Using the one of the Login Providers can cause users to end up in an redirect lock to the Login Provider.
If you for some reason can't login or by accident click on the external login provider link and you end up on the login.mocrosoft.com login screen - you can't get back to the website because it just continues to redirect you to the login provider.
Solution
Find a way to remove the cookies set by the login provider if you return back to the site without a login command.
Workaround
We have built a workaround for this using a custom version of the LoginProvider with this code
if (!this.IsSignedIn())
{
// Guard for infinite authentication loop where you can visit the website if you have the DW_ExtranetSessionCookie
// We'll catch the reuest and remove the cookie and redirect you back to the website
if (Context.Current.Request.HttpMethod == "GET" && !Context.Current.Request.Path.ToLower().Contains("/admin"))
{
string redirect = Context.Current.Request.Url.PathAndQuery;
Context.Current.Response.Redirect("/AzureResetAuthentication.aspx?redirect="+ HttpUtility.UrlEncode(redirect));
}
And in our AzureResetAuthentication.aspx we simply just expire the cookie
HttpCookie cookie = Request.Cookies["DW_ExtranetSessionCookie"]; if (cookie != null) { cookie.Value = string.Empty; cookie.Expires = DateTime.Now.AddDays(-365); cookie.SameSite = SameSiteMode.Lax; Response.Cookies.Set(cookie); }
