Authentication issue using Active Directory after upgrade to 2.55.3

jamesmd2 · November 20, 2020, 9:38pm

My current application's authentication no longer functions since this upgrade to 2.55.3.

Active directory authentication in use

To confirm, Create test application with 2 pages – 1 open and 1 secured

A page with access for everybody

A page that requires user to be authenticated to view it

AD Setup in application and confirmation that the connection works and verified by AD server logs

Login page and Unauthorized page is created after adding security

Run the application

No login page appears
No attempt to authenticate against AD – confirmed by AD logs
Status of “not authenticated” preventing secured page from being viewed.

thanks

jamesmd2 · November 20, 2020, 10:18pm

I have also performed the exact same test above with .Net 5 - same symptoms.

Downgraded Radzen back to 2.55.1 - All Good!

korchev · November 21, 2020, 5:57am

Hi @jamesmd2,

Indeed there seems to be an issue with the updated security. We are looking into it. Until then please use 2.55.1

fruizcasas · November 21, 2020, 9:32am

The securityService is created Twice.
First instance has Principal set from authentication state.
Second doesn't take the authentication state principal so the user is anonymous forever.

korchev · November 21, 2020, 9:38am

@fruizcasas Indeed something like that happens at the moment. We are testing a fix and will release a new version soon.

korchev · November 21, 2020, 11:04am

We just released Radzen 2.55.4 with a fix for that and other security related issues.