Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Mayur Deore 13 posts 146 karma points c-trib
    Jun 22, 2018 @ 04:36
    Mayur Deore
    0

    2FA Not working with httpErrors existingResponse="Replace"

    I am working on Umbraco 7.7.7 version, I have installed Umbraco 2FA Package. It was working perfectly. But after configuring web.config for custom errors, i have added httpErrors existingResponse="Replace" under system.WebServer after that 2FA stopped working.

    After some debugging I came to know that PostLogin Method of AuthenticationController returns response as 402 if 2FA is enabled for user,

    enter image description here

    which handled in Umbraco.controller.js. So when httpErrors existingResponse="Replace" configured in web.config,I get following error As you can see response from PostLogin is replaced and twoFactorView path vanished.

    As 402 is not configured in iis or iisexpress it shows "The custom error module does not recognize this error" for 402 status code.

    Please suggest me how can i get it to work?

    For now our team decided to handle all error in Application_Error event and turn custom errors off in web.config.

    Note: I have tested this scenario in 7.8.0,7.8.1 and 7.11.0..

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Jun 22, 2018 @ 06:44
    Jan Skovgaard
    0

    Hi Mayur

    I think this might be the bug reported here that you're experiencing? https://github.com/Offroadcode/Umbraco-2FA/issues/5

    Seems like it's still open.

    EDIT: Ah, sorry - These issues might not be related since the bug I linked too is about payment providers.

    Maybe it's worth filing this issue on GitHub as well though?

    /Jan

  • Mayur Deore 13 posts 146 karma points c-trib
    Jun 22, 2018 @ 09:40
    Mayur Deore
    0

    Hi Jan

    Given 402 payment required error in link you shared, it's not actually error.

    The implementation of 2fa in postlogin method returns Paymentrequired response along with twoFactorView data for 2fa enabled users.

    There is check in umbraco.controller.js, if response is 402 then it shows twoFactorView received in same response. So this 402 error is intentionally returned by postlogin method.

    In fact not receiving 402 after login for 2fa enabled user will be actual issue.

    My issue is 402 response is managed by web.config customerrors. Because of this 402 response received in umbraco.controller.js does not contain twoFactorView. So I want to somehow skip 402 to be managed by web.config so client(Umbraco.controller.js) will receive response as it is.

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Jun 22, 2018 @ 10:20
    Jan Skovgaard
    1

    Hi Mayur

    Yeah I realized that after posting and edited my post - Still think it's worth filing an issue on the github issue tracker.

    /Jan

  • Mayur Deore 13 posts 146 karma points c-trib
    Jun 22, 2018 @ 10:23
    Mayur Deore
    0

    Hi Jan, I can't find issues section in GitHub page of umbracocms. Could you please tell me how can I add this issue in github?

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Jun 22, 2018 @ 10:26
    Jan Skovgaard
    0

    Hi Mayur

    It's a 3rd party package created by the lovely team at Offroadcode so you will find the tracker at https://github.com/Offroadcode/Umbraco-2FA/issues

    It's metnioned on the package page but it can be a little anonymous and easy to overlook unfortunately.

    /Jan

  • Mayur Deore 13 posts 146 karma points c-trib
    Jun 22, 2018 @ 10:43
    Mayur Deore
    0

    Hi Jan,

    I don't think the issue is from 3rd party package.

    The 402 response is from authenticationcontroller comes under Umbracocms.Web namespace present in UmbracoCMS. So the issue actually comes under UmbracoCMS not under umbraco2fa ( third-party package).

    And I am not able to find issue section on UmbracoCMS GitHub page.

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Jun 22, 2018 @ 10:54
    Jan Skovgaard
    1

    Ah ok, sorry for misunderstanding again - The issue tracker is currently not on GitHub but there is work done to move issues to GitHub and use it in the future - But for now issues for Umbraco needs to be reported here http://issues.umbraco.org/

    It's a bit confusing but hopefully it will soon be available on GitHub.

    /Jan

  • Mayur Deore 13 posts 146 karma points c-trib
    Jun 22, 2018 @ 11:50
    Mayur Deore
    0

    Thank you Jan.

    Will update this issue there.

  • L P 13 posts 123 karma points
    Jul 10, 2018 @ 10:22
    L P
    0

    The problem was in the CMS itself! It was working only on the built-in admin! But this bug is fixed after version 7.8!

  • Mayur Deore 13 posts 146 karma points c-trib
    Dec 19, 2018 @ 14:24
    Mayur Deore
    101

    This issue is resolved. As per comment from Sebastiaan Janssen

    Just add <httpErrors existingResponse="Auto"/> in <location path="Umbraco"> in web.config.

    <location path="umbraco">
        <system.webServer>
          <urlCompression doStaticCompression="false" doDynamicCompression="false" dynamicCompressionBeforeCache="false" />
          <httpErrors existingResponse="Auto" />
        </system.webServer>
      </location>
    
  • Kieron McIntyre 117 posts 360 karma points
    Mar 02, 2023 @ 18:16
    Kieron McIntyre
    0

    In case anyone is visiting this like me, looking for an answer to a similar issue but on v10 & 11 (essentially on .Net Core) hosted on IIS, the config is ever so slightly different:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <system.webServer>
        <handlers>
          <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
        </handlers>
        <aspNetCore processPath="" arguments="" stdoutLogEnabled="false" stdoutLogFile="LogFiles\stdout" hostingModel="inprocess">
          <environmentVariables>
            <environmentVariable name="ASPNETCORE_HTTPS_PORT" value="443" />
            <environmentVariable name="ASPNETCORE_ENVIRONMENT" value="Development" />
          </environmentVariables>
        </aspNetCore>
        <httpErrors errorMode="Custom" existingResponse="Replace">
          <remove statusCode="400" />
          <remove statusCode="404" />
          <remove statusCode="500" />
          <error statusCode="400" path="400.html" responseMode="File" />
          <error statusCode="404" path="404.html" responseMode="File" />
          <error statusCode="500" path="500.html" responseMode="File" />
        </httpErrors>
      </system.webServer>
      <location path="umbraco">
        <system.webServer>
          <httpErrors errorMode="Detailed" existingResponse="Auto" />
        </system.webServer>
      </location>
    </configuration>
    

    Note the <location> override. This actually fixed a whole load if CMS related issues for us, including missing validation messages in the backoffice UI.

Please Sign in or register to post replies

Write your reply to:

Draft