502 From Redirects on WebAPI/MVC On Same IIS Server

[RobertMcCoy]

For the past few days I've been trying to solve this issue, but I can't ever seem to nail down what the exact problem is...

I have an MVC application and a Web API application hosted on the same IIS Website on a server. I have RedirectToAction() calls within the MVC application that are throwing 502 errors:

502 - Web server received an invalid response while acting as a gateway or proxy server.
There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.

I have Integrated Windows Authentication enabled on the applications, and I am running WindowsIdentity.RunImpersonated() for all of the WebAPI calls so that the authentication is forwarded properly. I upgraded to 1.1.1 SDK today (I was using 1.1.0), as well as from VS17 RC2 -> VS17 Enterprise but that still hasn't fixed the problem.

The 502s are ONLY happening in my Create/Update actions on the MVC application (E.g. someone creates a new incident, and then is redirected to the view to see that specific incident, or that incident is updated and redisplayed). You can find code samples on my Stackoverflow thread (here), which has sadly died out and thus why I am here. I have exhausted all google searches to find issues not relevant to my specific case, or unrelated to IIS specifically.

I also can't even identify if this is a framework issue or an IIS issue, because the AspNetCore Module Logging says that the 302 Redirect goes through fine, and then a GET request to the view returns a 200 response. I have another 1.0.3 ASP.NET Core application running on the server that has never had this issue before.

If you need any more information please ask, this issue is driving me insane, and is the one thing holding this system back from going into production.

EDIT: I sat down and looked through the logs a bit closer and tracked an entire request from the Home/Index page all the way to the error. This is where I think the request is failing out. In a normal ControllerActionInvoker to the TIM.MVC.Controllers.IncidentsController.View, there is a ViewResultsExecutor that would execute ViewResults running at the View, but here after the 302 redirect, that doesn't seem to be happening. Any thoughts on why that may be?

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 POST http://snaptest.fwcs.k12.in.us/tim/Incidents/SaveIncident?incidentId=58 application/x-www-form-urlencoded 763
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
      Authorization was successful for user: FWCS\mccora01.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method TIM.MVC.Controllers.IncidentsController.SaveIncident (TIM.MVC) with arguments (58, TIM.API.Models.Incident) - ModelState is Valid
info: Microsoft.AspNetCore.Mvc.Internal.RedirectResultExecutor[1]
      Executing RedirectResult, redirecting to /tim/Incidents/View/58.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action TIM.MVC.Controllers.IncidentsController.SaveIncident (TIM.MVC) in 1397.8175ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 2097.562ms 302 
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://snaptest.fwcs.k12.in.us/tim/Incidents/View/58  
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
      Authorization was successful for user: FWCS\mccora01.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method TIM.MVC.Controllers.IncidentsController.View (TIM.MVC) with arguments (58) - ModelState is Valid

[RobertMcCoy]

I wanted to follow-up on this. I finally found the solution. I believe this is a bug within the framework. Local functions cannot be asynchronous if you use WindowsIdentity.RunImpersonated(). I converted my controller over to be 100% synchronous, and all issues went away with 502's.

@Tratcher Maybe you can confirm or deny if this is the case?

[Tratcher]

Yeah, RunImpersonated is not async aware. It kills the impersonation as soon as you return the first Tasks, complete or otherwise.

[romansp]

@Tratcher, so is there an opened issue in some dedicated repo that tracks this problem?

[Tratcher]

@romansp no, it's not a bug in the API, it's a mis-use of the API. https://msdn.microsoft.com/en-us/library/dn906219(v=vs.110).aspx

It accepts a Func<T> and returns you the resulting T. In @RobertMcCoy's case the T was an incomplete Task, but he'd left the impersonation scope by returning.

You can file a feature request in https://github.com/dotnet/corefx for Task WindowsIdentity.RunImpersonatedAsync(SafeAccessTokenHandle, Func<Task>) and Task<T> WindowsIdentity.RunImpersonatedAsync<T>(SafeAccessTokenHandle, Func<Task<T>>)

[aspnet-hello]

This issue is being closed because it has not been updated in 3 months.

We apologize if this causes any inconvenience. We ask that if you are still encountering this issue, please log a new issue with updated information and we will investigate.

[davidalpert]

This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a temporary error. The following address(es) deferred: spinthemoose@gmail.com Domain spinthemoose.com has exceeded the max emails per hour (201/200 (100%)) allowed. Message will be reattempted later

…

------- This is a copy of the message, including all the headers. ------ Received: from o8.sgmail.github.com ([167.89.101.199]:53137) by cp1164.blacksun.ca with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from <bounces+848413-6f87-david=spinthemoose.com@sgmail.github.com>) id 1eVQf9-000096-Rn for david@spinthemoose.com; Sat, 30 Dec 2017 17:35:36 -0600 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:in-reply-to:references:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=5vbIrDJIejH6mw3v9SxaPTgipMM=; b=nzvb4wvWvKt1bA3k P+if5HiDUIJqvCH5Rk84IGEEdeLCWuWzxOVAW9vHOXkK3NMPJVBz5TLRKra+iDTF we0L+QyNfaWKvC/FZpCnu78BTewD8WxajG+PYBAxp/0bmcSgkXFTq5cqoPEEBK/y Qn2sqCwiBLec/WfGHDkxvSR6E9Q= Received: by filter0531p1las1.sendgrid.net with SMTP id filter0531p1las1-21040-5A4822B2-1A 2017-12-30 23:35:15.049461957 +0000 UTC Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2a-ext-cp1-prd.iad.github.net [192.30.253.16]) by ismtpd0008p1iad1.sendgrid.net (SG) with ESMTP id zZ3vgXxiTBOKTDoMW2wsng for <david@spinthemoose.com>; Sat, 30 Dec 2017 23:35:14.963 +0000 (UTC) Date: Sat, 30 Dec 2017 23:35:15 +0000 (UTC) From: "ASP.NET Hello Bot" <notifications@github.com> Reply-To: aspnet/Home <reply@reply.github.com> To: aspnet/Home <Home@noreply.github.com> Cc: Subscribed <subscribed@noreply.github.com> Message-ID: <aspnet/Home/issue/1954/issue_event/1405207931@github.com> In-Reply-To: <aspnet/Home/issues/1954@github.com> References: <aspnet/Home/issues/1954@github.com> Subject: Re: [aspnet/Home] 502 From Redirects on WebAPI/MVC On Same IIS Server (#1954) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5a4822b2d4b05_5ce93fb62e086f281704336"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: aspnet-hello X-GitHub-Recipient: davidalpert X-GitHub-Reason: subscribed List-ID: aspnet/Home <Home.aspnet.github.com> List-Archive: https://github.com/aspnet/Home List-Post: <mailto:reply@reply.github.com> List-Unsubscribe: <mailto:unsub+0000a944ef478fd6274ca2511fa05be9c3caebbee56e578692cf00000001165fe4b292a169ce0cab1b48@reply.github.com>, <https://github.com/notifications/unsubscribe/AACpRMCwYarjlYN6c1EBv4AsbMKQzk84ks5tFsiygaJpZM4MV8kE> X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: david@spinthemoose.com X-SG-EID: rlj3t9ahcX0BZUzAOlajQ3VmBXo43xFJc4M1ImIDJhHrhZRYw0vWVrDTgCzKndYyntnY2TyixhhcAD Fz3z9qhXrk/HkqOCGArzmTWBy8qyt4e9bCFA+k7C4A176j+Ip11JglsK08gEynn3PH04SS8cSMCT72 1v+277DNBOM/ny4lWIAB4XXxtTwxW3cuYjjJSc+E1eGmwNFrhpIezo6WjBROxoL08AiH+d1aA9q/yW s=

----==_mimepart_5a4822b2d4b05_5ce93fb62e086f281704336 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Closed #1954.

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: #1954 (comment) ----==_mimepart_5a4822b2d4b05_5ce93fb62e086f281704336 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit <p>Closed <a href="#1954" class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="212540232" data-permission-text="Issue title is private" data-url="#1954> <p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="#1954 (comment) it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AACpRNdl9znVHDZZvI-r4ZfhNyTdap4Vks5tFsiygaJpZM4MV8kE">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AACpRMvKGO1122N6RyQOHvWsiqXH2xP6ks5tFsiygaJpZM4MV8kE.gif" width="1" /></p> <div itemscope itemtype="http://schema.org/EmailMessage"> <div itemprop="action" itemscope itemtype="http://schema.org/ViewAction"> <link itemprop="url" href="#1954 (comment)> <meta itemprop="name" content="View Issue"></meta> </div> <meta itemprop="description" content="View this Issue on GitHub"></meta> </div> <script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/aspnet/Home","title":"aspnet/Home","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/aspnet/Home"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Closed #1954."}],"action":{"name":"View Issue","url":"#1954 (comment)> ----==_mimepart_5a4822b2d4b05_5ce93fb62e086f281704336--

[davidalpert]

This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a temporary error. The following address(es) deferred: spinthemoose@gmail.com Domain spinthemoose.com has exceeded the max emails per hour (200/200 (100%)) allowed. Message will be reattempted later

…

------- This is a copy of the message, including all the headers. ------ Received: from github-smtp2-ext4.iad.github.net ([192.30.252.195]:36716 helo=github-smtp2a-ext-cp1-prd.iad.github.net) by cp1164.blacksun.ca with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from <noreply@github.com>) id 1eVQf9-00008o-6F for david@spinthemoose.com; Sat, 30 Dec 2017 17:35:35 -0600 Date: Sat, 30 Dec 2017 15:35:14 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1514676914; bh=Y9GydtFsNIm7UHxO5oSmoQBPxtB/ASHgbfSYf4MRFPg=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=Iya3wgFqeba+AtMDqX/4vODFnufXQyxCH5juU5JvWr6stfMh5PCS7H70kQOSUCz4C la5aKlUwLH4adA+JudqqTx+XsnjwwGgkXC/KYL9lzo2gc9ZLERupMXZinJAi0qBsAV F+GTUU8dUXte3Jb5eljhz/oo10RMqDD0J3s/sLC0= From: "ASP.NET Hello Bot" <notifications@github.com> Reply-To: aspnet/Home <reply@reply.github.com> To: aspnet/Home <Home@noreply.github.com> Cc: Subscribed <subscribed@noreply.github.com> Message-ID: <aspnet/Home/issues/1954/354574869@github.com> In-Reply-To: <aspnet/Home/issues/1954@github.com> References: <aspnet/Home/issues/1954@github.com> Subject: Re: [aspnet/Home] 502 From Redirects on WebAPI/MVC On Same IIS Server (#1954) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5a4822b22404a_70333fa0ff61ef38306241f"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: aspnet-hello X-GitHub-Recipient: davidalpert X-GitHub-Reason: subscribed List-ID: aspnet/Home <Home.aspnet.github.com> List-Archive: https://github.com/aspnet/Home List-Post: <mailto:reply@reply.github.com> List-Unsubscribe: <mailto:unsub+0000a944ef478fd6274ca2511fa05be9c3caebbee56e578692cf00000001165fe4b292a169ce0cab1b48@reply.github.com>, <https://github.com/notifications/unsubscribe/AACpRMCwYarjlYN6c1EBv4AsbMKQzk84ks5tFsiygaJpZM4MV8kE> X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: david@spinthemoose.com

----==_mimepart_5a4822b22404a_70333fa0ff61ef38306241f Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This issue is being closed because it has not been updated in 3 months. We apologize if this causes any inconvenience. We ask that if you are still encountering this issue, please log a new issue with updated information and we will investigate.

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: #1954 (comment) ----==_mimepart_5a4822b22404a_70333fa0ff61ef38306241f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <p>This issue is being closed because it has not been updated in 3 months= .</p> <p>We apologize if this causes any inconvenience. We ask that if you are = still encountering this issue, please log a new issue with updated inform= ation and we will investigate.</p> <p style=3D"font-size:small;-webkit-text-size-adjust:none;color:#666;">&m= dash;<br />You are receiving this because you are subscribed to this thre= ad.<br />Reply to this email directly, <a href=3D"https://github.com/aspn= et/Home/issues/1954#issuecomment-354574869">view it on GitHub</a>, or <a = href=3D"https://github.com/notifications/unsubscribe-auth/AACpRNdl9znVHDZ= ZvI-r4ZfhNyTdap4Vks5tFsiygaJpZM4MV8kE">mute the thread</a>.<img alt=3D"" = height=3D"1" src=3D"https://github.com/notifications/beacon/AACpRMvKGO112= 2N6RyQOHvWsiqXH2xP6ks5tFsiygaJpZM4MV8kE.gif" width=3D"1" /></p> <div itemscope itemtype=3D"http://schema.org/EmailMessage"> <div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewActi= on"> <link itemprop=3D"url" href=3D"#19 54#issuecomment-354574869"></link> <meta itemprop=3D"name" content=3D"View Issue"></meta> </div> <meta itemprop=3D"description" content=3D"View this Issue on GitHub"></me= ta> </div> <script type=3D"application/json" data-scope=3D"inboxmarkup">{"api_versio= n":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name"= :"GitHub"},"entity":{"external_key":"github/aspnet/Home","title":"aspnet/= Home","subtitle":"GitHub repository","main_image_url":"https://cloud.gith= ubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c= 7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/= 143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name= ":"Open in GitHub","url":"https://github.com/aspnet/Home"}},"updates":{"s= nippets":[{"icon":"PERSON","message":"@aspnet-hello in #1954: This issue = is being closed because it has not been updated in 3 months.\r\n\r\nWe ap= ologize if this causes any inconvenience. We ask that if you are still en= countering this issue, please log a new issue with updated information an= d we will investigate.\r\n"}],"action":{"name":"View Issue","url":"https:= //github.com/aspnet/Home/issues/1954#issuecomment-354574869"}}}</script>=

----==_mimepart_5a4822b22404a_70333fa0ff61ef38306241f--