Hi, we're using the latest nuget releases of Owin middleware (3.0.0) in an MVC 5 app and the authentication is using Open ID Connect & Azure AD. At times the site sign-in starts working, here's how it works:
1) User opens web site
2) User clicks sign-in, get's redirected to Azure AD
3) User logs in at Azure AD - or existing session is recognized, redirected back to our site
4) User is back at our web site, with Request.IsAuthenticated == false in the view.
Weirdly enough, the issue always gets resolved by restarting the website. I have seen this issue somehow more often lately but that might be due to larger amount of users and/or just chance.
The authentication is configured like this:
I got Fiddler traces of the failed authentication flow and it looks like the following:
A) Auth flow is triggered by going to /Account/SignIn, Server responds with 302 redirect to Azure and sets OpenIdConnect.nonce.OpenIdConnect cookie
B) Azure login - existing session is recognized and it does form submit back to site root with code, id_token, state and session_state values
C) POST response gets 302 reply but no cookie is set on the response
The raw response in step C is simply:
HTTP/1.1 302 Found
Date: Wed, 21 Jan 2015 06:50:47 GMT
Any ideas what might be wrong here? Or how can I get some understanding on how this happens? I did configure Owin logging with the following but there are not many lines in the log file:
<add name="KatanaListener" />
<add name="KatanaListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="app_data\logs\Katana.trace.log" traceOutputOptions="ProcessId, DateTime" />
<add name="Microsoft.Owin" value="Verbose" />
The only entries I see are:
Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationMiddleware Warning: 0 : The nonce cookie was not found.
Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationMiddleware Error: 0 : Exception occurred while processing message: 'System.Runtime.ExceptionServices.ExceptionDispatchInfo
Can this error be the reason the authentication fails? I guess it comes from
Ok, by the time I got writing up to here and reading the code, I figured I should register AuthenticationFailed notification handler to get a grasp of the exception itself. I'll post this anyway in case anyone can shed some light on the real problem. Btw. at
the very least there's this line in the OpenidConnectAuthenticationHandler:
_logger.WriteError("Exception occurred while processing message: '" + authFailedEx.ToString());
authFailedEx is of type ExceptionDispatchInfo and it's ToString method apparently isn't too helpful. Maybe this validates a PR :).