302 Infinite Loop

Asked 2/7, 2012 at 14:49 Answered 30/6, 2017 at 22:42

Solved asp.net iis-7 infinite-loop http-status-code-302

I have a web application that is stuck in an infinite loop, and I have no idea where to look next. This is an intranet site, so there is no link I can share, but I've listed as many details as I can think of below. I would appreciate any ideas or suggestions. Anyone has.

The details:

IIS 7
.Net 4.0
Windows 2008
Default document is Login.aspx
No HTTP redirect set on app or Login.aspx in IIS
Fiddler shows Login.aspx using status code of 302 and redirecting to Login.aspx

If I open my site, it points to Login.aspx and gets stuck in a 302 loop. If I open the site but point to register.aspx, Fiddler shows register.aspx going to Login.aspx which of course redirects to Login.aspx.

What I've done:

Run the webapp from Visual Studio -- everything works fine
Check web.config for redirect commands -- there are none
Check IIS for redirect commands -- there are none
Look at Fiddler for another page in the loop -- there are none, just Login.aspx to Login.aspx
Check Login.aspx for redirect commands -- there are none
Check Login.aspx code behind for redirect commands -- there are none
Run the app on my box using the web.config from the server -- everything works
Check Login.aspx for redirect commands -- there are none
Cleared Cache -- problem still persists
Republished -- problem still persists
Republished and cleared Cache -- problem still persists
Disabled Default Document in IIS

Lean answered 2/7, 2012 at 14:49 Comment(4)

Are you running behind a load balancer by any chance? Are you sure your redirects are exactly the same (i.e. not http versus https)? – Sofia 2/7, 2012 at 14:53

the redirects are exactly the same. No https. I don't think I am behind a load balancer. – Lean 2/7, 2012 at 14:56

Does your site use some sort of redirect on, say, session expiration to Login.aspx? – Totalizator 2/7, 2012 at 15:4

Thanks for comment @Ross. I found a code block that I completley missed, which turned out to be the problem. – Lean 2/7, 2012 at 15:42

Found the problem. Found this logic in the MasterPage:

Dim strPage As String = Request.Url.AbsolutePath.Replace("/", "")
    'Check that user is logged in
    If Not strPage = "Login.aspx" And Not strPage = "Register.aspx" Then
        If Session("intUserId") Is Nothing Then
            Response.Redirect("~/Login.aspx", True)
        End If
    End If

Evidently, strPage does not equal Login.aspx when browsing to Login.aspx on the server.

I should have cought this when I was investigating it. Thanks Ross for your comment, it helped me to find this!

Lean answered 2/7, 2012 at 15:27 Comment(0)

Will share this just in case it is an answer, as it sounds like a problem we had.

ASP.net MVC site with [RequiresHttps] attribute on our login action.
Behind a load balancer that was doing SSL acceleration (resulting in the request that actually hits the server side code being already decoded and effectively under http).
Server code thinks this is an issue and redirects back to itself using https.
Rinse and repeat.

Been quite a long time since this was answered, and my comment below here to 'not use RequireHttps' is probably a bit out of date.

Anyone looking at this answer and thinking that it answers their problem would probably be well advised to look into configuring their load balancer to use X-Forwarded-Proto headers:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto

And then setting up their MVC site to be able to read these and still think they are under HTTPS at the border of your environment:

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0

Sofia answered 2/7, 2012 at 14:55 Comment(4)

Thanks for sharing, but I don't think this is my issue. I'm not using MVC, SSL, or load balancing. – Lean 2/7, 2012 at 15:1

Mmm, so not identical, but it might be worth looking for any base classes/global code that are doing redirects, to see if you can spot anything there. – Sofia 2/7, 2012 at 15:8

@Sofia - I have EXACTLY this problem behind a rackspace cloud load balancer. Did you manage to solve it? – Sumptuous 13/8, 2012 at 15:41

Well, the answer was to not use the 'RequiresHttps' attribute and instead roll our own SSL redirection in the global.asax. – Sofia 14/8, 2012 at 7:58

Found the problem. Found this logic in the MasterPage:

Dim strPage As String = Request.Url.AbsolutePath.Replace("/", "")
    'Check that user is logged in
    If Not strPage = "Login.aspx" And Not strPage = "Register.aspx" Then
        If Session("intUserId") Is Nothing Then
            Response.Redirect("~/Login.aspx", True)
        End If
    End If

Evidently, strPage does not equal Login.aspx when browsing to Login.aspx on the server.

I should have cought this when I was investigating it. Thanks Ross for your comment, it helped me to find this!

Lean answered 2/7, 2012 at 15:27 Comment(0)

I had encountered a similar bug. But mine was a typo with two Response.Redirect back to back.

If (conditon1){
    Response.Redirect("Page1.aspx");
}
If (conditon2){
    Response.Redirect("Page2.aspx");
}

And the fix was to simply put the other if in the else block.

Kissinger answered 30/6, 2017 at 22:42 Comment(1)

Same problem, also due to conflicting conditions within our own code. The page was allowed to redirect to itself under one condition, but the code to correct the condition didn't fire, resulting in an infinite redirect. Thought it was an IIS issue, but no, we shot ourselves in the foot... – Nazler 7/3, 2019 at 18:56

Recommended topics

Hot tags