search

aspnet / KestrelHttpServer

[Archived] A cross platform web server for ASP.NET Core. Project moved to https://github.com/aspnet/AspNetCore
Apache License 2.0
2.63k stars 528 forks source link

Unusual HTTP response in ASP.NET Core web application #3059

Closed Jaffacakes82 closed 5 years ago

Jaffacakes82 commented 5 years ago

Disclaimer

I'm not 100% the issue I'm seeing is caused by Kestrel, however as the web server returning the unexpected status code I thought I'd raise this here and see if anyone clever has any bright ideas about what could be causing my issue!

Problem

Our application is a ReactJS/ASP.NET Core web application hosted as a Web App in Azure. We use Okta for authentication and the login process looks like this:

  1. User navigates to our website
  2. On page load when not logged in, authorize attribute redirects to the '/api/auth/login' controller action
  3. '/api/auth/login' invokes challenge and redirects to Okta
  4. User logs in to Okta and is redirected back to callback URL specified in OpenID connect middleware
  5. Web app redirects back to '/api/auth/login' to check if user is authenticated then redirects to '/' to render home page

When logging in to the Azure hosted application on Chrome using HTTPS, step 5 above does not redirect to '/' and instead the call to '/api/auth/login' is returning a 200. Nowhere in my controller action do I return a 200 here. This works locally when using chrome and HTTPS so it seems to be isolated to my application running in Azure.

I do not experience this issue on any other browser apart from Chrome.

Login action

[Route("login")]
[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
public IActionResult Login()
{
    if (!this.HttpContext.User.Identity.IsAuthenticated)
    {
          return this.Challenge(OpenIdConnectDefaults.AuthenticationScheme);
    }

    return this.Redirect("~/");
}

Expected response when browsing over HTTP

http azure

Unexpected response when browsing over HTTPS

https azure

I would appreciate any ideas, thanks.

benaadams commented 5 years ago

Status Code 200 OK (from ServiceWorker)

Looks like its a Javascript service worker on your page that's poxying and returning the 200 (possibly caching it also)

Jaffacakes82 commented 5 years ago

Super-star, I'm new to React and from your prompt and having a skim through our codebase it's pretty obvious that this is being registered by our React application and cached in the browser.

Thanks for the swift reply.