ASP MVC Claim Based (ADFS) Inactivity problem

Question

User-1529966660 posted

Hello,

I use a claim based authentication for my ASP MVC web application. It's working well, but after a while (some minutes of inactivity) I received a blank page with nothing. Worst, I can't access to the authenticate page ...

So I think there is a timeout problem ? If I go to the cookies panel with Chrome and delete the cookie named FedAuth, everything back to the normal and instead of the blank page I can access to my app ...

I check the event viewer for ADFS and IIS and there is no error, everything seems ok. Can someone have an idea ?

Thanks!

Answer 1

User614698185 posted

Hi fdkdervis,

Welcome to ASP.NET Forums!

I think you should inspect the StartUp.cs config file with the following code:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
      AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
      LoginPath = new PathString("/Account/Login"),
      Provider = new CookieAuthenticationProvider
      {
          ExpireTimeSpan = TimeSpan.FromDays(5),
          SlidingExpiration = true
      }
});

ExpireTimeSpan will set the expiration for persistent logins.

Best Regards,

Candice Zhou

Answer 2

User-1529966660 posted

Hello Candice Zhou, thanks for you help

But what is strange, I don't implement any kind of code about ADFS authentication in my ASP application. What I did it's inside of the Web.config.

So, I'm not sure if the problem comes from the app or the server side (ADFS 3.0).

Answer 3

User-1529966660 posted

Here my settings for Claim based in Web.config file :

  <configSections>
    <section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  <appSettings>
    <add key="ida:FederationMetadataLocation" value="https://<domain>/federationmetadata/2007-06/federationmetadata.xml" />
    <add key="ida:Issuer" value="https://<domain>/adfs/ls/" />
    <add key="ida:ProviderSelection" value="productionSTS" />
  </appSettings>
  <location path="FederationMetadata">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <system.web>
    <authentication mode="None" />
    <authorization>
      <deny users="?" />
    </authorization>
    <compilation debug="true" targetFramework="4.5" />
    <httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
  </system.web>
  <system.webServer>
    <modules>
      <remove name="FormsAuthentication" />
      <add name="WSFederationAuthenticationModule" type="System.IdentityModel.Services.WSFederationAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
      <add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
    </modules>
  </system.webServer>
  <system.identityModel>
    <identityConfiguration>
      <audienceUris>
        <add value="https://<link>" />
      </audienceUris>
      <issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
        <authority name="https://<link>">
          <keys>
            <add thumbprint="<thumbprint>" />
          </keys>
          <validIssuers>
            <add name="https://<link>" />
          </validIssuers>
        </authority>
      </issuerNameRegistry>
      <certificateValidation certificateValidationMode="None" />
    </identityConfiguration>
  </system.identityModel>
  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="true" />
      <wsFederation passiveRedirectEnabled="true" issuer="https://<domain>/adfs/ls/" realm="https://<link>" requireHttps="true" />
    </federationConfiguration>
  </system.identityModel.services>

Answer 4

User-1664007096 posted

Hi fdkdervis,

According to your description, please correct me if I have any misunderstandings on your question. If you want to create an ASP.NET MVC line-of-business application in Azure App Service Web Apps using an on-premises Active Directory Federation Services as the identity provider. I suggest that you could follow this helpful link:

Create a .NET MVC web app in Azure App Service with AD FS authentication

Answer 5

User-1529966660 posted

Hello Junfeng Dai,

I already created my ASP MVC app but it's not in Azure, it's hosted on our private server with using with our private ADFS server. 

I searched a lot and didn't find anything, so I did a lot of tests with ADFS, IIS, etc.

I'm not sure, but it seems that the problem is related to IIS settings, specially cookie time-out settings. The default value of this settings is 20 minutes, I increase it to 60 minutes and in the ADFS side, I put the value none for ExtendedProtectionTokenCheckand. During the first 60 minutes In didn't receive any blank page

Edit : Unfortunately, it doesn't resolve the problem, it always there ...