Hi,
Requirement – In existing .NET website, require to implement Okta authentication on click of login button(existing button in application).
Issue – Okta authentication Is implemented in RRS as per guideline of Secure Your ASP.NET Web Forms Application with OpenID Connect and Okta | Okta Developer with few other changes as per below Startup file code but currently on click of login button, Okta authentication page is opening in Edge browser but it’s not opening in Google Chrome. 2nd issue is, in Edge browser, once Okta credentials are entered it is throwing token error though I have created token in Okta developer website.
public class Startup
{
// These values are stored in Web.config. Make sure you update them!
private readonly string _clientId = ConfigurationManager.AppSettings[“okta:ClientId”];
private readonly string _redirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"];
private readonly string _authority = ConfigurationManager.AppSettings["okta:OrgUri"];
private readonly string _clientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"];
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
public void ConfigureAuth(IAppBuilder app)
{
try
{
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.SetDefaultSignInAsAuthenticationType("ApplicationCookie");
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieSameSite = SameSiteMode.None,
CookieSecure = CookieSecureOption.Always
});
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = _clientId,
ClientSecret = _clientSecret,
Authority = _authority,
RedirectUri = _redirectUri,
ResponseType = OpenIdConnectResponseType.CodeIdToken,
Scope = OpenIdConnectScope.OpenIdProfile,
TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name" },
ProtocolValidator = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator()
{
RequireNonce = true,
RequireState = false,
RequireStateValidation = false
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
// Exchange code for access and ID tokens
var tokenClient = new TokenClient($"{_authority}/v1/token", _clientId, _clientSecret);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, _redirectUri);
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
var userInfoClient = new UserInfoClient($"{_authority}/v1/userinfo");
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
var claims = new List<Claim>(userInfoResponse.Claims)
{
new Claim("id_token", tokenResponse.IdentityToken),
new Claim("access_token", tokenResponse.AccessToken)
};
n.AuthenticationTicket.Identity.AddClaims(claims);
},
},
});
}
catch (Exception ex)
{
throw ex;
}
}
}