IdentityServer3 constant redirect on login only on mobile











up vote
1
down vote

favorite












I have a problem where my identity server works great with no problems logging in users on desktop computers. However when i go to the webpage on a mobile app and log in I get a constant redirect situation.



It goes to the identity server the first time, I log in, and then when it redirects back to the app it automatically redirects back to identity server and back and forth.



If I stop the redirection (by hitting the stop button on the browser) then go to my site I am already logged in now.



I am using IdentityServer3 and Asp.Net Core.



The logs for the identity server show no error and successful logins. This happens if I log in with an external provider or a custom provider.



I thought it was something with safari but i installed chrome on my phone and it does the same thing.



I did some research and I don't think it is a http/https problem and I can not add the Session_start because it doesn't exist in core.



Can anyone think of a reason the mobile app would not work while the desktop app works fine? Any suggestions on any other logs i can check or things i can try?



public void ConfigureServices(IServiceCollection services)

{

    services.AddAuthentication(options =>

    {

        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;

        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;

        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;

    })

    .AddCookie(options =>

    {

        options.LoginPath = new PathString("/Login/Login/");

        options.AccessDeniedPath = new PathString("/Login/Login/");

    })

    .AddOpenIdConnect(options =>

    {

        options.Authority = _authenticationServer;

        options.ClientId = "...";

        options.ResponseType = "id_token";

        options.Scope.Add("openid");

        options.Scope.Add("email");

        options.Scope.Add("profile");

        options.UseTokenLifetime = false;



        options.TokenValidationParameters = new TokenValidationParameters

        {

            NameClaimType = "name",

            ValidateIssuer = false,

        };

        options.Events = new OpenIdConnectEvents

        {

            OnTokenValidated = context =>

            {

                ...

                return Task.CompletedTask;

            }

        };

    });



    services.AddMvc(config =>

    {

        var policy = new AuthorizationPolicyBuilder()

                            .RequireAuthenticatedUser()

                            .Build();

        config.Filters.Add(new AuthorizeFilter(policy));

    })

    .AddJsonOptions(options =>

            options.SerializerSettings.ContractResolver = new DefaultContractResolver());



    services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

    services.AddSingleton(Configuration);

    services.AddMemoryCache();

    services.AddSession();

    services.AddKendo();

}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)

{

    if (env.IsDevelopment())

    {

        app.UseDeveloperExceptionPage();

    }

    else

    {

        app.UseExceptionHandler("/Home/Error");

        app.UseHsts();

    }

    app.UseStaticFiles();

    app.UseSession();

    app.UseAuthentication();



    app.UseMvc(routes =>

    {

        routes.MapRoute(

                name: "default",

                template: "{controller=Home}/{action=Index}/{id?}");

    });

}





asp.net .net-core identityserver3







share|improve this question


























    up vote
    1
    down vote

    favorite












    I have a problem where my identity server works great with no problems logging in users on desktop computers. However when i go to the webpage on a mobile app and log in I get a constant redirect situation.



    It goes to the identity server the first time, I log in, and then when it redirects back to the app it automatically redirects back to identity server and back and forth.



    If I stop the redirection (by hitting the stop button on the browser) then go to my site I am already logged in now.



    I am using IdentityServer3 and Asp.Net Core.



    The logs for the identity server show no error and successful logins. This happens if I log in with an external provider or a custom provider.



    I thought it was something with safari but i installed chrome on my phone and it does the same thing.



    I did some research and I don't think it is a http/https problem and I can not add the Session_start because it doesn't exist in core.



    Can anyone think of a reason the mobile app would not work while the desktop app works fine? Any suggestions on any other logs i can check or things i can try?



    public void ConfigureServices(IServiceCollection services)
    
{
    
    services.AddAuthentication(options =>
    
    {
    
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    
    })
    
    .AddCookie(options =>
    
    {
    
        options.LoginPath = new PathString("/Login/Login/");
    
        options.AccessDeniedPath = new PathString("/Login/Login/");
    
    })
    
    .AddOpenIdConnect(options =>
    
    {
    
        options.Authority = _authenticationServer;
    
        options.ClientId = "...";
    
        options.ResponseType = "id_token";
    
        options.Scope.Add("openid");
    
        options.Scope.Add("email");
    
        options.Scope.Add("profile");
    
        options.UseTokenLifetime = false;
    

    
        options.TokenValidationParameters = new TokenValidationParameters
    
        {
    
            NameClaimType = "name",
    
            ValidateIssuer = false,
    
        };
    
        options.Events = new OpenIdConnectEvents
    
        {
    
            OnTokenValidated = context =>
    
            {
    
                ...
    
                return Task.CompletedTask;
    
            }
    
        };
    
    });
    

    
    services.AddMvc(config =>
    
    {
    
        var policy = new AuthorizationPolicyBuilder()
    
                            .RequireAuthenticatedUser()
    
                            .Build();
    
        config.Filters.Add(new AuthorizeFilter(policy));
    
    })
    
    .AddJsonOptions(options =>
    
            options.SerializerSettings.ContractResolver = new DefaultContractResolver());
    

    
    services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
    
    services.AddSingleton(Configuration);
    
    services.AddMemoryCache();
    
    services.AddSession();
    
    services.AddKendo();
    
}
    
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    
{
    
    if (env.IsDevelopment())
    
    {
    
        app.UseDeveloperExceptionPage();
    
    }
    
    else
    
    {
    
        app.UseExceptionHandler("/Home/Error");
    
        app.UseHsts();
    
    }
    
    app.UseStaticFiles();
    
    app.UseSession();
    
    app.UseAuthentication();
    

    
    app.UseMvc(routes =>
    
    {
    
        routes.MapRoute(
    
                name: "default",
    
                template: "{controller=Home}/{action=Index}/{id?}");
    
    });
    
}





    asp.net .net-core identityserver3







    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I have a problem where my identity server works great with no problems logging in users on desktop computers. However when i go to the webpage on a mobile app and log in I get a constant redirect situation.



      It goes to the identity server the first time, I log in, and then when it redirects back to the app it automatically redirects back to identity server and back and forth.



      If I stop the redirection (by hitting the stop button on the browser) then go to my site I am already logged in now.



      I am using IdentityServer3 and Asp.Net Core.



      The logs for the identity server show no error and successful logins. This happens if I log in with an external provider or a custom provider.



      I thought it was something with safari but i installed chrome on my phone and it does the same thing.



      I did some research and I don't think it is a http/https problem and I can not add the Session_start because it doesn't exist in core.



      Can anyone think of a reason the mobile app would not work while the desktop app works fine? Any suggestions on any other logs i can check or things i can try?



      public void ConfigureServices(IServiceCollection services)
      
{
      
    services.AddAuthentication(options =>
      
    {
      
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
      
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
    })
      
    .AddCookie(options =>
      
    {
      
        options.LoginPath = new PathString("/Login/Login/");
      
        options.AccessDeniedPath = new PathString("/Login/Login/");
      
    })
      
    .AddOpenIdConnect(options =>
      
    {
      
        options.Authority = _authenticationServer;
      
        options.ClientId = "...";
      
        options.ResponseType = "id_token";
      
        options.Scope.Add("openid");
      
        options.Scope.Add("email");
      
        options.Scope.Add("profile");
      
        options.UseTokenLifetime = false;
      

      
        options.TokenValidationParameters = new TokenValidationParameters
      
        {
      
            NameClaimType = "name",
      
            ValidateIssuer = false,
      
        };
      
        options.Events = new OpenIdConnectEvents
      
        {
      
            OnTokenValidated = context =>
      
            {
      
                ...
      
                return Task.CompletedTask;
      
            }
      
        };
      
    });
      

      
    services.AddMvc(config =>
      
    {
      
        var policy = new AuthorizationPolicyBuilder()
      
                            .RequireAuthenticatedUser()
      
                            .Build();
      
        config.Filters.Add(new AuthorizeFilter(policy));
      
    })
      
    .AddJsonOptions(options =>
      
            options.SerializerSettings.ContractResolver = new DefaultContractResolver());
      

      
    services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
      
    services.AddSingleton(Configuration);
      
    services.AddMemoryCache();
      
    services.AddSession();
      
    services.AddKendo();
      
}
      
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
      
{
      
    if (env.IsDevelopment())
      
    {
      
        app.UseDeveloperExceptionPage();
      
    }
      
    else
      
    {
      
        app.UseExceptionHandler("/Home/Error");
      
        app.UseHsts();
      
    }
      
    app.UseStaticFiles();
      
    app.UseSession();
      
    app.UseAuthentication();
      

      
    app.UseMvc(routes =>
      
    {
      
        routes.MapRoute(
      
                name: "default",
      
                template: "{controller=Home}/{action=Index}/{id?}");
      
    });
      
}





      asp.net .net-core identityserver3







      share|improve this question













      I have a problem where my identity server works great with no problems logging in users on desktop computers. However when i go to the webpage on a mobile app and log in I get a constant redirect situation.



      It goes to the identity server the first time, I log in, and then when it redirects back to the app it automatically redirects back to identity server and back and forth.



      If I stop the redirection (by hitting the stop button on the browser) then go to my site I am already logged in now.



      I am using IdentityServer3 and Asp.Net Core.



      The logs for the identity server show no error and successful logins. This happens if I log in with an external provider or a custom provider.



      I thought it was something with safari but i installed chrome on my phone and it does the same thing.



      I did some research and I don't think it is a http/https problem and I can not add the Session_start because it doesn't exist in core.



      Can anyone think of a reason the mobile app would not work while the desktop app works fine? Any suggestions on any other logs i can check or things i can try?



      public void ConfigureServices(IServiceCollection services)
      
{
      
    services.AddAuthentication(options =>
      
    {
      
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
      
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      
    })
      
    .AddCookie(options =>
      
    {
      
        options.LoginPath = new PathString("/Login/Login/");
      
        options.AccessDeniedPath = new PathString("/Login/Login/");
      
    })
      
    .AddOpenIdConnect(options =>
      
    {
      
        options.Authority = _authenticationServer;
      
        options.ClientId = "...";
      
        options.ResponseType = "id_token";
      
        options.Scope.Add("openid");
      
        options.Scope.Add("email");
      
        options.Scope.Add("profile");
      
        options.UseTokenLifetime = false;
      

      
        options.TokenValidationParameters = new TokenValidationParameters
      
        {
      
            NameClaimType = "name",
      
            ValidateIssuer = false,
      
        };
      
        options.Events = new OpenIdConnectEvents
      
        {
      
            OnTokenValidated = context =>
      
            {
      
                ...
      
                return Task.CompletedTask;
      
            }
      
        };
      
    });
      

      
    services.AddMvc(config =>
      
    {
      
        var policy = new AuthorizationPolicyBuilder()
      
                            .RequireAuthenticatedUser()
      
                            .Build();
      
        config.Filters.Add(new AuthorizeFilter(policy));
      
    })
      
    .AddJsonOptions(options =>
      
            options.SerializerSettings.ContractResolver = new DefaultContractResolver());
      

      
    services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
      
    services.AddSingleton(Configuration);
      
    services.AddMemoryCache();
      
    services.AddSession();
      
    services.AddKendo();
      
}
      
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
      
{
      
    if (env.IsDevelopment())
      
    {
      
        app.UseDeveloperExceptionPage();
      
    }
      
    else
      
    {
      
        app.UseExceptionHandler("/Home/Error");
      
        app.UseHsts();
      
    }
      
    app.UseStaticFiles();
      
    app.UseSession();
      
    app.UseAuthentication();
      

      
    app.UseMvc(routes =>
      
    {
      
        routes.MapRoute(
      
                name: "default",
      
                template: "{controller=Home}/{action=Index}/{id?}");
      
    });
      
}





      asp.net .net-core identityserver3




      asp.net .net-core identityserver3






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      JackSojourn

      262




      262
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          It's most likely a cookie storage problem. There are limits for cookie size that vary from browser to browser.




          1. After successful login browser gets redirected

          2. Server tries to set
            the cookie

          3. If cookie size exceeds the limit, browser gives a warning
            in the console, that cookie will be ignored

          4. Page reloads, but there
            is no authentication cookie set, so browser gets redirected to the
            login page

          5. Often "remember me" option is enabled, so cycle begins
            with step 1


          Try to reduce the cookie size.






          share|improve this answer





















          • Thanks...I tried removing all my claims but the problem still exists. is there another way to reduce the cookie size just to test? I'd like to verify if this is the problem.
            – JackSojourn
            18 hours ago










          • I verified that OnTokenValidated is called in my client app. Immediately after OnRedirectToIdentityProvider is called. I was also thinking if its a cookie size problem then why does it work if i stop the redirects and refresh?
            – JackSojourn
            16 hours ago











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53361553%2fidentityserver3-constant-redirect-on-login-only-on-mobile%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote













          It's most likely a cookie storage problem. There are limits for cookie size that vary from browser to browser.




          1. After successful login browser gets redirected

          2. Server tries to set
            the cookie

          3. If cookie size exceeds the limit, browser gives a warning
            in the console, that cookie will be ignored

          4. Page reloads, but there
            is no authentication cookie set, so browser gets redirected to the
            login page

          5. Often "remember me" option is enabled, so cycle begins
            with step 1


          Try to reduce the cookie size.






          share|improve this answer





















          • Thanks...I tried removing all my claims but the problem still exists. is there another way to reduce the cookie size just to test? I'd like to verify if this is the problem.
            – JackSojourn
            18 hours ago










          • I verified that OnTokenValidated is called in my client app. Immediately after OnRedirectToIdentityProvider is called. I was also thinking if its a cookie size problem then why does it work if i stop the redirects and refresh?
            – JackSojourn
            16 hours ago















          up vote
          0
          down vote













          It's most likely a cookie storage problem. There are limits for cookie size that vary from browser to browser.




          1. After successful login browser gets redirected

          2. Server tries to set
            the cookie

          3. If cookie size exceeds the limit, browser gives a warning
            in the console, that cookie will be ignored

          4. Page reloads, but there
            is no authentication cookie set, so browser gets redirected to the
            login page

          5. Often "remember me" option is enabled, so cycle begins
            with step 1


          Try to reduce the cookie size.






          share|improve this answer





















          • Thanks...I tried removing all my claims but the problem still exists. is there another way to reduce the cookie size just to test? I'd like to verify if this is the problem.
            – JackSojourn
            18 hours ago










          • I verified that OnTokenValidated is called in my client app. Immediately after OnRedirectToIdentityProvider is called. I was also thinking if its a cookie size problem then why does it work if i stop the redirects and refresh?
            – JackSojourn
            16 hours ago













          up vote
          0
          down vote










          up vote
          0
          down vote









          It's most likely a cookie storage problem. There are limits for cookie size that vary from browser to browser.




          1. After successful login browser gets redirected

          2. Server tries to set
            the cookie

          3. If cookie size exceeds the limit, browser gives a warning
            in the console, that cookie will be ignored

          4. Page reloads, but there
            is no authentication cookie set, so browser gets redirected to the
            login page

          5. Often "remember me" option is enabled, so cycle begins
            with step 1


          Try to reduce the cookie size.






          share|improve this answer












          It's most likely a cookie storage problem. There are limits for cookie size that vary from browser to browser.




          1. After successful login browser gets redirected

          2. Server tries to set
            the cookie

          3. If cookie size exceeds the limit, browser gives a warning
            in the console, that cookie will be ignored

          4. Page reloads, but there
            is no authentication cookie set, so browser gets redirected to the
            login page

          5. Often "remember me" option is enabled, so cycle begins
            with step 1


          Try to reduce the cookie size.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered yesterday









          Mikhail Zhuravlev

          4861614




          4861614












          • Thanks...I tried removing all my claims but the problem still exists. is there another way to reduce the cookie size just to test? I'd like to verify if this is the problem.
            – JackSojourn
            18 hours ago










          • I verified that OnTokenValidated is called in my client app. Immediately after OnRedirectToIdentityProvider is called. I was also thinking if its a cookie size problem then why does it work if i stop the redirects and refresh?
            – JackSojourn
            16 hours ago


















          • Thanks...I tried removing all my claims but the problem still exists. is there another way to reduce the cookie size just to test? I'd like to verify if this is the problem.
            – JackSojourn
            18 hours ago










          • I verified that OnTokenValidated is called in my client app. Immediately after OnRedirectToIdentityProvider is called. I was also thinking if its a cookie size problem then why does it work if i stop the redirects and refresh?
            – JackSojourn
            16 hours ago
















          Thanks...I tried removing all my claims but the problem still exists. is there another way to reduce the cookie size just to test? I'd like to verify if this is the problem.
          – JackSojourn
          18 hours ago




          Thanks...I tried removing all my claims but the problem still exists. is there another way to reduce the cookie size just to test? I'd like to verify if this is the problem.
          – JackSojourn
          18 hours ago












          I verified that OnTokenValidated is called in my client app. Immediately after OnRedirectToIdentityProvider is called. I was also thinking if its a cookie size problem then why does it work if i stop the redirects and refresh?
          – JackSojourn
          16 hours ago




          I verified that OnTokenValidated is called in my client app. Immediately after OnRedirectToIdentityProvider is called. I was also thinking if its a cookie size problem then why does it work if i stop the redirects and refresh?
          – JackSojourn
          16 hours ago


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53361553%2fidentityserver3-constant-redirect-on-login-only-on-mobile%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

          Image
          28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
          Read more

          Does disintegrating a polymorphed enemy still kill it after the 2018 errata?

          Image
          up vote 13 down vote favorite 1 After the 2018 errata, the disintegrate spell description now reads: A creature targeted by this spell must make a Dexterity saving throw. On a failed save, the target takes 10d6 + 40 force damage. The target is disintegrated if this damage leaves it with 0 hit points. If you were to polymorph an enemy into a rat and then disintegrate it, would the enemy be disintegrated or would it just return to its original form? I know that for Druids, it’s not an instant kill anymore, but is this the case for polymorph as well? dnd-5e spells polymorph errata share | improve this question edited 18 hours ago
          Read more

          A Topological Invariant for $pi_3(U(n))$

          Image
          3 3 $begingroup$ Recently, I saw a construction of topological invariant for $pi_3(U(n))$ with $ngeq 2$ : $$ N=frac{1}{24pi^2}int_{S^3} d^3x epsilon^{ijk} Tr[(U^{-1}partial_{x_i}U)(U^{-1}partial_{x_j}U)(U^{-1}partial_{x_k}U)] , $$ where $Uin U(n)$ depends on $boldsymbol{x}=(x_1,x_2,x_3)in S^3$ , $epsilon^{ijk}$ is the Levi-Civita symbol, $i,j,k=1,2,3$ , and the duplicated indexes are summed over. It is claimed that $N$ is an integer, but why? Update 02/02/2019 I think I got an argument for $n=2$ . In this case, $U=e^{i varphi} q$ with $qin SU(2)$ . Due to the trace and the Levi-Civita symbol in $N$ , $varphi$ does not contribute to $N$ . As $Tr[q^{dagger}partial_i q]=0$ and $(q^{dagger}partial_i q)^{dagger}=-q^{dagger}partial_i q$ , $q^{dagger}partial_i q$ in geneeral has the form $q^{dagger}partia
          Read more