0

I've got a site that's integrated with WIF for security and mostly everything is ok. It's redirecting and dealing with load balancers etc.

I've noticed on a few requests it's bouncing to the sts and back, if it's a get request not a problem but it's happened a few times with AJAX requests and also with regular post requests.

I'm thinking that other people must have the same issue's and that I must of missed something in the configuration. I really don't fancy writing a custom implementation to deal with this requirement.

Any help?

Thanks

RubbleFord
  • 7,456
  • 9
  • 50
  • 80
  • The entire site is needing to be secure, including CSS, images etc. An example problem would be an ajax request on a secure page. The token expires and the ajax post is redirected behind the scenes. I can get around this by amending the token expiry in a custom implementation. – RubbleFord Nov 17 '11 at 10:41

1 Answers1

0

It will only redirect if the resource (page, image, CSS, etc.) is secured and needs the user to authenticate. If you need to make sure that this doesn't happen for certain areas, you can try allowing anonymous access within the web.config:

<location path="UnsecuredResource">
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</location>

What's happening with the hop is that the client-side authentication has either expired or does not exist so the browser is redirected to the STS. The STS has a persistent cookie that recognizes the user from their previous login so it simply authenticates and sends the user back to the application, which signs them in automatically.

If the session is expiring on the client side, that could be causing the need to re-authenticate. Make sure there isn't anything that would be causing the session to expire or get lost.

Hopefully this helps. A little more info would help to debug this issue.

Garrett Vlieger
  • 9,354
  • 4
  • 32
  • 44