Closed conficient closed 2 years ago
Ran my application with debug versions of the client, and found that the requests to /facadeauth
on the legacy app was redirecting to /login?returnUrl=%2Ffacadeauth
- the handler was not correctly ignoring the redirect.
I checked the sample WingtipToys app against my implementation, and found this in Startup.Auth.cs
:
OnApplyRedirect = context =>
{
/* This prevents the cookie auth model trying to redirect on a 401 */
if(context.Request.Uri.ToString().Contains("facadeauth") && context.Response.StatusCode == 401)
{
return;
}
context.Response.Redirect(context.RedirectUri);
}
This was the missing code in my application, which fixed the issue. I re-checked the Cocoon installation instructions and find that it's not mentioned there, which is why I didn't have it. I will do a pull request to fix this.
Running with Blazor Server on .NET 6, if a user is not logged on we get this exception in the Blazor app's log:
Looking at the code in
CocoonAuthenticationClient,cs
, it logs the response and status code, which we see in the Blazor log just before the exception:Note the
200
response code.Looking at
AuthApiHandler.cs
in Cocoon.Legacy it should return a401
if not logged in, however that does not seem to be happening.