2FA Not working with httpErrors existingResponse="Replace"
I am working on Umbraco 7.7.7 version, I have installed Umbraco 2FA Package. It was working perfectly. But after configuring web.config for custom errors, i have added httpErrors existingResponse="Replace" under system.WebServer after that 2FA stopped working.
After some debugging I came to know that PostLogin Method of AuthenticationController returns response as 402 if 2FA is enabled for user,
which handled in Umbraco.controller.js. So when httpErrors existingResponse="Replace" configured in web.config,I get following error
As you can see response from PostLogin is replaced and twoFactorView path vanished.
As 402 is not configured in iis or iisexpress it shows "The custom error module does not recognize this error" for 402 status code.
Please suggest me how can i get it to work?
For now our team decided to handle all error in Application_Error event and turn custom errors off in web.config.
Note: I have tested this scenario in 7.8.0,7.8.1 and 7.11.0..
Given 402 payment required error in link you shared, it's not actually error.
The implementation of 2fa in postlogin method returns Paymentrequired response along with twoFactorView data for 2fa enabled users.
There is check in umbraco.controller.js, if response is 402 then it shows twoFactorView received in same response.
So this 402 error is intentionally returned by postlogin method.
In fact not receiving 402 after login for 2fa enabled user will be actual issue.
My issue is 402 response is managed by web.config customerrors. Because of this 402 response received in umbraco.controller.js does not contain twoFactorView. So I want to somehow skip 402 to be managed by web.config so client(Umbraco.controller.js) will receive response as it is.
I don't think the issue is from 3rd party package.
The 402 response is from authenticationcontroller comes under Umbracocms.Web namespace present in UmbracoCMS.
So the issue actually comes under UmbracoCMS not under umbraco2fa ( third-party package).
And I am not able to find issue section on UmbracoCMS GitHub page.
Ah ok, sorry for misunderstanding again - The issue tracker is currently not on GitHub but there is work done to move issues to GitHub and use it in the future - But for now issues for Umbraco needs to be reported here http://issues.umbraco.org/
It's a bit confusing but hopefully it will soon be available on GitHub.
In case anyone is visiting this like me, looking for an answer to a similar issue but on v10 & 11 (essentially on .Net Core) hosted on IIS, the config is ever so slightly different:
Note the <location> override. This actually fixed a whole load if CMS related issues for us, including missing validation messages in the backoffice UI.
2FA Not working with httpErrors existingResponse="Replace"
I am working on Umbraco 7.7.7 version, I have installed Umbraco 2FA Package. It was working perfectly. But after configuring web.config for custom errors, i have added httpErrors existingResponse="Replace" under system.WebServer after that 2FA stopped working.
After some debugging I came to know that PostLogin Method of AuthenticationController returns response as 402 if 2FA is enabled for user,
which handled in Umbraco.controller.js. So when httpErrors existingResponse="Replace" configured in web.config,I get following error As you can see response from PostLogin is replaced and twoFactorView path vanished.
As 402 is not configured in iis or iisexpress it shows "The custom error module does not recognize this error" for 402 status code.
Please suggest me how can i get it to work?
For now our team decided to handle all error in Application_Error event and turn custom errors off in web.config.
Note: I have tested this scenario in 7.8.0,7.8.1 and 7.11.0..
Hi Mayur
I think this might be the bug reported here that you're experiencing? https://github.com/Offroadcode/Umbraco-2FA/issues/5
Seems like it's still open.
EDIT: Ah, sorry - These issues might not be related since the bug I linked too is about payment providers.
Maybe it's worth filing this issue on GitHub as well though?
/Jan
Hi Jan
Given 402 payment required error in link you shared, it's not actually error.
The implementation of 2fa in postlogin method returns Paymentrequired response along with twoFactorView data for 2fa enabled users.
There is check in umbraco.controller.js, if response is 402 then it shows twoFactorView received in same response. So this 402 error is intentionally returned by postlogin method.
In fact not receiving 402 after login for 2fa enabled user will be actual issue.
My issue is 402 response is managed by web.config customerrors. Because of this 402 response received in umbraco.controller.js does not contain twoFactorView. So I want to somehow skip 402 to be managed by web.config so client(Umbraco.controller.js) will receive response as it is.
Hi Mayur
Yeah I realized that after posting and edited my post - Still think it's worth filing an issue on the github issue tracker.
/Jan
Hi Jan, I can't find issues section in GitHub page of umbracocms. Could you please tell me how can I add this issue in github?
Hi Mayur
It's a 3rd party package created by the lovely team at Offroadcode so you will find the tracker at https://github.com/Offroadcode/Umbraco-2FA/issues
It's metnioned on the package page but it can be a little anonymous and easy to overlook unfortunately.
/Jan
Hi Jan,
I don't think the issue is from 3rd party package.
The 402 response is from authenticationcontroller comes under Umbracocms.Web namespace present in UmbracoCMS. So the issue actually comes under UmbracoCMS not under umbraco2fa ( third-party package).
And I am not able to find issue section on UmbracoCMS GitHub page.
Ah ok, sorry for misunderstanding again - The issue tracker is currently not on GitHub but there is work done to move issues to GitHub and use it in the future - But for now issues for Umbraco needs to be reported here http://issues.umbraco.org/
It's a bit confusing but hopefully it will soon be available on GitHub.
/Jan
Thank you Jan.
Will update this issue there.
The problem was in the CMS itself! It was working only on the built-in admin! But this bug is fixed after version 7.8!
This issue is resolved. As per comment from Sebastiaan Janssen
Just add
<httpErrors existingResponse="Auto"/>
in<location path="Umbraco">
in web.config.In case anyone is visiting this like me, looking for an answer to a similar issue but on v10 & 11 (essentially on .Net Core) hosted on IIS, the config is ever so slightly different:
Note the
<location>
override. This actually fixed a whole load if CMS related issues for us, including missing validation messages in the backoffice UI.is working on a reply...