Hi okta support,
I have an ASP.NET Core application which uses OpenId Connect for user authentication. After browser redirect to the OKTA login page and enter correct credentials, the ASP.NET Core User Identity IsAuthenticated is always false.
Does anyone know how to fix this?
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(setup =>
{
setup.Cookie.Name = "MyCookie";
setup.SlidingExpiration = false;
setup.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
setup.Cookie.SameSite = SameSiteMode.None;
})
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = "https://xxxx.okta.com/oauth2/1234567abcdefg";
options.ClientId = Configuration["Okta: ClientId"];
options.ClientSecret = Configuration["Okta:ClientSecret"];
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add(OpenIdConnectScope.OpenId);
options.SaveTokens = true;
options.Events.OnRedirectToIdentityProvider = context =>
{
context.ProtocolMessage.RedirectUri = "https://localhost:9999/dotnetcore";
return Task.FromResult(0);
};
});
services.AddAuthorization();
services.AddControllersWithViews();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
HomeController
public IActionResult Index()
{
// IsAuthenticated always false
if (!HttpContext.User.Identity.IsAuthenticated)
{
return Challenge(new AuthenticationProperties { RedirectUri = "https://localhost:9999/dotnetcore" },
OpenIdConnectDefaults.AuthenticationScheme);
}
return View();
}