Databases
StackOverflow2013
Postsdbo
POPrevent XmlHttpRequest redirect response in .Net MVC WS-Federation Site
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPrevent XmlHttpRequest redirect response in .Net MVC WS-Federation Site
    primarykey
    data
    text
    <p>I'm using WS Federated (Claims Aware) authentication on an MVC 3 site and am having trouble keeping some of my API controllers that send JSON from returning a redirect when the authentication fails. I have an Area called API with several controllers that just return JSON, these controllers all inherit from the same base class. I want to send down legitimate 401 error responses instead of 302 redirects that are happening by default.</p> <p>I followed some directions I found for creating a custom <code>WSFederationAuthenticationModule</code> in concert with a filter I put on my API controller actions:</p> <pre><code>public class WSFederationServiceAuthenticationModule : WSFederationAuthenticationModule { private static Log4NetLoggingService logger = new Log4NetLoggingService(); public const string IsServiceIndicator = "ROIP.IsService"; protected override void OnAuthorizationFailed(AuthorizationFailedEventArgs e) { base.OnAuthorizationFailed(e); var isService = HttpContext.Current.Items[IsServiceIndicator]; if (isService != null) { logger.Info("WSFedService: Found IsService"); e.RedirectToIdentityProvider = false; } else { logger.Info("WSFedService: Did not find IsService"); } } } public class WSFederationServiceAuthAttribute : ActionFilterAttribute { private static Log4NetLoggingService logger = new Log4NetLoggingService(); public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); // Set an item that indicates this is a service request, do not redirect. logger.Info("WSFedService: Setting IsService"); HttpContext.Current.Items[WSFederationServiceAuthenticationModule.IsServiceIndicator] = 1; } } </code></pre> <p>But my logging shows that I am never finding the IsService item in the Items:</p> <pre><code>{INFO}02/29 03:39:21 - WSFedService: Setting IsService {INFO}02/29 03:39:32 - WSFedService: Setting IsService {INFO}02/29 03:39:32 - WSFedService: Setting IsService {INFO}02/29 03:50:39 - WSFedService: Did not find IsService {INFO}02/29 03:53:16 - WSFedService: Did not find IsService {INFO}02/29 03:53:29 - WSFedService: Did not find IsService </code></pre> <p>I think this may be a problem with the <code>HttpContext.Current</code> not being the same between the filter and the module, but I'm not sure.</p> <p>Another option I tried was to subscribe to the <code>FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider</code> event in the <code>Application_Start</code> event of my Global.asax.cs, but the WSFederationAuthenticationModule is null at that time.</p> <pre><code>private void ConfigureWSFederationAuthentication() { bool hasFederatedAuthentication = false; try { if (FederatedAuthentication.WSFederationAuthenticationModule != null) { hasFederatedAuthentication = true; } } catch { hasFederatedAuthentication = false; } if (hasFederatedAuthentication) { Logger.Info("WSFederation: Registering for Event Handler"); FederatedAuthentication.WSFederationAuthenticationModule.RedirectingToIdentityProvider += (s, e) =&gt; { var msg = string.Empty; try { if (HttpContext.Current.Request.Headers["X-Requested-With"] == "XMLHttpRequest") { e.Cancel = true; msg = "Found XMLHttpRequest header"; } else { msg = "Did not find XMLHttpRequest header"; } } catch (Exception ex) { msg = "WSFederation: Event Handler Error: " + ex.Message; } Logger.Info("WSFederation: Redirecting from Event Handler: " + msg); }; } else { Logger.Info("WSFederation: Null WSFederationAuthenticationModule"); } } </code></pre> <p>I'd like to know either how to get the first option working, or where I should subscribe to the <code>RedirectingToIdentityProvider</code> event.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USJacob
    1. USJacob
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POPrevent XmlHttpRequest redirect response in .Net MVC WS-Federation Site
      1. USJacob
      1. VTBountyStart
    2. VO
      singulars
      1. POPrevent XmlHttpRequest redirect response in .Net MVC WS-Federation Site
      1. This table or related slice is empty.
      1. VTBountyClose
    3. VO
      singulars
      1. POPrevent XmlHttpRequest redirect response in .Net MVC WS-Federation Site
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload