even using a comparison tool afterwards showed no discernible differences.
Only thing I can think of is that the Authentication with Azure Active Directory Connected Services made changes that broke something, but using the auth option during project creation did it properly.
I've had a website running on Azure now for a while, and I've not had any problems until today when I discovered that browsing to it via a mobile device (tested on Android (Chrome/Firefox) and Apple (iPhone 6 - Safari) ) I get a:
You do not have permission to view this directory or page
error. I've not changed anything on the site, the last publish was 5 days ago, and it was working then. Both my staging and prod environments have gone down like this.
It looks like it's returning a 403, but I can't see why.
The site is an ASP.NET MVC5 site, running as an Azure Web App.
Update
OK, I've now run up a test version of the site with the [RequireHttps] attribute removed from the controllers - now I can navigate to the pages by just http, but https gives me the permission error.
I've managed to solve the problem, in my web.config I had a URL rewrite to prevent SSL3.0 access (based on this post: Disabling SSL3 in in Azure websites).
After switching on the logs in Azure and loading the pages up I saw the 403 error with the message
SSLv3 connections are forbidden by this site
in it. This came from the url rewrite.
My PC was happy loading as I have BitDefender and that was injecting it's own SSL cert into place over the one supplied by my site. Turning off SSL Scanning in BitDefender gave me the error on all browsers.
So the solution so far is to remove the SSL3 rewrite and look into another way to achieve the same thing.
I am developing an ASP.NET MVC 4.5.1 application using VS 2013.
Following are the settings at the IIS 7.5
Windows Authentication Enabled (also in Web.config authentication mode is set to "Windows").
Anonymous Authentication Disabled.
Application pool is running with service account "contoso\john".
The mode is Integrated.
On my landing page (e.g. HomeController.cs) I am storing logon user information as below:
Session["LogonUserName"] = HttpContext.Request.LogonUserIdentity.Name and that's working fine, I can use the Session["LogonUserName"] from other views.
However, when redirecting from home page to a different view e.g. Customer View something weird is happening and somehow I am losing the authentication and I am not able to step into a function.
So I Disabled the Windows Authentication and Enabled the Anonymous Authentication but then on the customer view page I am getting HttpContext.Request.LogonUserIdentity.Name = "NT AUTHORITY\IUSR"
and Session["LogonUserName"] = contoso\john, which is my app pool account.
Any idea why? Could someone please help me?
Ok. The issue certainly due to be authentication (XSS problem) and the JavaScript code wasn't being trusted when running on localhost or on IP address. When given a DNS entry (site binding) the issue resolved.
I have read through a ton of articles from MS on authentication through Azure AD. There are so many options and nothing I've read seems to solve my issue.
Here's the situation:
I have 3 different web applications (all ASP.NET MVC 5). They are all hosted internally in our network on the same server/IIS and use windows integrated authentication against our internal AD.
Let's call these applications App_A, App_B, and App_C.
App_A is located at appA.mydomain.com within our DNS
App_B is located at appB.mydomain.com within our DNS
App_C is located at appC.mydomain.com within our DNS
The use case is as such:
A user navigates to App_A does some work and is eventually redirected to App_B
The user does some work in App_B and is eventually redirected to App_C
The user does some work in App_C
When the user is on a domain-joined PC, they are never prompted to log in. Windows takes care of that for them through the integrated authentication.
Now, this is what happens when a user wants to do the same work on a non-domain device (such as an iPad) whether on VPN or connected to the internal WiFi:
When the user loads App_A they are prompted to log in and do so with their windows credentials
When they get to App_B, they are prompted again (different sub-domain)
And when they get to App_C, they are prompted again (different sub-domain)
Having to log in multiple times with the same Windows credentials is not the experience we want for our mobile users.
What we would like to have happen is have the mobile user log in one time when they hit App_A and not have to log in again when they hit App_B or App_C. As well, we would still like the users on domain-joined PCs not to have to log in at all as they are already authenticated to their machines.
Just for your information, we are also syncing our AD to Azure AD, so we have that to authenticate against if the solution requires it. I am looking for what I need to do to setup my MVC apps to allow this sort of authentication.
Any help you can provide with this would be GREATLY appreciated.
The scenario you describe should work by getting all apps to use Azure AD as shown in https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet and by ensuring that they all skip the home realm discovery and go straight to your domain, as shown in http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
I've created a basic MVC 3 website that's using Windows Azure's Access Control Service (ACS) to perform user authentication against an Active Directory Federated Service (ADFS) endpoint. I followed the "Add STS Reference" wizard and the site runs fine and authenticates users just perfectly in IE. However, when I use Chrome or Firefox it continually prompts for my credentials over and over again.
I found this post on technet that mentions the issue as it pertains to Firefox but there's no fix for Chrome mentioned, nor do I feel like the steps required to fix Firefox are practical in the real world (i.e. I can't expect end users to do this)
http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-continuously-prompted-for-credentials-when-using-firefox-3-6-3.aspx
Has anybody else hit this snag? What am I doing wrong?
With some help from a Microsoft Rep (Adam Conkle) over on TechNet (scroll down to the comments), I finally have an answer to this problem.
Turns out, the ADFS website that performs authentication of users (this website gets setup in IIS during the installation of ADFS v2.0) is by default configured for Integrated Windows Authentication (IWA). IWA is configured in IIS to use Extended Protection for Authentication (EPA) and therein lies the problem. Apparently, most other browsers don't support EPA yet which is why Firefox & Chrome continually prompt for credentials in a loop.
Two options...
Keep using IWA but turn off EPA in IIS for the website (described here)
Turn off IWA in favor of Forms-based Authentication (described here)
I had the same issue, sort of. I had 1 person who was being prompted in Chrome and another that was not. On a hunch, I looked at the trusted sites. The person who was being challenged had the intranet site in their list of trusted sites. I removed it and tried again. This time they were not challenged.
Thought I would put that out there in case anyone else has this issue.