Closed clarkd closed 5 years ago
Shazwazza
commented
5 years ago Interesting and great! Hopefully this works for others too (please let me know)
I suppose this is why it is so hard to replicate. We have some cookie manager code built in to umbraco so it might be possible to leverage some of the work arounds listed in those various articles and in https://github.com/aspnet/AspNetKatana/wiki/System.Web-response-cookie-integration-issues
gjelhus
commented
5 years ago Hi Where in the pipeline did you include the third party cookie component @CasperTDK ? I gave it a try but no luck for me, but i have a feeling that order matters here. Any help would be greatly apricated :)
best regards Tor Arne Gjelhus
CasperTDK
commented
5 years ago Sure!
web.config appsettings
<appsettings>
<add key="owin:appStartup" value="XXX.XXXOwinStartup" /> public class XXXOwinStartup : UmbracoDefaultOwinStartup
{
public override void Configuration(IAppBuilder app)
{
//https://dotnetcodetips.com/Tip/91/Azure-OWIN-website-login-gets-stuck-on-a-never-ending-redirect-loop
app.UseKentorOwinCookieSaver();
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieManager = new SystemWebCookieManager()
});
base.Configuration(app); //standard umbraco configuration
...@CasperTDK Thank you very much. I will give it a go :)
gjelhus
commented
5 years ago @CasperTDK We have now over a week of stable auth so i think its safe to say that this works, so than you very much :) . For others that might find this thread, the order you do things in matters. The custom cookiesaver must be setup BEFORE you do the regular owin setup stuff as shown above. In my first try i did it after and then it did not work.
Shazwazza
commented
5 years ago What we'll want to do is update the code in the project, the docs and the nuget package for https://www.nuget.org/packages/UmbracoCms.IdentityExtensions.AzureActiveDirectory/ to perhaps have this built in.
What i'm unsure about at this point is if both of these things are required? app.UseKentorOwinCookieSaver(); AND SystemWebCookieManager ?
Lepike
commented
5 years ago @CasperTDK Thank you for this! Our solution have been up and running for a week without any failed logins.
Insinfi
commented
5 years ago @CasperTDK When trying your solution I have encounter a problem I keep getting 417 response after been logged. That result into white page on umbraco. I think it may come from the http-only on the UMB-XSRF-TOKEN cookie.
mwanchap
commented
5 years ago We're having a very similar issue with OpenIdConnectProtocolInvalidNonceException ("IDX10311"), although it doesn't cause a login loop. Does anyone have any insight into what might be the cause behind this? We're currently stuck on it too, and have tried all the other solutions we could find (a list below) and none of them seem to permanently solve things. The really frustrating part is that we aren't able to reproduce it, and the issue often stops occurring for a while after deploying any attempted solutions, making it really hard to tell if a solution actually made any difference.
Solutions we've tried:
It feels like a conflict (perhaps a race condition or other edge-case?) between the "cookie manager code built in to Umbraco" that @Shazwazza mentioned and some cookie-handling stuff in the OpenIdConnect library. I'll try to add some more logging and get a trace out of Application Insights next time this happens, might shed more light on it.
Hi.
I'm having an issue with a new Umbraco 7.6 site. We've setup external auth with Azure Active Directory. That all appears to be working fine, but after a random period of time (seemingly) it stops working and our users cannot login. Clicking the "Login with Azure" does the redirection to Microsoft, but on return they just end up on back on the login page. I have to manually restart the app to get it working again. Sometimes it'll work for a few days, sometimes a few hours.
There doesn't appear to be any exceptions logged so I'm not sure where to start debugging. Any ideas?