lithnet / access-manager

Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
Other
241 stars 20 forks source link

Error 400 after entering the computer name #172

Closed rscott1010101 closed 2 years ago

rscott1010101 commented 2 years ago

Fresh install of version 2.0.89.04.0 on a new Windows 2019 server. After entering the computer name and pressing 'Next', I get an error 400. I've turned up the logging level to Debug and see this error in the logs:-

2022-09-13 05:30:48.1566| INFO|00-f0e88031fe1917a3a52b02e37b728b14-d37523f0f66a47f8-00|::1||Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter|Antiforgery token validation failed. The provided antiforgery token was meant for a different claims-based user than the current user. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The provided antiforgery token was meant for a different claims-based user than the current user. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) 2022-09-13 05:30:48.1716| INFO|00-f0e88031fe1917a3a52b02e37b728b14-d37523f0f66a47f8-00|::1||Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker|Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'. 2022-09-13 05:30:48.1716| INFO|00-f0e88031fe1917a3a52b02e37b728b14-d37523f0f66a47f8-00|::1||Microsoft.AspNetCore.Mvc.StatusCodeResult|Executing StatusCodeResult, setting HTTP status code 400

Error happens if I use a browser on the server or on a remote machine.

ryannewington commented 2 years ago

Hi @rscott1010101

The server is expecting a cookie that the browser didn't respond with. Are there any adblockers or other plugins in play here? Is it a single server environment?

rscott1010101 commented 2 years ago

Single server and no ad blockers at all. Tried using Chrome in both normal and incognito mode on a remote PC and the local server, plus Edge on a remote PC in normal and private browsing mode.

ryannewington commented 2 years ago

Hmm. What authentication mode are you using?

rscott1010101 commented 2 years ago

Integrated Windows authentication. I've tried both Negotiate and Basic options.

ryannewington commented 2 years ago

@rscott1010101

Thanks for the information provided, and the detailed logs. We were able to track this (very strange) bug down. Can you please try this version and see if it resolves the issue for you

rscott1010101 commented 2 years ago

Thanks! That fixed the problem.

ryannewington commented 2 years ago

Great stuff. You are ok to continue using that build for your testing. The fix will be incorporated into our final release of v2.