I have apps "A" and a test app with minimal code "B" that use an OWIN startup file to point to our identity server (Thinktecture). This is in both startup files:
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
var identityServerUri = System.Configuration.ConfigurationManager.AppSettings["IdentityServerUrl"].ToString();
var redirectUri = System.Configuration.ConfigurationManager.AppSettings["RedirectUri"].ToString();
var postLogoutRedirectUri = System.Configuration.ConfigurationManager.AppSettings["PostLogoutRedirectUri"].ToString();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
ExpireTimeSpan = TimeSpan.FromMinutes(120),
SlidingExpiration = true
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "myclientid",
Authority = identityServerUri,
RedirectUri = redirectUri,
PostLogoutRedirectUri = postLogoutRedirectUri,
ResponseType = "id_token",
Scope = "openid profile email",
UseTokenLifetime = false,
SignInAsAuthenticationType = "Cookies"
});
}
Both apps will authenticate and login fine for a long time if it's just me trying on several different machines after clearing cookies each time. When other people start to try logging in, it might continue working, but then eventually everyone will start getting stuck in a redirection loop where you get the identity server login page, hit login, then it goes back to the application as it normally would but the application doesn't run any code at all (Home/Index is the first thing that is called and it never makes it there where I have logging setup) it simply redirects back to the identity server, identity server checks and sees they are logged in and redirects them back until finally the header response gets too big and it throws a bad request error. At this point, the following will fix the redirection problem (if I stop the loop to prevent the header response from getting to large):
- Browsing to minimal app "B" I created for testing purposes. Does nothing but authenticate with identity server but after that I can browse to app "A" without getting stuck in the loop.
- Restarting the web site in IIS.
Clearing cookies after the redirection problem does not resolve the issue and the problem persists until I do 1 or 2 above.
Right now I'm at a loss as to where I should look next to fix the issue. I can't even find a way to consistently recreate the issue other than asking several other to login throughout the day. The issue has to be with the website right, not the identity server? Here's an example of what the request looks like in both scenarios:
login/redirect success http://i68.tinypic.com/11gmzaq.jpg
redirect loop problem (just keeps doing this over and over): http://i64.tinypic.com/mrztc5.jpg
Thanks for any guidance anyone can give!!!!