Microsoft.Owin.Security.IAuthenticationManager doesn't redirect to login page
I'm using Microsoft.Owin.Security in my application (ASP.NET MVC v 5.2.0 on .NET 4.5). But just the security part of OWIN nothing else. When a user wants to access to a protected URL, in local, the request get redirected to the login page. But when I publish the app on server, I get this window instead of redirecting:
my login and log-off methods are:
public void LogIn(long userId, string username, string email, bool persistent) {
var claims = new List<Claim>{
new Claim(ClaimTypes.NameIdentifier, userId.ToString(CultureInfo.InvariantCulture)),
new Claim(ClaimTypes.Name, username),
new Claim(ClaimTypes.Email, email),
new Claim(ClaimTypes.IsPersistent, persistent.ToString())
};
var id = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
var ctx = HttpContext.Current.Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignOut(DefaultAuthenticationTypes.ExternalCookie);
authenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = persistent
}, id);
}
public void LogOut() {
var ctx = HttpContext.Current.Request.GetOwinContext();
var authenticationManager = ctx.Authentication;
authenticationManager.SignOut();
}
and here is my startup:
public partial class Startup {
public void ConfigureAuth(IAppBuilder app) {
app.UseCookieAuthentication(new CookieAuthenticationOptions {
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/account/log-in/"),
AuthenticationMode = AuthenticationMode.Active,
CookieHttpOnly = true,
CookieName = ".some-cookie-name",
ExpireTimeSpan = TimeSpan.FromDays(1),
LogoutPath = new PathString("/account/log-out/"),
SlidingExpiration = true,
ReturnUrlParameter = "continue"
});
}
}
I also have this line in global.asax::Application_Start method:
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;
and these configuration in web.config:
<system.web>
<authentication mode="None" />
<httpModules>
<remove name="FormsAuthenticationModule" />
<remove name="RoleManager" />
</httpModules>
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules runAllManagedModulesForAllRequests="false">
<remove name="FormsAuthenticationModule" />
<remove name="RoleManager" />
</modules>
</system.webServer>
and finally I'm running the application on a Windows 2008 R2 machine with IIS 7.5. Do you have any idea what should I do to make OWIN work correctly on my server, just like my local?
UPDATE: To be clear:
Assume I have these actions:
[AllowAnonymous]
public ActionResult AnonymousAction() { }
[Authorize]
public ActionResult UsersAction() { }
One for anonymous users, and another for logged-in users (which are well decorated with attributes). Anonymous users, can access AnonymousAction easily without any error or misbehavior. But when they (I mean Anonymous users) want to access UsersAction, instead of getting redirected to login page, they will see the window I mentioned above.
Well, it was really simple. According to @trailmax's answer (thanks to him), I realized that I should pay attention to the response's http-code. It was a 401 - Unauthorized code. So, I asked myself why is that? Until I found this answer. Then, the only thing I needed was creating the following attribute:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public class AuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute {
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
if (filterContext.HttpContext.Request.IsAuthenticated) {
filterContext.Result = new HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
} else {
base.HandleUnauthorizedRequest(filterContext);
}
}
}
- Not able to install Microsoft.AspNet.WebApi.Cors from NuGet
- ArgumentException: An item with the same key has already been added
- How can I get the client's IP address in ASP.NET MVC?
- EPPlus - .NET - Preserve VBA Project when loading in Excel package
- Saving the changes with AddSync
- Auto-generated "App_Web********.cs" files in temp directory causing build errors
- Paging in MVC .NET Framework not working, how to get it to work
- Pager in .Net Core 2.1
- Paging in webgrid not working in asp.net mvc 5
- Paging with PagedList, is it efficient?
- PagedList.Mvc returns all records from the table
- MVC Paging not working in AJAX Form
- Passing filter as object from View to Controller
- Persisting a variable across .NET MVC controller requests
- Private variables inside DelegatingHandler mixing values from other requests
- paging with asp.net mvc c#
- Paging using Linq-To-Sql based on two parameters in asp.net mvc
- ASP.NET MVC Paging, Preserving Current Query Parameters
- Default Page value is Coming as 1 in Jqgrid Paging
- TFS and referenced DLLs
- Entity Framework Core 3.1.6 Item With Same Key Has Already Been Added
- How to get return value from Task wait()
- Default Authentication scheme in ASP.NET MVC
- Error message: (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.)
- JQuery Ajax Call towards ASP.NET MVC action method - "Internal Server Error ?"
- I want to pre-fill an input of type IFormFile
- Unable to send the List of model data to a view using asp.net mvc
- Asp Core, How to create Paging?
- Session datatable getting cleared based on another datatable
- Paging the huge data that is returned by the Web API