Internet Explorer not redirecting to unauthorized page on logout

https://stackoverflow.com/questions/22917292

29-06-2023
|

Question

We have an Angular JS application with an MVC backend that uses WIF to authenticate a user using Azure ASC. The MVC controllers have an [Authorize] attribute so when an unauthenticated user attempts to access a page that requires authentication they receive a 401 error.

So the process is as follows:

Attempt to access Home/Index
Receive 401 error
Angular httpInterceptor picks up on the 401 and redirects to unauthorized (login) page using $location.path("/unauthorized");
User clicks login button and is redirected to Azure ACS to authenticate.
After successful authentication user is directed back to the site with an authentication token and can access protected resources.

The angular httpInterceptor:

      // On response failture
        responseError: function (rejection)
        {
            // console.log(rejection); // Contains the data about the error.
            if (rejection.status == 401)
            {
                $location.path("/unauthorized");
                return $q.when(rejection);
            }
            // Return the promise rejection.
            return $q.reject(rejection);
        }

When I first load up the page all browsers behave as expected.

The problem happens when I log out. With all the browsers apart from IE the following occurs

Perform single-signout by redirecting to signout URL.
After sign-out get redirected back to default page but since I now have no authentication token I receive a 401
I am redirected to the unauthorized (login) page

However when using IE the 401 doesn't happen in step 2 above. So the signout occurs but the default page loads. None of the angular scripts load because I load all of the angular controllers, services and directives inside the following razor statement:

@if (User.Identity.IsAuthenticated)
{
    //load angular files here
}

When I look at what is happening with fiddler I can see that the 401 doesn't happen with IE http://i.imgur.com/Of53mEY.png

but it does with the other browsers:

http://i.imgur.com/g1GmVw3.png

Why doesn't the 401 happen on IE like the other browsers?

Solution

I was able to fix the problem by moving some of the angular files outside of the below statement.

@if (User.Identity.IsAuthenticated)
{
    //load angular files here
}

Not sure why IE needed these before the re-direct and not the other browsers.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow