locked
ASP.NET CORE 3.1: Azure AD Authentication fails in EDGE. Infinite redirect loops and page reloads during authentication RRS feed

  • Question

  • User-1095454647 posted

    I have no issues with chrome. It is the edge browser where I am facing issues.  I have tried to clear the cache. Deleted cookies. Reset the browser. Nothing worked. I keep getting infinite loop on login. And it eventually fails with message **"We couldn't sign you in. Please try again."** . Any help is appreciated.

     

    public void ConfigureServices(IServiceCollection services)
                {
                    services.AddCors(options =>
                    {
                        options.AddPolicy("CorsPolicy",
                            builder => builder.AllowAnyOrigin()
                            .AllowAnyMethod()
                            .AllowAnyHeader());
                    });
        
                    services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
                    {
                        options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
                        {
                            Console.WriteLine("intercepted");
                        };
                    });
        
                    var azureAd = new AzureAd();
                    Configuration.GetSection("AzureAd").Bind(azureAd);
                    services.AddControllersWithViews();
        
                    services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                        .AddAzureAD(options => Configuration.Bind("AzureAd", options));
        
                     var url = "https://abcd.xyz.com/platform/signin-oidc";
                    //var url = "https://localhost:5001/platform/signin-oidc";
        
                    services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
                    {
                        options.SaveTokens = true;
        
        
                        options.Events = new OpenIdConnectEvents
                        {
        
                            OnRedirectToIdentityProvider = async context =>
                            {
                                context.ProtocolMessage.RedirectUri = url;
        
                                //context.Response.Headers.Add("Referrer-Policy", "no-referrer");
                                await Task.FromResult(0);
                            }
                        };
                    });
        
                }
        
                // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
                public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
                {
        
                    app.UseCors("CorsPolicy");
        
                    if (env.IsDevelopment())
                    {
                        app.UseDeveloperExceptionPage();
                    }
                    else
                    {
                        app.UseExceptionHandler("/Home/Error");
                        // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                        app.UseHsts();
                    }
        
                    app.UseHttpsRedirection();
                    app.UseStaticFiles();
                    //app.UseCookiePolicy();
                    app.UseRouting();
                    app.UseAuthentication();
                    app.UseAuthorization();
                    app.UseEndpoints(endpoints =>
                    {
                        endpoints.MapControllerRoute(
                                           name: "default",
                                           pattern: "{controller=Home}/{action=Index}/{id?}");
                        endpoints.MapControllerRoute(
                            name: "platform",
                            pattern: "/platform/{controller=Home}/{action=Index}/{id?}");
        
        
                    });
                }

    I have also tried https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1#supporting-older-browsers
    Nothing seems to work. 
     BTW it only happens after deployment. Never on localhost.

    The following is screenshot of network tab:
    https://imgur.com/a/a7KEnc4

    Wednesday, May 19, 2021 8:20 AM

All replies

  • User475983607 posted

    I'm surprised only Edge has this issue.  As far as I can tell the configuration sets the redirect URL to the remote authentication server in OnRedirectToIdentityProvider???  This configuration should cause the infinite redirect loop you've reported.  The redirect URL is always an address on the UI site not the remote host.  Typically the URL is set by the client UI application configuration so the user is redirected back to the URL they were trying to access before being authenticated.

    There are other strange configurations.  CORS is enabled in an MVC application.  It's unusual to expose MVC actions to remote JavaScript clients especially if you are using a remote auth server.

    Can you explain the design intent?

    Lastly, AzureADDefaults is obsolete in .NET 5.  You'll want to update the configuration to use the Microsoft.Identity.Web.

    https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.azuread.ui.azureaddefaults?view=aspnetcore-5.0

    Wednesday, May 19, 2021 1:28 PM