0

I just integrated a single sign-on provider into my application, which is now sending a query string parameter when it redirects back to the requested page, which causes the page to not load. The way it is set up is:

  • I have a controller at localhost/AppName/Controller, whose Index method requires [Authorize]
  • Forms authentication redirects to the SSO
  • SSO redirects to localhost/AppName/Controller/?ticket=stringvalue
  • Page doesn't load (browser has a "cannot display the web page" message); removing the ?ticket business makes the page load.

My Index method looks like this:

public ActionResult Index(string ticket)

which I thought would accept the query string parameter. I am using the default route configuration, that is:

routes.MapRoute(
    // Route name
    "Default", 
    // URL with parameters
    "{controller}/{action}/{id}", 
    // Parameter defaults
    new { controller = "Home", action = "Index", id = UrlParameter.Optional } 
);
Improve this question
2
  • does it work if the full url is used - i.e. /Home/Index?ticket=ticket? Commented May 24, 2011 at 12:54
  • When you remove the ?ticket business, is the Index action still executed? Commented May 24, 2011 at 12:59

1 Answer 1

Reset to default
1

There is clearly something screwy about this - because there is no good reason why this should not work.

I'll bet if you take off the [Authorize] attribute you'll find that it works with the ?ticket=[value] bit in the Url.

If so, then I reckon Forms auth is getting stuck in a redirect loop (and the browser, after a while will simply refuse to continue) - I think it's not treating the current User as IsAuthenticated=true and so redirects to your SSO. The SSO says that the user is logged in and so redirects with the ticket parameter - ad nauseam.

You can debug this simply with the VS debugger and breakpointing your action method. Equally debugging at the Http level is often easier: download Fiddler and then hit your site using the special name http://ipv4.fiddler instead of http://localhost once it's up and running.

There must be more to your code that you haven't included, though - presumably somewhere you have code that intercepts the ticket and sets the user to be authenticated before the MVC action method kicks in? If so - I reckon that's failing.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Since I can't submit my own answer, I'll just throw this in here: I was dumb. Had the server name set as 'localhost' instead of 'localhost'.
Ah - now I would like to say that I've never done that before... but I can't ;)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.