Too many redirects

[sawest]

Brought over from #79 But we still have another issue (which was already there before) and I am not sure if this may also have AD Auth as the root: The client ist always getting "too many redirects" Error if he calls the dnn-page from android or ios devices from within the network with the active directory ... have you ever tried to log in via AD from mobile Devices (Android and iOS) or do you have the possibility to test/try this?

We already tried all different settings for redirection on the portal Alias settings of the website but without any luck Any suggestion what we can do to find out what is going on here?

[inu-web]

Additional Information On an other dnn installation on our development server, with the same dnn-version (9.6.1) but without AD-authentication provider installed, we do not get the redirect error on an iPad Air of the newest generation (Oct 2020 version) and an older iPad Pro (year 2017 version) and on an Android 10 tablet (Lenovo Tab M10 FHD Plus - year 2020 version) I hope this helps regards Gerald

[inu-web]

I now have managed to connect my iPAD Air with the network of my client via VPN and i can 100% reproduce the issue now.

After calling the dnn page i am getting a "popup" (of the browser?) where i put in my AD credentials (this only happens once if the cache of safari was cleared before) ... then after waiting approx. 10 seconds the message "Safari could not open the page, because there appeared too many redirects" (translated from german "Safari kann die Seite nicht öffnen, da zu viele Umleitungen auftraten" ) appears in safari browser the url that is in the browser-bar at this time is thedomainname.com/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?portalid=0

Is this of any help for narrowing down the problem? regards Gerald

[inu-web]

Please find below the log4net messages that appear when connecting to the dnn site via iPad Air... All Messages stating there is an invalid Cast Exception on trying to cast from "WindowsIdentity" to "FormsIdentity" Then the system seems to try again and again untile the "too many redirects" error appears : Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)

I tried setting the trust level to "full trust" in web.config and cleared cache as advised here: https://stackoverflow.com/questions/40570928/localhost-redirected-you-too-many-times-dotnetnuke ... no luck ... same messages in log4Net Logs

Also tried to set authentication mode in web.config to "Windows" and identity impersonate="true" as advised here: https://forums.asp.net/t/1897316.aspx?Unable+to+cast+object+of+type+System+Security+Principal+WindowsIdentity+to+type+System+Web+Security+FormsIdentity+ ... no luck ... same messages in log4net log

My original web.config settings (after changing back above)

<section name="authentication" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />

<section name="formsAuthenticationWrapper" type="Mvolo.Modules.FormsAuthConfigurationSection" />

<remove name="FormsAuthentication" />
<add name="Authentication" type="DotNetNuke.Authentication.ActiveDirectory.HttpModules.AuthenticationModule, DotNetNuke.Authentication.ActiveDirectory" />

<add name="LogoffHandler*" path="Logoff.aspx" verb="*" type="DotNetNuke.Services.Authentication.LogOffHandler, DotNetNuke" preCondition="integratedMode" />

<!-- Forms or Windows authentication -->
<authentication mode="Forms">
  <forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>
<!--
<identity impersonate="true"/>
<authentication mode="Windows">
</authentication>
-->

<!-- ASP.NET 2 Membership/Profile/Role and AnonymousAuthentication Providers -->
<!-- anonymousIdentification configuration:
      enabled="[true|false]"                              Feature is enabled?
      cookieName=".ASPXANONYMOUS"                         Cookie Name
      cookieTimeout="100000"                              Cookie Timeout in minutes
      cookiePath="/"                                      Cookie Path
      cookieRequireSSL="[true|false]"                     Set Secure bit in Cookie
      cookieSlidingExpiration="[true|false]"              Reissue expiring cookies?
      cookieProtection="[None|Validation|Encryption|All]" How to protect cookies from being read/tampered
      domain="[domain]"                                   Enables output of the "domain" cookie attribute set to the specified value
    -->
<anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="None" domain="" />

<authentication defaultProvider="ADSIAuthenticationProvider">
  <providers>
    <clear />
    <add name="ADSIAuthenticationProvider" type="DotNetNuke.Authentication.ActiveDirectory.ADSI.ADSIProvider, DotNetNuke.Authentication.ActiveDirectory" providerPath="~\Providers\AuthenticationProviders\ADSIProvider\" />
  </providers>
</authentication>

I hope any of htese infos help to narrow down the problem regards Gerald

log4Net Messages from one single try to call the dnn page from the iPad: ------------------------------------------------------------------ 2021-05-24 10:34:03.016+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:04.073+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:05.132+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:06.191+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:07.251+02:00 [SERVERNAME][D:2][T:48][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:08.311+02:00 [SERVERNAME][D:2][T:122][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:09.362+02:00 [SERVERNAME][D:2][T:64][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:10.421+02:00 [SERVERNAME][D:2][T:8][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:11.482+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:12.541+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:13.601+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:14.662+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:15.721+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:16.781+02:00 [SERVERNAME][D:2][T:8][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:17.831+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:18.901+02:00 [SERVERNAME][D:2][T:8][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:19.951+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:21.011+02:00 [SERVERNAME][D:2][T:64][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:22.074+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user) 2021-05-24 10:34:23.019+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'. at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)

[inu-web]

Please can you give short feedback or information if there is anything we can do or any information we can provide to solve this issue? We need a fix or solution please... thanks in advance

[sawest]

Can you verify if Enable Auto Login is checked (or not) in the settings for the AD module?

[inu-web]

Yes it is:

regards G

[sawest]

Auto login is dated and also requires that you are currently logged in to your device with AD credentials. This cant be on android devices, ipads, etc. If auto login is needed for you, I would suggest limiting your IP range down to the network where your Windows devices reside and let all others login normally. If its not needed, I would disable auto login and see if you problem goes away.

I will look at the code and see if there is a better way to handle requests from mobile devices. Auto login will not work for mobile devices but maybe forcing them to a login page is needed.

[sawest]

After further review, for auto login to work, Anonymous Access needs to be disabled and Basic turned on for the WindowsAuthentication.aspx file (in wiki under IIS 7 settings). This will cause all devices (in the ip range in settings) that are not logged in with AD (non-windows devices) to get that funny pop-up. If you plan to have any non windows devices in the ip range browse to the site I would recommend disabling the auto login feature.

[inu-web]

Hi and thank you for your suggestions

• AutoLogin works great for the Laptop/Windows devices and this should be kept active for Windows devices ...

• I already have the following Auth Settings on the WindowsSignin.aspx File ...

  

I will try and discuss the other points with my client tomorrow.

Thank you for staying tuned on this issue! G.