1

I have a test ASP.NET Core 2.0 web application that authenticates the user using SAML. All is well if the URL typed in the browser matches the case of the web app name in IIS 10 (ex. .../MyTestSite). However, if the user types a different case (ex. .../mytestsite) they will fail to authenticate.

In code, the point of failure is in the OnGetCallbackAsync method of the ExternalLogin class at this line:

var info = await _signInManager.GetExternalLoginInfoAsync();

Since info == null in these cases the user is redirected back to the login page.

I have noticed that the .AspNetCore.Antiforgery token has the path value from the url (/mytestsite) but Identity.External path value is the site name (/MyTestSite).

I'm not sure why this happens or why case would even matter.

Zabavsky
  • 13,340
  • 8
  • 54
  • 79
I.Am.Me
  • 203
  • 4
  • 8

1 Answers1

3

(Assuming you are using Authentication Schemes)

By default all authentication schemes are case sensitives that is why it matches case while authenticating. If you want to make URL case insensitive you can add routing options like this:

services.Configure<RouteOptions>(options => options.LowercaseUrls = true);

Note: This will provide support of URLs but you can try this.

Hope this helps!

Mrityunjay
  • 91
  • 6