I am using an external OIDC identity provider to log my users into my webshop. The webshop is being built on ASP.NET MVC with .NET Framework 4.7.2.
I have started using the basic MVC template and adding my authentication code.
public void ConfigureAuth(IAppBuilder app)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();// = new Dictionary<string, string>();
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
});
var authority = "https://authentication.myOpenIdProvider.com/auth/oauth2/realms/root/realms/test";
var redirectUri = "http://localhost:8888/signin-oidc";
var postlogoUri = "http://localhost:8888/signout-callback-oidc";
var clientId = "MyClientId";
var clientSecret = "MyClientSecret";
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
ClientSecret = clientSecret,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = postlogoUri,
ResponseType = "code",
Scope = "openid favorites",
SignInAsAuthenticationType = "Cookies",
RequireHttpsMetadata = false,
});
}
When i hit login on my page, i get redirected to my authentication provider, also the correct redirectUri is passed.
public class AccountController : Controller
{
public ActionResult Login()
{
if (!HttpContext.User.Identity.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
return new HttpUnauthorizedResult();
}
return RedirectToAction("Index", "Home");
}
...
}
However, after i succesfully authenticate with my external provider and get redirected to my site (currently its just http://localhost:8888/signin-oidc for dev purposes) the route is not handled. I am getting a 404, so something clearly isn’t working like it is supposed to do.
I have installed ELMAH and this reports the following exception message:
System.Web.HttpException (0x80004005): The controller for path ‘/signin-oidc’ was not found or does not implement IController.
For context: The same works in an ASP.NET Core API, using the same external openid provider with identical configuration.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
For anyone browsing this in the future, this is the answer:
Owin.OpenIdConnect does not support "code" only ResponseTypes. You need to set "id_token" too. If, for any reason, you cannot do this, you will basically need to implement parts of the spec yourself (mainly by hooking up into the MessageReceived Notifications Event).
See this part in the source code of the OpenIdConnect Handler:
Method 2
I had this in my Home
public void SignIn()
{
if (!Request.IsAuthenticated)
{
HttpContext.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
and similar RedirectUri parameter could be add to SignOut too
public void SignOut()
{
HttpContext.GetOwinContext().Authentication.SignOut(
new AuthenticationProperties { RedirectUri = Request.Url.Scheme + "://" + Request.Url.Authority },
OpenIdConnectAuthenticationDefaults.AuthenticationType,
CookieAuthenticationDefaults.AuthenticationType);
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0