I cannot create rule for redirecting users on my ws-federation driven site when using improper browser: causes infinite loop... "Chrome" is now taken for simplicity, actually I will be testing against IE less than 9.
<rule name="UserAgentCheck" stopProcessing="true">
<match url=".*" ignoreCase="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{REQUEST_URI}" pattern="BrowserIsNotSupported" negate="true" />
<add input="{QUERY_STRING}" pattern="BrowserIsNotSupported" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="Chrome" />
</conditions>
<action type="Redirect" url="Isolate/BrowserIsNotSupported" appendQueryString="false" redirectType="Permanent" />
</rule>
I sequentially receive: 301, 302, 307, 200 responses and everything starts over...
I even cannot figure out, if it's a logic error (match all against several conditions) or problem, related to using ws-federation. But anyway, I see BrowserIsNotSupported page, present as a part of wctx parameter and have no idea why it's not taken into consideration by QUERY_STRING condition.
http://localhost:14961/wsFederationSTS/Issue/?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a50207%2f&wctx=rm%3d0%26id%3dpassive%26ru%3d%252fIsolate%252fBrowserIsNotSupported&wct=2014-11-12T11%3a41%3a05Z
Little changes. 1) I have removed "AllowAnonymous" attribute from BrowserIsNotSupported method: let he be authenticated and then shown the page with message (no menu, no anything - just message and link to authentication portal) 2) Requests to the site which do matter are those that contain FedAuth cookie. So modified solution for my problem is as follows: