Custom login page in ASP.NET

dotnet

#1

regarding the project on https://github.com/oktadeveloper/okta-aspnet-mvc-example
how would I go about changing that so I could use a login page in the app versus redirecting to okta?

I’ve also tried the example here https://developer.okta.com/quickstart/#/widget/dotnet/aspnet4
with the widget but it doesn’t seem to work on a fresh mvc site. Is it because the example is for web api? if so how would I go about changing it to work?


#2

We have examples for building a custom login page with other languages (e.g. node-express) but we haven’t built that example for aspnet yet. It’s on our backlog to work on soon.

Here is how you can do it, at a high level:

  • Create a login page in your app that uses the Sign-in Widget to log the user in and get a sessionToken
  • POST that token to a route in your MVC application
  • Challenge the OpenID Connect authentication handler and pass a custom parameter: sessionToken=${value}
  • The user’s browser will be redirected to Okta, but the active session will cause Okta to immediately redirect back (instead of displaying the Okta-hosted login page)
  • The rest of the OpenID Connect flow continues as normal and your app gets access + ID tokens

We’ll produce a sample soon that makes this a lot easier to do :slight_smile:

Just curious, why do you want the login page in-app?


#3

Hi Nate
Thank you i will try this later. We need to stay in app per client’s requirement. Just as a side note I’m a customer of southern california edison(sce.com) and their login stays on their website but if you use last pass then a pop appears asking if I want to send my credentials to okta. Thought that was interesting.

Thanks again.


#4

Makes sense, thanks!

Not sure why LastPass would be asking to send your credentials to Okta. Is it the Okta browser plugin that’s popping up maybe?


#5

I don’t have that extension installed on chrome.
here’s a pic of it.