Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Too many redirects #82

Open
sawest opened this issue May 18, 2021 · 9 comments
Open

Too many redirects #82

sawest opened this issue May 18, 2021 · 9 comments

Comments

@sawest
Copy link
Collaborator

sawest commented May 18, 2021

Brought over from #79
But we still have another issue (which was already there before) and I am not sure if this may also have AD Auth as the root:
The client ist always getting "too many redirects" Error if he calls the dnn-page from android or ios devices from within the network with the active directory
... have you ever tried to log in via AD from mobile Devices (Android and iOS) or do you have the possibility to test/try this?

We already tried all different settings for redirection on the portal Alias settings of the website but without any luck
Any suggestion what we can do to find out what is going on here?
@inu-web
Copy link

inu-web commented May 18, 2021

Additional Information
On an other dnn installation on our development server, with the same dnn-version (9.6.1) but without AD-authentication provider installed, we do not get the redirect error on an iPad Air of the newest generation (Oct 2020 version) and an older iPad Pro (year 2017 version) and on an Android 10 tablet (Lenovo Tab M10 FHD Plus - year 2020 version)
I hope this helps
regards
Gerald

@inu-web
Copy link

inu-web commented May 20, 2021

I now have managed to connect my iPAD Air with the network of my client via VPN and i can 100% reproduce the issue now.

After calling the dnn page i am getting a "popup" (of the browser?) where i put in my AD credentials (this only happens once if the cache of safari was cleared before) ... then after waiting approx. 10 seconds the message "Safari could not open the page, because there appeared too many redirects" (translated from german "Safari kann die Seite nicht öffnen, da zu viele Umleitungen auftraten" ) appears in safari browser
the url that is in the browser-bar at this time is thedomainname.com/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?portalid=0

Is this of any help for narrowing down the problem?
regards
Gerald

@inu-web
Copy link

inu-web commented May 24, 2021

Please find below the log4net messages that appear when connecting to the dnn site via iPad Air...
All Messages stating there is an invalid Cast Exception on trying to cast from "WindowsIdentity" to "FormsIdentity"
Then the system seems to try again and again untile the "too many redirects" error appears :
Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)

I tried setting the trust level to "full trust" in web.config and cleared cache as advised here: https://stackoverflow.com/questions/40570928/localhost-redirected-you-too-many-times-dotnetnuke ... no luck ... same messages in log4Net Logs

Also tried to set authentication mode in web.config to "Windows" and identity impersonate="true" as advised here:
https://forums.asp.net/t/1897316.aspx?Unable+to+cast+object+of+type+System+Security+Principal+WindowsIdentity+to+type+System+Web+Security+FormsIdentity+
... no luck ... same messages in log4net log

My original web.config settings (after changing back above)

<section name="authentication" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />

<section name="formsAuthenticationWrapper" type="Mvolo.Modules.FormsAuthConfigurationSection" />

<remove name="FormsAuthentication" />
<add name="Authentication" type="DotNetNuke.Authentication.ActiveDirectory.HttpModules.AuthenticationModule, DotNetNuke.Authentication.ActiveDirectory" />

<add name="LogoffHandler*" path="Logoff.aspx" verb="*" type="DotNetNuke.Services.Authentication.LogOffHandler, DotNetNuke" preCondition="integratedMode" />


<!-- Forms or Windows authentication -->
<authentication mode="Forms">
  <forms name=".DOTNETNUKE" protection="All" timeout="60" cookieless="UseCookies" />
</authentication>
<!--
<identity impersonate="true"/>
<authentication mode="Windows">
</authentication>
-->

<!-- ASP.NET 2 Membership/Profile/Role and AnonymousAuthentication Providers -->
<!-- anonymousIdentification configuration:
      enabled="[true|false]"                              Feature is enabled?
      cookieName=".ASPXANONYMOUS"                         Cookie Name
      cookieTimeout="100000"                              Cookie Timeout in minutes
      cookiePath="/"                                      Cookie Path
      cookieRequireSSL="[true|false]"                     Set Secure bit in Cookie
      cookieSlidingExpiration="[true|false]"              Reissue expiring cookies?
      cookieProtection="[None|Validation|Encryption|All]" How to protect cookies from being read/tampered
      domain="[domain]"                                   Enables output of the "domain" cookie attribute set to the specified value
    -->
<anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="None" domain="" />


<authentication defaultProvider="ADSIAuthenticationProvider">
  <providers>
    <clear />
    <add name="ADSIAuthenticationProvider" type="DotNetNuke.Authentication.ActiveDirectory.ADSI.ADSIProvider, DotNetNuke.Authentication.ActiveDirectory" providerPath="~\Providers\AuthenticationProviders\ADSIProvider\" />
  </providers>
</authentication>

I hope any of htese infos help to narrow down the problem
regards Gerald

log4Net Messages from one single try to call the dnn page from the iPad:
------------------------------------------------------------------
2021-05-24 10:34:03.016+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:04.073+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:05.132+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:06.191+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:07.251+02:00 [SERVERNAME][D:2][T:48][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:08.311+02:00 [SERVERNAME][D:2][T:122][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:09.362+02:00 [SERVERNAME][D:2][T:64][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:10.421+02:00 [SERVERNAME][D:2][T:8][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:11.482+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:12.541+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:13.601+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:14.662+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:15.721+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:16.781+02:00 [SERVERNAME][D:2][T:8][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:17.831+02:00 [SERVERNAME][D:2][T:85][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:18.901+02:00 [SERVERNAME][D:2][T:8][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:19.951+02:00 [SERVERNAME][D:2][T:105][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:21.011+02:00 [SERVERNAME][D:2][T:64][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:22.074+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)
2021-05-24 10:34:23.019+02:00 [SERVERNAME][D:2][T:21][ERROR] DotNetNuke.HttpModules.Membership.MembershipModule - System.InvalidCastException: Unable to cast object of type 'System.Security.Principal.WindowsIdentity' to type 'System.Web.Security.FormsIdentity'.
at DotNetNuke.HttpModules.Membership.MembershipModule.RequireLogout(HttpContextBase context, UserInfo user)

@inu-web
Copy link

inu-web commented Jun 1, 2021

Please can you give short feedback or information if there is anything we can do or any information we can provide to solve this issue?
We need a fix or solution please...
thanks in advance

@sawest
Copy link
Collaborator Author

sawest commented Jun 8, 2021

Can you verify if Enable Auto Login is checked (or not) in the settings for the AD module?

@inu-web
Copy link

inu-web commented Jun 8, 2021

Yes it is:
image

regards
G

@sawest
Copy link
Collaborator Author

sawest commented Jun 8, 2021

Auto login is dated and also requires that you are currently logged in to your device with AD credentials. This cant be on android devices, ipads, etc. If auto login is needed for you, I would suggest limiting your IP range down to the network where your Windows devices reside and let all others login normally. If its not needed, I would disable auto login and see if you problem goes away.

I will look at the code and see if there is a better way to handle requests from mobile devices. Auto login will not work for mobile devices but maybe forcing them to a login page is needed.

@sawest
Copy link
Collaborator Author

sawest commented Jun 8, 2021
edited
Loading

After further review, for auto login to work, Anonymous Access needs to be disabled and Basic turned on for the WindowsAuthentication.aspx file (in wiki under IIS 7 settings). This will cause all devices (in the ip range in settings) that are not logged in with AD (non-windows devices) to get that funny pop-up. If you plan to have any non windows devices in the ip range browse to the site I would recommend disabling the auto login feature.

@inu-web
Copy link

inu-web commented Jun 9, 2021

Hi and thank you for your suggestions

  • AutoLogin works great for the Laptop/Windows devices and this should be kept active for Windows devices ...

  • I already have the following Auth Settings on the WindowsSignin.aspx File ...

    image

I will try and discuss the other points with my client tomorrow.

Thank you for staying tuned on this issue!
G.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@inu-web @sawest