My current application's authentication no longer functions since this upgrade to 2.55.3.
Active directory authentication in use
To confirm, Create test application with 2 pages – 1 open and 1 secured
A page with access for everybody
A page that requires user to be authenticated to view it
AD Setup in application and confirmation that the connection works and verified by AD server logs
Login page and Unauthorized page is created after adding security
Run the application
No login page appears
No attempt to authenticate against AD – confirmed by AD logs
Status of “not authenticated” preventing secured page from being viewed.
thanks
I have also performed the exact same test above with .Net 5 - same symptoms.
Downgraded Radzen back to 2.55.1 - All Good!
korchev
November 21, 2020, 5:57am
3
Hi @jamesmd2 ,
Indeed there seems to be an issue with the updated security. We are looking into it. Until then please use 2.55.1
The securityService is created Twice.
First instance has Principal set from authentication state.
Second doesn't take the authentication state principal so the user is anonymous forever.
korchev
November 21, 2020, 9:38am
5
@fruizcasas Indeed something like that happens at the moment. We are testing a fix and will release a new version soon.
korchev
November 21, 2020, 11:04am
6
We just released Radzen 2.55.4 with a fix for that and other security related issues.