WsFederation Authentication login loop

Question

I am experiencing a problem with a login loop when using WsFederation Authentication in my MVC web application. I used visual studio to create the scaffolding of th

Answer 1

The cause of the problem was the request and response URLs where not the same. I.e. When a user entered the website URL and did not prefix it with HTTPS the redirect loop would occur.

The cause was hidden because the user is immediately redirected to ADFS if they are not authenticated or authorized.

All I had to do was to ensure that all user requests are redirected back to the HTTPS URL and that the HTTP binding is removed.(Either or would have worked just fine)

This is the code I used to ensure that all requests are redirect to https.

  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Redirect to https">
          <match url="(.*)"/>
          <conditions>
            <add input="{HTTPS}" pattern="Off"/>
            <add input="{REQUEST_METHOD}" pattern="^get$|^head$" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
        </rule>
      </rules>
    </rewrite>
  </system.webServer>

I hope this post was helpful.