Make client API in .net

Hi,
I want to create OpenID Connect Client API that communicate with okta server and implement SSO.
I want to implement SSO with OpenIDConnect in our companay that users login the domain and access the all company’s application with that credentials.

Please help me.

Anna, what kind of help are you looking for?

I Want help regarding SSO implementation in our company with single loginon domain and others websites should be open without any asking user credentials.

I want to use Okta as OpenID provider and consume their API’s in our application.I am using Dot Net MVC technology.
Want to develop API that authenticate with Okta provider using OpenID Connect protocol.

So need simple steps that can help easier to implement .

Questions:

  • How to integrate Okta provider API in Don net MVC ?

  • What is Redirect_Uri and how to make endpoint API that receive authentication token from provider?

Hi bhavyakhanna

I usually use .NET when giving demo’s with small applications.
Usually .NET Core. Okta has a library for this where you can easily redirect users to you Okta domain, they login there and Okta will send back an access/id token. This is the easiest and most basic setup.

The cool thing is that you can start using claim based protection. This also ensures you have SSO. Once you have an Okta session, Okta will keep sending you access tokens so the user is not prompted with a login screen everytime.

Following blog is a good way to start - https://developer.okta.com/blog/2018/05/11/policy-based-authorization-in-aspnet-core

Thank you so much for the help!!!
Attached URL is very helpful for me , but i am little bit confused here.One of our client use OAM(oracle access manager) provider and they are using our Web Application .

They want to open our Web App without username password separately ,just their user sign-in first time with domain and our Web App should open also after clicking on button.

So i want to write middle-ware API in .net MVC that communicate with OAM provider (or okta) and our Web Application ,after authenticate successfully with OAM provider our Web Application should launch on the screen without asking any login credentials or social credentials.

So this is my problem.Please help me the best example which match with my scenario and that sample also fulfill my requirement.
Same problem i want to test with Okta provider,so its very helpful that share the code sample for SSO implementation.

Thanks,

Hi bhavyakhanna

If I understand your scenario correctly, you want to authenticate agains OAM, if that went through successfully you want to have a session in Okta?

I have little experience with OAM but doesn’t support OAM federation? In that case you can add Okta as an IdP, authentication through Okta into OAM would do 2 things.

  1. Okta session so you can request tokens without user needing to login again.
  2. Login into OAM with okta, only 1 login screen will be presented once.

That is how it should work in theory.

Hi,

Thanks for giving me reply and support.
Ok ,just help one thing, i need to implement Authorization grant flow with OKta in my legacy Asp.net web application which is running on 4.0 framework.

I got an example from this site "https://developer.okta.com/code/dotnet/aspnet/ " and aslo get sample code but unable to understand that how can i run? there is no documentation there step by step.

Another case, i was tried the sample code from Okta blog i.e “https://developer.okta.com/blog/2018/08/29/secure-webforms-with-openidconnect-okta
but this is use Grant type allowed: Implicit (Hybrid) but we required Authorization grant flow.

When i change the configuration setting of my application in okta server then from implicit to Authorization then this sample is not worked.

 app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
      ClientId = _clientId,
      ClientSecret = _clientSecret,
      Authority = _authority,
      RedirectUri = _redirectUri,
      **ResponseType = OpenIdConnectResponseType.CodeIdToken,**
      **Scope = OpenIdConnectScope.OpenIdProfile,**
      TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name" },
      Notifications = new OpenIdConnectAuthenticationNotifications
      {
        AuthorizationCodeReceived = async n =>

I have changed the below:
ResponseType = OpenIdConnectResponseType.Code
Scope = OpenIdConnectScope.OpenId

Please help me with sample code which use Authorization code grant flow with ASP.NET web application.

Thanks!!

That is the problem with the library in .NET, .NET Core allows you to use authorization code flow. .NET4.x does not so you are forced to use implicit flow (using the library).

A workaround is to manually implement the entire flow,

It means, we can’t use OWIN library for .NET 4.x versions app to use authorization code flow?

Secondly, can you please help me that how to create redirect_uri URL in my application.
I have added statup.cs page code in my ASP.NET legacy application and set Redirect_uri is http://localhost:55550/main.aspx in okta configuration of application.

But i am unable to bind my application with okta server.
I think i am missing some flow,so please guide me properly.

In My existing web application “Startup.cs” class is not launching .My application made in asp.net 4

Thanks!!

That is correct, only implicit flows work.

Unable to bind, are you redirected to Okta at all and is it not picking up which client is being used?

Hi,

Problem:: My Web application made in Asp.net 4.0 framework which is old one.There is no startup.cs class in that application and i want to implement OAuth2.0 with OKta as provider and login in our application with Okta domain .

I have download the sample from github from below blog:
https://developer.okta.com/blog/2018/08/29/secure-webforms-with-openidconnect-okta"
and exexute this application “AspDotNetWebFormsOkta” ,its running successfully separately.

But i can’t use this code in our existing web application to integrate authorization grant flow with okta.
So i need the solution , how can access okta login in our existing application.

Is there any API that would help to integrate in our existing web app?

Please help to solve my problem, its very urgently required.

Can you please share your skype ID for help?

Thanks!!

Hi,

yes you can implement the oauth flow with API calls and I have a git repo that shows how.
I have something called a token service that grabs new tokens by using the authorization code flow. It is also written in .net core but works fine for .NET framework 4.x

Send me a private message with your email and I will grant you access to the source.

Can i send private mail on oktadev@discoursemail.com id?

What is the procedure to do this? i mean i dont want okta login page again and again for login.authentication will be goes on backed and only my web application page will be displayed.