?
Solved

Problem with windows auth and CORS when logon popup opens

Posted on 2016-08-12
6
Medium Priority
?
113 Views
Last Modified: 2016-08-20
Hello all, thanks in advance

I am having an issue that is very specific. I am not fully aware of all the entrapments of CORS and windows auth has, but I am trying to implement windows auth for SSO on a web project I am currently working on.

I have it working correctly up to a point.

There happens (intermittently) a deconnect and somehow the server loses the auth and asks for a logon (although it could also be the browser side that loses the info and pops open the logon ... I am not sure which ...). The logon popup screen looks enough like the one the windows OS would open up for you (either for browser CORS of local logon), and I use my credentials of the user logged on the windows machine, however I get wrong password / username error.... which doesn't make sense as I am correctly typing it in.

I am either not authenticating with a proper popup, or the auth is being done without proper info. I would like to know what sort of extra tools I could use to validate and debug this issue, as I am currently unable to reproduce this locally on my dev env. using visual studio, and this happens when deployed on the server.

I can always reproduce this bug by hitting F5 refresh, and then trying to do an action that requires auth. I wonder if there is just a setting missing in my config file on the server that says to allow creds to be reentered if ever a disconnect happens from the server.

btw- this web app has a offline feature, that allows a user to still work offline (SPA) and when back online, should be able to just reenter the creds (in the popup) and continue working as is. So far I have not yet had succes after the F5 refresh happens....otherwise works ok the rest of the time.
0
Comment
Question by:landerson999
  • 4
  • 2
6 Comments
 
LVL 27

Assisted Solution

by:BigRat
BigRat earned 2000 total points
ID: 41754766
The logon popup screen looks enough like the one the windows OS would open up for you

If so it implies that the server has sent a 401 "Authentication required" response.

however I get wrong password / username error.... which doesn't make sense as I am correctly typing it in.

because the Basic Authentication doesn't have that username and/or that password.

I can always reproduce this bug by hitting F5 refresh, and then trying to do an action that requires auth.

What are we loosing here? Session cookie or Jason Web Token?

I'd install something like Fiddler and look at the HTTP traffic going up and down the line, particularly after an F5.

PS: There is one small issue which has cost me a lot over the years and that is time synchronization. Check the time on the server and client.
0
 

Author Comment

by:landerson999
ID: 41754909
Thanks bigrat, i will check the time bewt. server and client.
I am not really worried about the F5, but more so the fact the IIS server could go down, and the user would need to keep their credentials live, when they return to the server once it is backup...

As far as I see it, it is almost like the IIS windows auth, needs to check internally with the browser (which it does its own thing for providing the creds) to see if there is a leftover authentication and reuse that, instead of asking a new ones, as after the drop, we dont even get to a page (which could have the angular storing the credentials) to be sent the info.

Maybe the cookie needs to have a forced value once the user goes offline, so that when the browser lands again on an active IIS page, it doesnt popup the login screen?

Thanks in advance
0
 
LVL 27

Expert Comment

by:BigRat
ID: 41755406
I'd be interested to know what exactly is being sent in the headers on a request to the server when authenticated (the normal case). Fiddler should tell you that.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:landerson999
ID: 41755579
I am not allowed to download any appss here at work. Sorry about that
0
 

Accepted Solution

by:
landerson999 earned 0 total points
ID: 41756637
I found my own answer

At some point in the javascript code, window.onbeforeunload = null; was being called, forcing the client side to lose its credential info. In the interum, I have also found that we need to serialize as much info from the sessionstate server side, and that once the server has rebooted, we read the info back into the application.sessions.add and continue our merry way, although this can be auto enabled through the setting on IIS which is instead of InProc, becomes StateServer mode. It also helps to set the Application Initialization Module to run that first time with an inherent ping to have an app ready state for your site.
0
 

Author Closing Comment

by:landerson999
ID: 41763508
I did more research which ended up landing me a 3 part solution.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
A while back, I ran into a situation where I was trying to use the calculated columns feature in SharePoint 2013 to do some simple math using values in two lists. Between certain data types not being accessible, and also with trying to make a one to…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question