Unstable authorization/login for the Admin BC

Question

Unstable authorization/login for the Admin BC

gardnk opened this issue 5 years ago · comments

Gard Njåtun Krøyer commented 5 years ago

When moving between the bounded contexts you all of a sudden lose authorization but can still view the page, only all content is gone. A refresh sometimes fixes it, sometimes not.

I had a really hard time reproducing this bug. It happened sporadically for me when using Chrome but when I tried Safari it is pretty consistent. But then again others are experiencing it in Chrome as well.

It happens only when navigating to Admin. I have looked through configurations, both in the Core project and in B2C directory in Azure portal, but everything seems to be the same for all bounded contexts.

I have copied the result of one successful and one unsuccessful request as seen in Safari (hoping some clever person will understand what's going on):

Error request:

Summary
URL: https://sng.cbsrc.org/admin/identity
URL: https://login.microsoftonline.com/te/cbssng.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?client_id={client_id}&redirect_uri=https%3A%2F%2Fsng.cbsrc.org%2Fadmin%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636990375031379474.OTEyZmE1ZjgtYjBlYy00NGE3LTkzMDMtOTA4NTg5M2VjNDRhYWQwODk2MmYtYWM5YS00OGFhLWI1MzctMDI4MDA0OTIyM2Vk&state=CfDJ8F4kuEqmKcxBjWzV_sNKm0AzlTulPK2sN82xs8wNZHqn3Tw_006JZLNfialaa9ujvy6WVcEjTRdiPhABjzudMbjIxkk6Vi0Cry0QxuFgQLABaUzINweYV3eug5K8XNoHrKtbMieRWIaQsshL1tSENT01syWeNwXp-EBrdCmOCsd_DDTZzJozms0Xp9IAujcx5aCswQcXL8LkCD496Rh6meZSrc7emCjRkO9_edxIK_IEbdFbuSz5mAEXiohAAYXj2KjIEiJExq-kMUaxt3EseDmPTyCeVJ0Zf_y2gxtqLXED_SIombkx1bz0bFbwSSnBEg&x-client-SKU=ID_NET&x-client-ver=2.1.4.0
Status: —
Source: —

Request
GET /admin/identity
Referer: https://sng.cbsrc.org/admin/
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15

Redirect Response
302
Location: https://login.microsoftonline.com/te/cbssng.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?client_id={client_id}&redirect_uri=https%3A%2F%2Fsng.cbsrc.org%2Fadmin%2Fsignin-oidc&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=636990375031379474.OTEyZmE1ZjgtYjBlYy00NGE3LTkzMDMtOTA4NTg5M2VjNDRhYWQwODk2MmYtYWM5YS00OGFhLWI1MzctMDI4MDA0OTIyM2Vk&state=CfDJ8F4kuEqmKcxBjWzV_sNKm0AzlTulPK2sN82xs8wNZHqn3Tw_006JZLNfialaa9ujvy6WVcEjTRdiPhABjzudMbjIxkk6Vi0Cry0QxuFgQLABaUzINweYV3eug5K8XNoHrKtbMieRWIaQsshL1tSENT01syWeNwXp-EBrdCmOCsd_DDTZzJozms0Xp9IAujcx5aCswQcXL8LkCD496Rh6meZSrc7emCjRkO9_edxIK_IEbdFbuSz5mAEXiohAAYXj2KjIEiJExq-kMUaxt3EseDmPTyCeVJ0Zf_y2gxtqLXED_SIombkx1bz0bFbwSSnBEg&x-client-SKU=ID_NET&x-client-ver=2.1.4.0
Date: Thu, 18 Jul 2019 09:05:02 GMT

Request
Accept: */*
Origin: https://sng.cbsrc.org
Referer: https://sng.cbsrc.org/admin/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15

Response
No response headers

Query String Parameters
client_id:{client_id}
redirect_uri: https://sng.cbsrc.org/admin/signin-oidc
response_type: id_token
scope: openid profile
response_mode: form_post
nonce: 636990375031379474.OTEyZmE1ZjgtYjBlYy00NGE3LTkzMDMtOTA4NTg5M2VjNDRhYWQwODk2MmYtYWM5YS00OGFhLWI1MzctMDI4MDA0OTIyM2Vk
state: CfDJ8F4kuEqmKcxBjWzV_sNKm0AzlTulPK2sN82xs8wNZHqn3Tw_006JZLNfialaa9ujvy6WVcEjTRdiPhABjzudMbjIxkk6Vi0Cry0QxuFgQLABaUzINweYV3eug5K8XNoHrKtbMieRWIaQsshL1tSENT01syWeNwXp-EBrdCmOCsd_DDTZzJozms0Xp9IAujcx5aCswQcXL8LkCD496Rh6meZSrc7emCjRkO9_edxIK_IEbdFbuSz5mAEXiohAAYXj2KjIEiJExq-kMUaxt3EseDmPTyCeVJ0Zf_y2gxtqLXED_SIombkx1bz0bFbwSSnBEg
x-client-SKU: ID_NET
x-client-ver: 2.1.4.0

Successful request:

Summary
URL: https://sng.cbsrc.org/reporting/identity
Status: 200
Source: Network
Address: 40.68.133.20:443

Request
:method: GET
:scheme: https
:authority: sng.cbsrc.org
:path: /reporting/identity
Cookie: ai_session=CMlum|1563440688111|1563440895283; .AspNetCore.Cookies=CfDJ8K_9cfI9qwpKocI_lHY70F627t9-daXclsoyikIQpvZPlDffBVt1NMfFsAWy3PyiaM7kwz7g9uZluuYK6aXAQDGLsk2Zz9EMHNVcF-_uOMdYuVBxQkUHhUwilNn8r3nr9Z8dDj_N_x95qive7DqbU830UYqw8CVwNqRV0IxFd3YwAPQ1pwk8qts5IgH5qBMibB0cLHcksdBFLl9TJRjDS6iEVwMFFxwjShASrX3eyUD7G4VgU9hOpjP2lG_VuBj9NHIAEO7PaXjZOkk2geLnHrUR1Y7vaUkHy7G0o_iiAmAKKOnEDiHsrIYGDE2JrOVsxf8R9MULfIXjPzNjpvxj3E-KUdPQZQPm7sXHvPB7PUa_nCEcdd8s_zNC06nlSzluQn1WsM6oRtezhiALP8wGpWOpTOIqF_Iu8UZBHGQebsE_5zDPkwcFuP0ozdl8tS6K7Pwu8mKeeeXbD_Yyih15Afo_revswdSQ3vE5T2Av8Vg-WYvEBSFQ3P3lsVMiWetbaUjrN6uCoULDaNh01St82KQvk-Raj5AMHnHu68jvnGSl3Rb_Pqat6woFWI07xldqt9H5tDPz48Cj-bK_yQm90AieG-MkV_2EMxdlhVgt2piFFIbet4FBsRBKHJ2GT97AlE8OFrefLHf8BCpppCs0EJ40xPP_onLvRhPuU4kGwS3lQqYY22tEQHmt_swsN4OWSyP8WVGLtIakhJrh6aotkMTdmxltNJ6VCHgBmqfJ9pJadkRNFT_NK8V0GtwrPk21KQm19U8HjB1VhApIAzeuVpIoBcVi4Z9XAN56I_ZVOAwPqCilcn7e8sjDe0ie4krWMRd1YA8GU1-Cxu7fa2SL7RYwNGiMqbj129ol7MhWgo4-Jzni0T7S0ADxLVFbcDonGiJQqB7erSxIHzldJj3aS0S1SapXkjAfuqW7skvZBLqcrA86V4l376Q2a9UNADjm5x-ASHmQKolFIL5p2UwkXF5UDIqKgsYiHqioGGWuiDPCR-ur1bKzW6e4BZkgqDPSyAUXXoi1uU-gCATcFLAjVLHPODuXVjLR_98Rc0zaPaBJ; ai_user=SakZi|2019-07-18T09:04:47.861Z
Accept: */*
Accept-Encoding: br, gzip, deflate
Host: sng.cbsrc.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15
Accept-Language: en-us
Referer: https://sng.cbsrc.org/reporting/datacollectors/
Connection: keep-alive

Response
:status: 200
Content-Type: text/plain; charset=utf-8
Content-Length: 4
Date: Thu, 18 Jul 2019 09:08:18 GMT
Server: Kestrel

Gard Njåtun Krøyer · Answer 1 · Wed Jul 24 2019 16:38:53 GMT+0800 (China Standard Time)

Problem was that the bounded contexts didn't share cookies