TechQA.

Thinktecture IdentityServer3 Windows Auth call never returns a result

180 views Asked by At

Let me preface this issue by saying that I have this working fine through Visual Studio 2015 and IIS Express and my local box. It's only when deployed to the server and running IdentityServer in IIS that I encounter this issue.

I am trying to authenticate Users using LDAP for an MVC Application. I based my solution on this sample provided on the Thinktecture GitHub site https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/WebHost%20(Windows%20Auth%20All-in-One) .

However when the call to authenticate is made, it never returns and I end up with a blank browser window with the URL http://idsrv-qa.mycompany.com/windows/?wtrealm=urn%3aidsrv3&wctx=WsFedOwinState%3d7jHr43FejPBsGjnsqfRxGUbavGj3HvElBx3-TZCxpF8y57_9m3m2-BLLBzlFAcTKsxSyEMZHpJVw55y7kfRazWSdLA400ovdbt87vFEv7dPOyY0bToDiyKqnAny4nsCVlr8Z_MW4na4A2ttcjqYqGmFPJiLqmWvGLh0jjzHZyWNrfV8e3xmCpbwbvGPSE_B1h3oxB_7xzf4zPGmNecHcrA&wa=wsignin1.0 in the address bar.

The Identity Server log shows this final sequence of entries:

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () User is not authenticated. Redirecting to login.

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () End authorize request

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () Redirecting to login page

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () Login page requested

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () local login disabled for the client

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () only one provider for client

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () redirecting to provider URL: "http://idsrv-qa.mycompany.com/external?provider=windows&signin=27c60199be385d868df2255711e348d6"

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () External login requested for provider: "windows"

w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () Triggering challenge for external identity provider

w3wp.exe Information: 0 : 01/09/2017 11:29:17 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation metadata request

w3wp.exe Information: 0 : 01/09/2017 11:29:17 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation request

w3wp.exe Information: 0 : 01/09/2017 11:29:17 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) User is anonymous. Triggering authentication

And that is it. When I look at the source code for the AuthenticationController class in IS, I see this:

 if (User == null || !User.Identity.IsAuthenticated)
 {
     Logger.Info("User is anonymous. Triggering authentication");
     return Unauthorized();
 }

So, it looks like it is hitting this code block and returning a result of "Unauthorized" but the calling code never DOES anything with that result. It doesn't seem to do a postback to the calling application, try to do an LDAP authentication, throw an error or anything. It just STOPS.

As I said previously, when I run my project through VS2015 and IIS Express, it succeeds. For comparison, here is a sample of the successful log entry:

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () User is not authenticated. Redirecting to login.

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () End authorize request

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () Redirecting to login page

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () Login page requested

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () local login disabled for the client

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () only one provider for client

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () redirecting to provider URL: "http://localhost:63757/external?provider=windows&signin=728d77e9f2f2eccd36a84e43418fbfb1"

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () External login requested for provider: "windows"

iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () Triggering challenge for external identity provider

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation metadata request

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation request

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) User is anonymous. Triggering authentication

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation request

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Sign-in request

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.SignInResponseGenerator) Creating WS-Federation signin response

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] () Callback invoked from external identity provider

iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] () external user provider: "windows", provider ID: "S-1-5-21-4244171952-2663774276-83029744-5772"

iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () External identity successfully validated by user service

iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () Calling PostAuthenticateAsync on the user service

iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () issuing primary signin cookie

iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () redirecting to: http://localhost:63757/connect/authorize?client_id=ESGInternalMvc&redirect_uri=http:%2F%2Flocalhost:53334%2Fauth%2FsignInCallback&response_mode=form_post&response_type=code id_token token&scope=openid profile email dispatch&state=OpenIdConnect.AuthenticationProperties%3DDj4k5NwDbjNjtEajN5jxFUtsMogFbASZxNyB1M_6CiDw0BabLIV5uJFKtRZfVWGebmRQUUM2P3tp-ISDxwtocWV6UmDz-8tbW1cRBcT604YUEDXO_T9MLPIohOkjTTL7ZyhgdgHlvPPagTWu5yWryU-efi7tMiCjryNJZHrhO03fLVS_fjwaAodFsQpvGN3G1MkxukyPiWmU1EtmmS17zHvPj7jRPW4Es50lI4LfQ0U&nonce=636195843010675313.M2I5N2U4YjUtZjdhNi00NDc2LThkOTgtNzc4MzJkZGI2ZDE5M2ZhOTkzNmEtMDdmMy00ZGIyLWJjNmUtZTJkZDA5YzljZmMz

iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () Start authorize request

iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () Start authorize request protocol validation

iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () "Authorize request validation success"

Any and all help and/or advice would be greatly appreciated with this issue.

ldap claims-based-identity thinktecture-ident-server
Original Q&A
0

There are 0 answers

Related Questions in LDAP

Related Questions in CLAIMS-BASED-IDENTITY

Related Questions in THINKTECTURE-IDENT-SERVER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions