Solved

Problem with windows auth and CORS when logon popup opens

Posted on 2016-08-12
6
55 Views
Last Modified: 2016-08-20
Hello all, thanks in advance

I am having an issue that is very specific. I am not fully aware of all the entrapments of CORS and windows auth has, but I am trying to implement windows auth for SSO on a web project I am currently working on.

I have it working correctly up to a point.

There happens (intermittently) a deconnect and somehow the server loses the auth and asks for a logon (although it could also be the browser side that loses the info and pops open the logon ... I am not sure which ...). The logon popup screen looks enough like the one the windows OS would open up for you (either for browser CORS of local logon), and I use my credentials of the user logged on the windows machine, however I get wrong password / username error.... which doesn't make sense as I am correctly typing it in.

I am either not authenticating with a proper popup, or the auth is being done without proper info. I would like to know what sort of extra tools I could use to validate and debug this issue, as I am currently unable to reproduce this locally on my dev env. using visual studio, and this happens when deployed on the server.

I can always reproduce this bug by hitting F5 refresh, and then trying to do an action that requires auth. I wonder if there is just a setting missing in my config file on the server that says to allow creds to be reentered if ever a disconnect happens from the server.

btw- this web app has a offline feature, that allows a user to still work offline (SPA) and when back online, should be able to just reenter the creds (in the popup) and continue working as is. So far I have not yet had succes after the F5 refresh happens....otherwise works ok the rest of the time.
0
Comment
Question by:landerson999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 27

Assisted Solution

by:BigRat
BigRat earned 500 total points
ID: 41754766
The logon popup screen looks enough like the one the windows OS would open up for you

If so it implies that the server has sent a 401 "Authentication required" response.

however I get wrong password / username error.... which doesn't make sense as I am correctly typing it in.

because the Basic Authentication doesn't have that username and/or that password.

I can always reproduce this bug by hitting F5 refresh, and then trying to do an action that requires auth.

What are we loosing here? Session cookie or Jason Web Token?

I'd install something like Fiddler and look at the HTTP traffic going up and down the line, particularly after an F5.

PS: There is one small issue which has cost me a lot over the years and that is time synchronization. Check the time on the server and client.
0
 

Author Comment

by:landerson999
ID: 41754909
Thanks bigrat, i will check the time bewt. server and client.
I am not really worried about the F5, but more so the fact the IIS server could go down, and the user would need to keep their credentials live, when they return to the server once it is backup...

As far as I see it, it is almost like the IIS windows auth, needs to check internally with the browser (which it does its own thing for providing the creds) to see if there is a leftover authentication and reuse that, instead of asking a new ones, as after the drop, we dont even get to a page (which could have the angular storing the credentials) to be sent the info.

Maybe the cookie needs to have a forced value once the user goes offline, so that when the browser lands again on an active IIS page, it doesnt popup the login screen?

Thanks in advance
0
 
LVL 27

Expert Comment

by:BigRat
ID: 41755406
I'd be interested to know what exactly is being sent in the headers on a request to the server when authenticated (the normal case). Fiddler should tell you that.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:landerson999
ID: 41755579
I am not allowed to download any appss here at work. Sorry about that
0
 

Accepted Solution

by:
landerson999 earned 0 total points
ID: 41756637
I found my own answer

At some point in the javascript code, window.onbeforeunload = null; was being called, forcing the client side to lose its credential info. In the interum, I have also found that we need to serialize as much info from the sessionstate server side, and that once the server has rebooted, we read the info back into the application.sessions.add and continue our merry way, although this can be auto enabled through the setting on IIS which is instead of InProc, becomes StateServer mode. It also helps to set the Application Initialization Module to run that first time with an inherent ping to have an app ready state for your site.
0
 

Author Closing Comment

by:landerson999
ID: 41763508
I did more research which ended up landing me a 3 part solution.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
asp.net, radiobuttonlist, c# 3 68
Where is this content coming from? 4 39
Disable the weekends on datepicker control 6 51
hide and show spans from dropdown selection 3 35
JavaScript can be used in a browser to change parts of a webpage dynamically. It begins with the following pattern: If condition W is true, do thing X to target Y after event Z. Below are some tips and tricks to help you get started with JavaScript …
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question