0

I made a web .net application in C#. I started from the ASP.NET Web application (.NET Framework) template project in Visual Studio. I added the Owin.Security.OAuth library and I implemented the service provider in my code. When I run the application with IIS Express it works well. When I try to run the application in the remote IIS server, when I try the login it fails on the authorization phase. The application got 2 areas (AMSCetra and GestDrivMe) with their controllers and views, and a HomeController (the project default controller) with an Index api method that redirect to the specific areas index. I tried to debug the difference between local and remote behaviour. When i work in local IIS Express, the chain of requests to my application is a little different:

  1. call Login method of my AccountController, that redirect to "/" after the account authentication and after getting roles
  2. call OnAuthorization method of my AuthorizeAttribute (the AuthorizationContext's controller's request point to the area's file /AMScetra/AMSCetra)
  3. call AuthorizeCore method of my AuthorizeAttribute (HttpContextBase parameter's request is for the same location of the point 2) and the user is Authenticated and "InRole"
  4. call the specific area's controller Index api method (AMSCetraController.Index)
  5. invoke the ValidateClientRedirectUri method of my AuthProvider (override of the OAuthAuthorizationServerProvider method). Here calls the context Validated method (the context's request is for the HomeController's Index - "https://localhost:44375/")
  6. call Authorize method of my AccountController, that invoke the AuthenticationManager.SignIn(identity) method and returns an EmptyResult
  7. call the HomeController Index (i don't now why) that redirect to the specific Area Index - "~/AMSCetra/AMSCetra/Index" (seems unuseful but in local it works)
  8. call for a second time OnAuthorization method (request is for "/AMSCetra/AMSCetra/Index" as the previous redirection suggest)
  9. call for a second time AuthorizationCore method (HttpContextBase parameter's request is for the same location of the point 8)
  10. call for a second time the specific area's controller Index api method (AMSCetraController.Index)

I can't understand why the AMSCetraController Index is called two times, or why the application needs to call the HomeController Index after, but I can postpone 'cause it works well (in local IIS Express) and it happen only after the login.

But when I publish on the remote IIS, the calls chain skip point 5 (ValidateClientRedirectUri) and at point 6 (Authorize) the chains end, and a blank page is shown with the uri "http://XXX.XXX.XXX.XXX/Account/Authorize?client_id=web&response_type=token&state=".

I tried to debug the low level Owin library to understand the problem, but I don't know how debug a referenced DLL without PDB files. I tried to understand how the library works on the GitHub source code, but it's not the same. Seems that is involved the Javascript's Knockout library, and a js method called Sammy, but as before I can't debug that source code, but only my code (indifferently in local or in remote).

I can't understand why IIS Express works well but remote IIS server don't, I already tried to force the MachineKey in my solution and in the remote IIS server, but it doesn't resolve.

Maurizio Scian
  • 11
  • 4
  • IIS express and iis are not equivalent, [https://stackoverflow.com/questions/8389024/iis-express-vs-default-iis-that-comes-with-windows-7](https://stackoverflow.com/questions/8389024/iis-express-vs-default-iis-that-comes-with-windows-7). it is difficult to reproduce your problem based on your description, I suggest you open a case via: https://support.microsoft.com. – samwu Jul 01 '22 at 02:03
  • Hi samwu, thanks for the answer. I just tried to uninstall IIS on the remote server, and installed and configured IIS Express instead. The problem is exactly the same, I can't login too. Anyway, seems that both IIS and IIS Express supports authentication and authorization. https://learn.microsoft.com/en-us/iis/extensions/introduction-to-iis-express/iis-express-overview I added the authorization provider in my code, so I'm afraid missing something. – Maurizio Scian Jul 05 '22 at 01:37
  • Did you get the relevant error message? your problem is complex and difficult to reproduce, I suggest you pen a case via: support.microsoft.com. – samwu Jul 06 '22 at 09:11

0 Answers0