Let me preface this issue by saying that I have this working fine through Visual Studio 2015 and IIS Express and my local box. It's only when deployed to the server and running IdentityServer in IIS that I encounter this issue.
I am trying to authenticate Users using LDAP for an MVC Application. I based my solution on this sample provided on the Thinktecture GitHub site https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/WebHost%20(Windows%20Auth%20All-in-One) .
However when the call to authenticate is made, it never returns and I end up with a blank browser window with the URL http://idsrv-qa.mycompany.com/windows/?wtrealm=urn%3aidsrv3&wctx=WsFedOwinState%3d7jHr43FejPBsGjnsqfRxGUbavGj3HvElBx3-TZCxpF8y57_9m3m2-BLLBzlFAcTKsxSyEMZHpJVw55y7kfRazWSdLA400ovdbt87vFEv7dPOyY0bToDiyKqnAny4nsCVlr8Z_MW4na4A2ttcjqYqGmFPJiLqmWvGLh0jjzHZyWNrfV8e3xmCpbwbvGPSE_B1h3oxB_7xzf4zPGmNecHcrA&wa=wsignin1.0 in the address bar.
The Identity Server log shows this final sequence of entries:
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () User is not authenticated. Redirecting to login.
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () End authorize request
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () Redirecting to login page
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () Login page requested
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () local login disabled for the client
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () only one provider for client
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () redirecting to provider URL: "http://idsrv-qa.mycompany.com/external?provider=windows&signin=27c60199be385d868df2255711e348d6"
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () External login requested for provider: "windows"
w3wp.exe Information: 0 : 01/09/2017 11:29:16 -07:00 [Information] () Triggering challenge for external identity provider
w3wp.exe Information: 0 : 01/09/2017 11:29:17 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation metadata request
w3wp.exe Information: 0 : 01/09/2017 11:29:17 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation request
w3wp.exe Information: 0 : 01/09/2017 11:29:17 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) User is anonymous. Triggering authentication
And that is it. When I look at the source code for the AuthenticationController class in IS, I see this:
if (User == null || !User.Identity.IsAuthenticated)
{
Logger.Info("User is anonymous. Triggering authentication");
return Unauthorized();
}
So, it looks like it is hitting this code block and returning a result of "Unauthorized" but the calling code never DOES anything with that result. It doesn't seem to do a postback to the calling application, try to do an LDAP authentication, throw an error or anything. It just STOPS.
As I said previously, when I run my project through VS2015 and IIS Express, it succeeds. For comparison, here is a sample of the successful log entry:
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () User is not authenticated. Redirecting to login.
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () End authorize request
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () Redirecting to login page
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () Login page requested
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () local login disabled for the client
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () only one provider for client
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () redirecting to provider URL: "http://localhost:63757/external?provider=windows&signin=728d77e9f2f2eccd36a84e43418fbfb1"
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () External login requested for provider: "windows"
iisexpress.exe Information: 0 : 01/09/2017 11:45:01 -07:00 [Information] () Triggering challenge for external identity provider
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation metadata request
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation request
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) User is anonymous. Triggering authentication
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Start WS-Federation request
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.AuthenticationController) Sign-in request
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] (IdentityServer.WindowsAuthentication.SignInResponseGenerator) Creating WS-Federation signin response
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] () Callback invoked from external identity provider
iisexpress.exe Information: 0 : 01/09/2017 11:45:02 -07:00 [Information] () external user provider: "windows", provider ID: "S-1-5-21-4244171952-2663774276-83029744-5772"
iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () External identity successfully validated by user service
iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () Calling PostAuthenticateAsync on the user service
iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () issuing primary signin cookie
iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () redirecting to: http://localhost:63757/connect/authorize?client_id=ESGInternalMvc&redirect_uri=http:%2F%2Flocalhost:53334%2Fauth%2FsignInCallback&response_mode=form_post&response_type=code id_token token&scope=openid profile email dispatch&state=OpenIdConnect.AuthenticationProperties%3DDj4k5NwDbjNjtEajN5jxFUtsMogFbASZxNyB1M_6CiDw0BabLIV5uJFKtRZfVWGebmRQUUM2P3tp-ISDxwtocWV6UmDz-8tbW1cRBcT604YUEDXO_T9MLPIohOkjTTL7ZyhgdgHlvPPagTWu5yWryU-efi7tMiCjryNJZHrhO03fLVS_fjwaAodFsQpvGN3G1MkxukyPiWmU1EtmmS17zHvPj7jRPW4Es50lI4LfQ0U&nonce=636195843010675313.M2I5N2U4YjUtZjdhNi00NDc2LThkOTgtNzc4MzJkZGI2ZDE5M2ZhOTkzNmEtMDdmMy00ZGIyLWJjNmUtZTJkZDA5YzljZmMz
iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () Start authorize request
iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () Start authorize request protocol validation
iisexpress.exe Information: 0 : 01/09/2017 11:45:03 -07:00 [Information] () "Authorize request validation success"
Any and all help and/or advice would be greatly appreciated with this issue.