Error with Okta .NET MVC Example


#1

Trying to execute the example code for the .NET MVC login example from here: https://github.com/oktadeveloper/okta-aspnet-mvc-example

I made no changes to the code other than to set the proper values within the Web.config file.

I am getting the following error: Any ideas:

Server Error in ‘/’ Application.

Not Found

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Exception: Not Found

Source Error:

Line 60: if (tokenResponse.IsError)
Line 61: {
Line 62: throw new Exception(tokenResponse.Error);
Line 63: }
Line 64:

Source File: C:\Dev\Research\Okta\Okta Sample Thiers\OktaAspNetExample\Startup.cs Line: 62

Stack Trace:

[Exception: Not Found]
OktaAspNetExample.<b__5_0>d.MoveNext() in C:\Dev\Research\Okta\Okta Sample Thiers\OktaAspNetExample\Startup.cs:62
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
Microsoft.Owin.Security.OpenIdConnect.d__1a.MoveNext() +5109
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +26
Microsoft.Owin.Security.OpenIdConnect.d__1a.MoveNext() +6433
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +571
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +255
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +182
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +638
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +182
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__2.MoveNext() +180
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +483
System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +132
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +163

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.7.255


#2

HI,

I guess entered user name is not hooked for your project in the OKTA developer site. So, Add user in the hooked project and try to login.

Regards,
Venu Perumal


#3

User is hooked both as an individual and within a group. Still, error persists. Looking for more ideas.

— xavier


#4

You might have an incorrect value in Web.config. Which values did you update? Can you paste the relevant part of Web.config here (but blank out the values for security)?


#5

These are the areas that I’ve included in the Web.Config. Numbers are fake:

<!-- 1. Replace these values with your Okta configuration -->
<add key="okta:ClientId" value="132412341234" />
<add key="okta:ClientSecret" value="lka09234jfl0asdl01324123asdf4" />
<add key="okta:OrgUri" value="https://mydomain.oktapreview.com" /> 

<!-- 2. Update the Okta application with these values -->
<add key="okta:RedirectUri" value="http://localhost:64389/authorization-code/callback" />
<add key="okta:PostLogoutRedirectUri" value="http://localhost:64389/Account/PostLogout" />

#6

The error sounds like it’s unable to reach the auth endpoint. I’d check that:

  • Your “OrgUri” configuration url does not contain the “-admin” url
  • Make sure OrgUri still ends with “oauth2/default”, unless you’ve set up a custom authorization server

#7

Interesting. I was missing the oauth2/default on my OrgUrk. Added it and now I get the following error - I can’t even get to the OKTA login screen:

This happens on the call to:

HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);

in the Login method of the AccountController

Error follows------

 Response status code does not indicate success: 401 (Unauthorized).

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).]
System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() +225
Microsoft.IdentityModel.Protocols.d__8.MoveNext() +378

[IOException: IDX20804: Unable to retrieve document from: ‘[PII is hidden by default. Set the ‘ShowPII’ flag in IdentityModelEventSource.cs to true to reveal it.]’.]
Microsoft.IdentityModel.Protocols.d__8.MoveNext() +666
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.IdentityModel.Protocols.OpenIdConnect.d__3.MoveNext() +291
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
Microsoft.IdentityModel.Protocols.d__24.MoveNext() +1129

[InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘[PII is hidden by default. Set the ‘ShowPII’ flag in IdentityModelEventSource.cs to true to reveal it.]’.]
Microsoft.IdentityModel.Protocols.d__24.MoveNext() +1586
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.OpenIdConnect.d__c.MoveNext() +575
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__b.MoveNext() +282
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__8.MoveNext() +275
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__5.MoveNext() +160
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +815
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +182
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +638
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +182
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +61
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__2.MoveNext() +180
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +156
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +123


#8

Since you’re hitting the challenge and not seeing the Okta Login screen, maybe you need to add your dev site to your CORS options in Okta?

In the developer view in Okta admin, go to API->Trusted Origins and make sure you have an entry for your development environment (http://localhost:62446, for example - your port number will probably be different)


#9

@paul.leblond, you were right in that I was missing that entry. I added it and still get that same error above. So, I thought that maybe it was the “localhost” not being able to work, so I poked a hold in my firewall and provided an external IP that forwarded to my development box. While I can successfully hit the website using that external IP, I still get the errors. btw, I did update the application in all places where the URI was referenced to the external IP.

I appreciate you sticking with me on this to help troubleshoot.

— x


#10

Maybe this will help, these are my settings.


#11

I don’t see anything that jumps out at me as incorrect. Just so I’m understanding the situation: You can start the site, and the index comes back. When you click to login, that’s when you get the error.

Some things to try:

  • Check the browser’s console log. Are there any errors thrown there when you try to logon?
  • If you browse directly to http://localhost:64389/Account/Login do you get the same result?
  • I haven’t run this project, but the docs say that it’s configured to run on port 8080. I’d make sure there’s not still a reference to 8080 somewhere if you’re using a custom port.

#12

I agree with @paul.leblond - can you post a screenshot of your browser’s network log? That would help determine if it is a configuration problem, or something else.


#13

Getting the same error even after trying the fixes above.


#14

@panduit-psh Are you also working on an aspnet application? Can you share your Startup class?


#15

Yes, I am following the tutorial here: https://developer.okta.com/quickstart/#/widget/dotnet/aspnet4

Here is my Startup.cs:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Threading.Tasks;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Jwt;
using Owin;

namespace OktaAPI
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            // Configure JWT Bearer middleware
            // with an OpenID Connect Authority

            var authority = "https://dev-XXXXXX.oktapreview.com/oauth2/default";

            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
                authority + "/.well-known/openid-configuration",
                new OpenIdConnectConfigurationRetriever(),
                new HttpDocumentRetriever());

            app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
            {
                AuthenticationMode = AuthenticationMode.Active,
                TokenValidationParameters = new TokenValidationParameters
                {
                    ValidAudience = "api://default",
                    ValidIssuer = authority,
                    IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
                    {
                        var discoveryDocument = Task.Run(() => configurationManager.GetConfigurationAsync()).GetAwaiter().GetResult();
                        return discoveryDocument.SigningKeys;
                    }
                }
            });
        }
    }
}

#16

Issue was resolved. Had nothing to do with the code. Access Management API was not enabled in our sandbox. Thanks for the the replies!


#17

Resolved for me. I had to enable the latest TLS because I’m using .NET 4.5.1. This is done by putting this as the first line in Configuration in Startup.cs:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

Source: https://hts.readthedocs.io/en/latest/configuration/apis.html

Also to note, I had to do the same thing in a .NET web app utilizing a Mulesoft API.