Weird 302 Redirects in Windows Azure

Posted by Your DisplayName here! on Least Privilege See other posts from Least Privilege or by Your DisplayName here!
Published on Tue, 31 May 2011 04:42:55 GMT Indexed on 2011/06/20 16:38 UTC
Read the original article Hit count: 262

Filed under:
|

In IdentityServer I don’t use Forms Authentication but the session facility from WIF. That also means that I implemented my own redirect logic to a login page when needed.

To achieve that I turned off the built-in authentication (authenticationMode="none") and added an Application_EndRequest handler that checks for 401s and does the redirect to my sign in route. The redirect only happens for web pages and not for web services.

This all works fine in local IIS – but in the Azure Compute Emulator and Windows Azure many of my tests are failing and I suddenly see 302 status codes where I expected 401s (the web service calls). After some debugging kung-fu and enabling FREB I found out, that there is still the Forms Authentication module in effect turning 401s into 302s. My EndRequest handler never sees a 401 (despite turning forms auth off in config)!

Not sure what’s going on (I suspect some inherited configuration that gets in my way here). Even if it shouldn’t be necessary, an explicit removal of the forms auth module from the module list fixed it, and I now have the same behavior in local IIS and Windows Azure. strange.

<modules>
  <remove name="FormsAuthentication" />
</modules>

HTH

Update: Brock ran into the same issue, and found the real reason. Read here.

© Least Privilege or respective owner

Related posts about Azure

Related posts about IdentityServer