This project is read-only.

Login infinite loop

Topics: Administration, Customizing Orchard
Dec 31, 2013 at 6:43 PM
I've created a custom ADFS login implementation. When a user is authenticated they go into an infinite loop of authorization. It seems I'm missing some setting that says "Hey, we've authorized this account, let them see the page."

No exception is thrown during the authorization, it completes successfully.

Any ideas? Thank you in advance!
public ActionResult LogOn(string returnUrl) {
    if (string.IsNullOrEmpty(returnUrl)) {
        returnUrl = "/";

    returnUrl = string.Format("{0}{1}?ReturnUrl={2}", _realmAndAudience, _returnUrlBase, returnUrl);
    var req = new SignInRequestMessage(new Uri(_loginAndIssuer), _realmAndAudience, returnUrl);

    return new RedirectResult(req.RequestUrl);

public ActionResult Authenticate(string returnUrl) {
    if (Request.Form.Get("wresult") == null) {
        return new HttpUnauthorizedResult();

    // Parse sign-in response
        // Get or create user
        IUser user = MembershipService.GetUser(usernameClaimValue) ?? MembershipService.CreateUser(new CreateUserParams(usernameClaimValue,
            Guid.NewGuid().ToString(), emailClaimValue,
            Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), true));

        AuthenticationService.SignIn(user, true);

        // provision user roles
        foreach (var group in groups) {
            var role = RoleService.GetRoleByName(group);
            if (role == null) {

            UserRolesPartRecord currentRole =
                UserRolesRepository.Get(r => r.UserId == user.Id && r.Role == role);
            if (currentRole == null) {
                UserRolesRepository.Create(new UserRolesPartRecord { UserId = user.Id, Role = role });
    catch (Exception e) {
        Logger.Log(LogLevel.Error, e, "Federated ADFS Authentication Error");

    return new RedirectResult(returnUrl);
Jan 2, 2014 at 3:52 AM
You can check if user is already authenticated by looking at WorkContext.CurrentUser (current WorkContext can be accessed eg. via IOrchardServices). If it's not null then user is already logged in. Also double-check if the returnUrl argument as well as the authentication request data are correct.
Jan 2, 2014 at 5:38 PM

Found it. The Fiddler trace showed that my authentication module didn’t have an AccessDenied page so when the framework redirected it would get stuck in a loop.

Copied the Orchard.Users AccessDenied.cshtml page to my view folder, copied the Orchard.Users.Controllers.AccessDenied controller code over and it works as expected.