I am using an external OIDC identity provider to log my users into my webshop. The webshop is being built on ASP.NET MVC with .NET Framework 4.7.2.
I have started using the basic MVC template and adding my authentication code.
public void ConfigureAuth(IAppBuilder app)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();// = new Dictionary<string, string>();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
});
var authority = "https://authentication.myOpenIdProvider.com/auth/oauth2/realms/root/realms/test";
var redirectUri = "http://localhost:8888/signin-oidc";
var postlogoUri = "http://localhost:8888/signout-callback-oidc";
var clientId = "MyClientId";
var clientSecret = "MyClientSecret";
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
ClientSecret = clientSecret,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = postlogoUri,
ResponseType = "code",
Scope = "openid favorites",
SignInAsAuthenticationType = "Cookies",
RequireHttpsMetadata = false,
});
}
When i hit login on my page, i get redirected to my authentication provider, also the correct redirectUri is passed.
public class AccountController : Controller
{
public ActionResult Login()
{
if (!HttpContext.User.Identity.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
return new HttpUnauthorizedResult();
}
return RedirectToAction("Index", "Home");
}
...
}
However, after i succesfully authenticate with my external provider and get redirected to my site (currently its just http://localhost:8888/signin-oidc for dev purposes) the route is not handled. I am getting a 404, so something clearly isn't working like it is supposed to do.
I have installed ELMAH and this reports the following exception message:
System.Web.HttpException (0x80004005): The controller for path '/signin-oidc' was not found or does not implement IController.
For context: The same works in an ASP.NET Core API, using the same external openid provider with identical configuration.
For anyone browsing this in the future, this is the answer:
Owin.OpenIdConnect
does not support "code"
only ResponseTypes
. You need to set "id_token"
too. If, for any reason, you cannot do this, you will basically need to implement parts of the spec yourself (mainly by hooking up into the MessageReceived
Notifications Event).
See this part in the source code of the OpenIdConnect Handler:
I had this in my Home
public void SignIn()
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
and similar RedirectUri parameter could be add to SignOut too
public void SignOut()
{
HttpContext.GetOwinContext().Authentication.SignOut(
new AuthenticationProperties { RedirectUri = Request.Url.Scheme + "://" + Request.Url.Authority },
OpenIdConnectAuthenticationDefaults.AuthenticationType,
CookieAuthenticationDefaults.AuthenticationType);
}
User contributions licensed under CC BY-SA 3.0