stackoom
  简体   繁体   中英

OpenID with keycloak, infinite redirect loop after successful login ASP.NET MVC 4.7

 原文  2022-12-10 17:18:24       asp.net/ asp.net-mvc/ keycloak/ owin/ openid

Question

I have setup my ASP.NET MVC 4.7 application like this.

Aside from the files bello, nothing has been changed from the original generated project.

The thing is, I can successfuly redirect to my Keycloak login page, but when it redirects to the url specified after successful login, it reroutes back to the Identity server (which is keycloak) and the identity server reroutes back to the reroute URL.

Here is the dev tools log, it does look like the cookies and sessions are passed properly

After successful login in Keycloak page, it redirects to /home which is correct as that is what I set

在此处输入图像描述

It does looks like cookies are passed properly:

在此处输入图像描述

在此处输入图像描述

However, it does seem that after calling /home (redirect) it calls the authentication again in Keycloak

在此处输入图像描述

This is causing an infinite loop. As authentication will then call /home and home calls the authentication again and again.

I already tried the approaches I found in the internet including using UseKentorOwinCookieSaver , using SystemWebCookieManager , and anything I tried online with no luck.

What am I missing here? Help help, I've been stuck on this issue for days now.

Here is the code

Startup.cs

using Microsoft.Owin;
using Owin;
using System;
using System.Threading.Tasks;

using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Owin.Security.Keycloak;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System.IdentityModel.Tokens;
using Microsoft.Owin.Host.SystemWeb;

[assembly: OwinStartup(typeof(AspNetMVC4.Startup))]

namespace AspNetMVC4
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseKentorOwinCookieSaver();

            const string persistentAuthType = "keycloak_auth";
            app.SetDefaultSignInAsAuthenticationType(persistentAuthType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = persistentAuthType,
                AuthenticationMode = AuthenticationMode.Active,
                CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebCookieManager()
            });

            var desc = new AuthenticationDescription();
            desc.AuthenticationType = "keycloak_auth";
            desc.Caption = "keycloak_auth";

             app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                AuthenticationType = "Auth0",

                Authority = "http://localhost:8080/auth/realms/master",

                ClientId = "keycloakdemo",
                ClientSecret = "tUM2gZiW5H3Lx2DQ4b5t4x5FzzrmADGi",

                // RedirectUri = "http://localhost:44337/",
                //PostLogoutRedirectUri = auth0PostLogoutRedirectUri,
                RedirectUri = "https://localhost:44337/home",

                ResponseType = OpenIdConnectResponseType.Code,
                Scope = "openid profile email",
                
                CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebCookieManager(),
            });
        }
    }
}

HomeController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace AspNetMVC4.Controllers
{
   public class HomeController : Controller
    {
        [Authorize]
        public ActionResult Index()
        {         
            return View();
        }

        public ActionResult About()
        {
            bool flag = User.Identity.IsAuthenticated;
            ViewBag.Message = "Your application description page.";

            return View();
        }

        public ActionResult Contact()
        {
            ViewBag.Message = "Your contact page.";

            return View();
        }
    }
}

2 answers

solution1
 0  2022-12-11 19:58:41

you need to make sure you use samesite=none and also use HTTPS to get the cookies to work.

solution2
 0 ACCPTED  2022-12-15 14:24:25

I finally figured it out and sucesfuly integrated Keycloak to ASP.NET MVC 4.7, I am posting my solution here to help those who will have the same set of issues i had. The thing is, Keycloak and OWIN/OpenID is not integrated seemless in ASP.NET MVC frameworks libraries so what i dis is to manualy process everything including the User Identity, process the tokens and identity and use the tokens to retrieve the informations i need thru Keycloak own Rest API. I have made a quick and dirty demo here:

https://github.com/ruellm/ASPNetMVC4-Keycloak

Hopefuly it can help a soul someboday, as I was stuck for almost 2 weeks and finally solved it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question asp.net User not authenticated after successful login and redirect to homepage ASP.Net MVC identity infinite redirect loop ASP.NET MVC cannot redirect to root after login successfully New Asp.Net MVC5 project produces an infinite loop to login page User not authenticating on successful login ASP.net MVC asp.net core 2.2 redirects to login after successful sign in Infinite redirect loop in ASP.NET core while enforcing SSL asp.net mvc azure AAD authentication infinite loop ASP.NET MVC - Preserve POST data after Authorize attribute login redirect ASP.NET MVC OpenId Mixed with Ajax
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM