ASP MVC Claim Based (ADFS) Inactivity problem RRS feed

  • Question

  • User-1529966660 posted


    I use a claim based authentication for my ASP MVC web application. It's working well, but after a while (some minutes of inactivity) I received a blank page with nothing. Worst, I can't access to the authenticate page ...

    So I think there is a timeout problem ? If I go to the cookies panel with Chrome and delete the cookie named FedAuth, everything back to the normal and instead of the blank page I can access to my app ...

    I check the event viewer for ADFS and IIS and there is no error, everything seems ok. Can someone have an idea ?


    Saturday, May 7, 2016 11:38 AM

All replies

  • User614698185 posted

    Hi fdkdervis,

    Welcome to ASP.NET Forums!

    I think you should inspect the StartUp.cs config file with the following code:

    app.UseCookieAuthentication(new CookieAuthenticationOptions
          AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
          LoginPath = new PathString("/Account/Login"),
          Provider = new CookieAuthenticationProvider
              ExpireTimeSpan = TimeSpan.FromDays(5),
              SlidingExpiration = true

    ExpireTimeSpan will set the expiration for persistent logins.

    Best Regards,

    Candice Zhou

    Monday, May 9, 2016 2:36 AM
  • User-1529966660 posted

    Hello Candice Zhou, thanks for you help

    But what is strange, I don't implement any kind of code about ADFS authentication in my ASP application. What I did it's inside of the Web.config.

    So, I'm not sure if the problem comes from the app or the server side (ADFS 3.0).

    Monday, May 9, 2016 6:48 AM
  • User-1529966660 posted

    Here my settings for Claim based in Web.config file :

        <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
        <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
        <add key="ida:FederationMetadataLocation" value="https://<domain>/federationmetadata/2007-06/federationmetadata.xml" />
        <add key="ida:Issuer" value="https://<domain>/adfs/ls/" />
        <add key="ida:ProviderSelection" value="productionSTS" />
      <location path="FederationMetadata">
            <allow users="*" />
        <authentication mode="None" />
          <deny users="?" />
        <compilation debug="true" targetFramework="4.5" />
        <httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
          <remove name="FormsAuthentication" />
          <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
          <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
            <add value="https://<link>" />
          <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
            <authority name="https://<link>">
                <add thumbprint="<thumbprint>" />
                <add name="https://<link>" />
          <certificateValidation certificateValidationMode="None" />
          <cookieHandler requireSsl="true" />
          <wsFederation passiveRedirectEnabled="true" issuer="https://<domain>/adfs/ls/" realm="https://<link>" requireHttps="true" />

    Monday, May 9, 2016 10:36 AM
  • User-1664007096 posted

    Hi fdkdervis,

    According to your description, please correct me if I have any misunderstandings on your question. If you want to create an ASP.NET MVC line-of-business application in Azure App Service Web Apps using an on-premises Active Directory Federation Services as the identity provider. I suggest that you could follow this helpful link:

    Create a .NET MVC web app in Azure App Service with AD FS authentication

    Monday, May 16, 2016 9:42 AM
  • User-1529966660 posted

    Hello Junfeng Dai,

    I already created my ASP MVC app but it's not in Azure, it's hosted on our private server with using with our private ADFS server. 

    I searched a lot and didn't find anything, so I did a lot of tests with ADFS, IIS, etc.

    I'm not sure, but it seems that the problem is related to IIS settings, specially cookie time-out settings. The default value of this settings is 20 minutes, I increase it to 60 minutes and in the ADFS side, I put the value none for ExtendedProtectionTokenCheckand. During the first 60 minutes In didn't receive any blank page

    Edit : Unfortunately, it doesn't resolve the problem, it always there ... 

    Tuesday, May 17, 2016 9:17 AM