IdentityServer3 + MVC Login Infinite loop

I upgraded an existing MVC3 Project that once used Web Form login and Active Directory as a means to authenticate a user,  to now  use a login process similar to sites that let you use OAUTH2 but pick either facebook, google or other identity service provider.

When I finished the upgrade process I was getting the login form via the IdentityServer3 middle-ware, but when it tried to redirect to the original site (client) it was just loop and loop… and … well you get the point by now….

To fix the issue: (found numerous solutions here…)

The short is that I needed to either add the session_onstart in global aspx or add a CallbackPath.

GLOBAL.ASAX file fix:

 protected void Session_Start(object sender, EventArgs e)
 {
 /// When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. 
 /// As a result, a new session ID is generated for each page request until the session object is accessed. 
 /// If your application requires a static session ID for the entire session, 
 /// you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID, 
 /// or you can use code in another part of your application to explicitly store data in the Session object.
 base.Session["init"] = 0;
 }

The  CallBackPath solution goes in your code where you are configuring your owin process app.UseOpenIdConnectAuthentication  — do this in the client application.

 app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
 {
 ClientId = "app_jcrl",
 Authority = Constants.BaseAddress,
 RedirectUri = "https://jcrl3g.jcdev.org/home/",
 PostLogoutRedirectUri = "https://jcrl3g.jcdev.org/",
 ResponseType = "code id_token",
 Scope = "openid profile read write offline_access",
 CallbackPath = new PathString("/home/index/"), // Critical to prevent infinite loop 
 TokenValidationParameters = new TokenValidationParameters
 {
 NameClaimType = "name",
 RoleClaimType = "role"
 },

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s