IIS-Windows-Authentication stuck in an infinite loop

FlixRo Published at Dev

FlixRo

I'm trying to access an old ASP.NET-Api(API 1) via Angular 8. Because of CORS-Issues the access is handled via a proxy.conf.js-File. (Found in another post)

var Agent = require("agentkeepalive");

var keepaliveAgent = new Agent({
  maxSockets: 100,
  keepAlive: true,
  maxFreeSockets: 10,
  keepAliveMsecs: 1000,
  timeout: 60000,
  keepAliveTimeout: 30000 // free socket keepalive for 30 seconds
});

var onProxyRes = function (proxyRes, req, res) {
  var key = 'www-authenticate';
  proxyRes.headers[key] = proxyRes.headers[key] && proxyRes.headers[key].split(',');
};

const PROXY_CONFIG = [
  {
    target: Application-Url,
    context: "/api/",
    secure: false,
    changeOrigin: true,
    auth: "LOGIN:PASS",
    loglevel: "debug",
    onProxyRes: onProxyRes,
    agent: keepaliveAgent
  }
];
module.exports = PROXY_CONFIG;

In the .NET-Application the only thing that hints to the authentification is the following line in the web.config-File.

<authentication mode="Windows" />

When compiled and executed the following behavior occurs: A login-mask shows up which asks for windows-authentication. If the credentials are entered the mask closes and reopens again instantly. This behaviour continous endlessly.

Note: Accessing the api-endpoints via the commandline of the browser works perfectly fine.

Jalpa Panchal

You could use below PowerShell command to disable look back check:

New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa -Name "DisableLoopbackCheck" -Value "1" -PropertyType dword

after changing the registry key restarts the machine.

or you could try below things:

set this code in your web.config file:

<authentication mode="Windows" />
<authorization>
    <allow users="*" />
    <deny users="?" />
</authorization>

and make sure that you set NTML as the first provider.

check that under Advanced Settings... the Extended Protection is set to Accept.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-12-8

Comments

0 comments

TOP Ranking

Article

IIS-Windows-Authentication stuck in an infinite loop

IIS-Windows-Authentication stuck in an infinite loop

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

pump.io port in URL

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

grouping by column variables and appending a new variable based on condition

Python Read Directory And Output to CSV

BigQuery - concatenate ignoring NULL

Angular 8. Unknown amount of http.get requests in array to call, must be sequential, what to use

Remove adjacent duplicates in linked list in C

Can a 32-bit antivirus program protect you from 64-bit threats

How to keep curl session alive between two php processes?

Limit number of characters in uitextview

Unable to use switch toggle for dark mode in material-ui

In C#, is there a way to create a List directly from an Array without copying?

Laravel getting value from another table using eloquent

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

MTKView Displaying Wide Gamut P3 Colorspace

Vector input in shiny R and then use it

Modify c# Windows Forms control library

SQL Server : are transaction locking table for other users?

When I click any button in my view page the form is submitted

Can you sort columns (horizontally) in Google Sheets?