OKTA Sign In and Web site Project/Web Project

I have taken the same application for ASP.NET web forms, applied my DEV OKTA configuration to the web config and got it all working.

I have applied on just a “test” page" in a web site project, applied by DEV OKTA configuration in the web config, ensured the same NuGet Packages are being used and everything yet it will will not work. I get the OKTA sign in page but when I click the “Sign In” it does not validate to the DEV OKTA URL location.

It appears when I do the browser debug it is showing it is hitting the OKTA information but it does not appear to be hitting DEV OKTA authorization location.

I am really getting how/why the OKTA sample web forms is working yet when I do almost the exactly same thing in the web project test page it is not.

Is there a difference between a web project vs a web site project with the exception of the use of a “CodeBehind” vs a “CodeFile”?

Any information on this would be greatly appreciated.

Here is a snippet.

NOTE: Ultimate deliverable is in a VB Web site Project. But the working you see is in C#.

I made ever effort to ensure the NuPgk’s are the same between the 2. The assembly references in the web.configs help show that as well.

On the working when I get the OKTA credential page, I put in my credentials and I see it goes to the OKTA domain URL (which I am showing as: https://{My OKTA DEV}.okta.com) and then it will come back to the page or whatever page I put in the login.aspx.cs under the "properties.RedirectUri = “/”; //will redirect. "

However, in the non-working…I get challenged for the OKTA credentials and when I click on the sign in I do not see going to the OKTA domain and when it comes back it has the request type of “POST” but and no information. I don’t believe it’s made the complete trip.

Working

Login.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="okta_aspnet_webforms_example.Login" %>
<script src="https://global.oktacdn.com/okta-signin-widget/5.2.0/js/okta-sign-in.min.js" type="text/javascript"></script>
<link href="https://global.oktacdn.com/okta-signin-widget/5.2.0/css/okta-sign-in.min.css" type="text/css" rel="stylesheet" />
<script src="Scripts/jquery-3.4.1.min.js" type="text/javascript"></script>

<div id="widget"></div>

<form method="POST" action="Login.aspx">
    <input type="hidden" name="sessionToken" id="hiddenSessionTokenField" />
</form>

<script type="text/javascript">
    var oktaDomain = '<%= System.Configuration.ConfigurationManager.AppSettings["okta:oktaDomain"].ToString() %>';

    var signIn = new OktaSignIn({
        baseUrl: oktaDomain
    });

    signIn.renderEl({ el: '#widget' }, (res) => {
        var sessionTokenField = $("#hiddenSessionTokenField");
        sessionTokenField.val(res.session.token);
        var form = sessionTokenField.parent();
        form.submit();
    }, (err) => {
        console.error(err);
    });
</script>

Login.aspx.cs

using System;
using System.Web;
using System.Linq;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;

#pragma warning disable SA1300 // Element should begin with upper-case letter
namespace okta_aspnet_webforms_example
#pragma warning restore SA1300 // Element should begin with upper-case letter
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Request.RequestType == "POST" && !Request.IsAuthenticated)
            {
                var sessionToken = Request.Form["sessionToken"]?.ToString();
                var properties = new AuthenticationProperties();
                properties.Dictionary.Add("sessionToken", sessionToken);
                properties.RedirectUri = "/"; //will redirect. 

                HttpContext.Current.GetOwinContext().Authentication.Challenge(
                        properties,
                        OpenIdConnectAuthenticationDefaults.AuthenticationType);

            }
        }
    }
}

Startup.cs

using System.Collections.Generic;
using System.Configuration;
using System.Web;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Okta.AspNet;
using Owin;

[assembly: OwinStartup(typeof(okta_aspnet_webforms_example.Startup))]

#pragma warning disable SA1300 // Element should begin with upper-case letter
namespace okta_aspnet_webforms_example
#pragma warning restore SA1300 // Element should begin with upper-case letter
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                LoginPath = new PathString("/Login.aspx"),
            });

            app.UseOktaMvc(new OktaMvcOptions()
            {
                OktaDomain = ConfigurationManager.AppSettings["okta:OktaDomain"],
                ClientId = ConfigurationManager.AppSettings["okta:ClientId"],
                ClientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"],
                AuthorizationServerId = ConfigurationManager.AppSettings["okta:AuthorizationServerId"],
                RedirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"],
                PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"],
                Scope = new List<string> { "openid", "profile", "email" },
                LoginMode = LoginMode.SelfHosted,
            });
        }
    }
}

web.config

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  https://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
	<appSettings>
		<!-- 1. Replace these values with your Okta configuration -->
		<add key="okta:ClientId" value="{My OKTA ClientID}" />
		<add key="okta:ClientSecret" value="{My OKTA Secret}" />
		<add key="okta:OktaDomain" value="https://{My OKTA DEV}.okta.com" />
		<add key="okta:AuthorizationServerId" value="default" />
		<!-- 2. Update the Okta application with these values -->
		<add key="okta:RedirectUri" value="https://localhost:44314/authorization-code/callback" />
		<add key="okta:PostLogoutRedirectUri" value="https://localhost:44314/" />
	</appSettings>
	<location path="Profile.aspx">
		<system.web>
			<authorization>
				<deny users="?" />
			</authorization>
		</system.web>
	</location>
	<!--
    For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.

    The following attributes can be set on the <httpRuntime> tag.
      <system.Web>
        <httpRuntime targetFramework="4.6.1" />
      </system.Web>
  -->
	<system.web>
		<compilation debug="true" targetFramework="4.7.2" />
		<httpRuntime targetFramework="4.6.1" />
		<pages>
			<namespaces>
				<add namespace="System.Web.Optimization" />
			</namespaces>
			<controls>
				<add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
			</controls>
		</pages>
		<httpModules />
		<sessionState  cookieless="false" timeout="360" />
	</system.web>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" />
				<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" />
				<bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
				<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.6.0" newVersion="4.0.6.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Numerics.Vectors" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.1.4.0" newVersion="4.1.4.0" />
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
		</compilers>
	</system.codedom>
</configuration>

NOT WORKING (VB.NET, WEB SITE Project)

OKTAVAL2.aspx

<%@ Page Language="VB" AutoEventWireup="true" CodeFile="OKTAVal2.aspx.vb" Inherits="Test_Login.Test_LoginOkta" %>
<script type="text/javascript" src="/Scripts/jquery-3.4.1.min.js"></script>
<script src="https://global.oktacdn.com/okta-signin-widget/5.2.0/js/okta-sign-in.min.js" type="text/javascript"></script>
<link href="https://global.oktacdn.com/okta-signin-widget/5.2.0/css/okta-sign-in.min.css" type="text/css" rel="stylesheet" />
<div id="widget"></div>

<form method="POST" action="OKTAVal2.aspx">
    <input type="hidden" name="sessionToken" id="hiddenSessionTokenField" />
</form>

<script type="text/javascript">
    var oktaDomain = '<%= System.Configuration.ConfigurationManager.AppSettings("okta:oktaDomain").ToString() %>';

    var signIn = new OktaSignIn({
        baseUrl: oktaDomain
    });

    signIn.renderEl({ el: '#widget' }, (res) => {
        var sessionTokenField = $("#hiddenSessionTokenField");
        sessionTokenField.val(res.session.token);
        var form = sessionTokenField.parent();
        form.submit()
    }, (err) => {
        console.error(err);
    });
</script>

OKTAVal2.aspx.vb

Imports System
Imports System.Web
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.OpenIdConnect

Namespace Test_Login
    Partial Class Test_LoginOkta
        Inherits System.Web.UI.Page

        Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load


            Try

                If Request.RequestType = "POST" AndAlso Not Request.IsAuthenticated Then
                    Dim sessionToken = If(Request.Form.Item("sessionToken") IsNot Nothing, Request.Form.Item("sessionToken").ToString, Nothing)
                    Dim properties = New AuthenticationProperties()
                    properties.Dictionary.Add("sessionToken", sessionToken)
                    properties.RedirectUri = "/"

                    HttpContext.Current.GetOwinContext().Authentication.Challenge(properties, OpenIdConnectAuthenticationDefaults.AuthenticationType)
                End If

                'ClientScript.RegisterStartupScript(GetType(Page), "autoPostback", ClientScript.GetPostBackEventReference(Me, String.Empty), True)

            Catch ex As Exception
                HttpContext.Current.Session("ErrorMessage") = "Page_Load() in /account/login.aspx.vb: " & ex.Message & " - StackTrace: " & ex.StackTrace
                GeneralUtils.Trace(350, 0, 0, "Page_Load() in /account/loginokta.aspx.vb:", ex.Message & " - StackTrace: " & ex.StackTrace)
                Response.Redirect("~/PageError.aspx", False)
                HttpContext.Current.ApplicationInstance.CompleteRequest()
            End Try
        End Sub

    End Class
End Namespace

Startup.vb

Imports System.Collections.Generic
Imports System.Configuration
Imports System.Web
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.OpenIdConnect
Imports Microsoft.Owin.Security.Cookies
Imports Okta.AspNet
Imports Owin

<Assembly: OwinStartup(GetType(TestMe.Startup))>
Namespace TestMe
    Public Class Startup
        Public Sub Configuration(ByVal app As IAppBuilder)

            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
            app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
                .LoginPath = New PathString("/OKTAVal2.aspx")
            })
            app.UseOktaMvc(New OktaMvcOptions() With {
                .OktaDomain = ConfigurationManager.AppSettings("okta:OktaDomain"),
                .ClientId = ConfigurationManager.AppSettings("okta:ClientId"),
                .ClientSecret = ConfigurationManager.AppSettings("okta:ClientSecret"),
                .AuthorizationServerId = ConfigurationManager.AppSettings("okta:AuthorizationServerId"),
                .RedirectUri = ConfigurationManager.AppSettings("okta:RedirectUri"),
                .PostLogoutRedirectUri = ConfigurationManager.AppSettings("okta:PostLogoutRedirectUri"),
                .Scope = New List(Of String) From {
                    "openid",
                    "profile",
                    "email"
                },
                .LoginMode = LoginMode.SelfHosted
            })
        End Sub
    End Class
End Namespace

web.config

<?xml version="1.0" encoding="utf-8"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<section name="Telerik.Reporting" type="Telerik.Reporting.Configuration.ReportingConfigurationSection, Telerik.Reporting, Version=16.2.22.914, Culture=neutral, PublicKeyToken=a9d7983dfcc261be" allowLocation="true" allowDefinition="Everywhere" />
	</configSections>
	<!-- Substitute Version=X.X.X.X with the assembly version you are using! -->
	<Telerik.Reporting>
		<Extensions>
			<Render>
				<Extension name="RTF" visible="false" />
			</Render>
		</Extensions>
	</Telerik.Reporting>
	<appSettings>
		<add key="owin:AutomaticAppStartup" value="true" />
		<add key="owin:AppStartup" value="Bagster.Startup" />
		<!-- 1. Replace these values with your Okta configuration -->
		<add key="okta:ClientId" value="{My OKTA ClientID}" />
		<add key="okta:ClientSecret" value="{My OKTA Client Secret}" />
		<add key="okta:OktaDomain" value="https://{My OKTA DEV}.okta.com" />
		<add key="okta:AuthorizationServerId" value="default" />
		<!-- 2. Update the Okta application with these values -->
		<add key="okta:RedirectUri" value="https://localhost:44314/authorization-code/callback" />
		<add key="okta:PostLogoutRedirectUri" value="https://localhost:44314/" />
	</appSettings>
	<connectionStrings>
	</connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
		<!-- <httpRuntime requestValidationMode="2.0" enableVersionHeader="false" />-->
		<httpRuntime targetFramework="4.6.1" enableVersionHeader="false" executionTimeout="900" />
		<httpCookies sameSite="None" requireSSL="true" />
		<authentication mode="Forms">
			<forms requireSSL="true" />
		</authentication>
		<customErrors mode="Off" />
		<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID">
			<controls>
				<add tagPrefix="telerik" namespace="Telerik.Web.UI" assembly="Telerik.Web.UI" />
				<add assembly="Microsoft.AspNet.Web.Optimization.WebForms" namespace="Microsoft.AspNet.Web.Optimization.WebForms" tagPrefix="webopt" />
			</controls>
		</pages>
		<httpModules />
		<sessionState cookieSameSite="None" cookieless="false" timeout="360" />
	</system.web>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<httpProtocol>
			<customHeaders>
				<remove name="X-Powered-By" />
				<!--Code to prevent clickjack attempts-->
				<add name="X-Frame-Options" value="SAMEORIGIN" />
				<add name="Content-Security-Policy" value="default-src https: data: 'unsafe-inline' 'unsafe-eval'" />
				<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
				<add name="X-Content-Type-Options" value="nosniff" />
				<add name="X-Xss-Protection" value="1; mode=block" />
			</customHeaders>
		</httpProtocol>
		<validation validateIntegratedModeConfiguration="false" />
		<defaultDocument>
			<files>
				<clear />
				<add value="default.aspx" />
				<add value="Default.asp" />
				<add value="Default.htm" />
				<add value="index.htm" />
				<add value="index.html" />
				<add value="iisstart.htm" />
			</files>
		</defaultDocument>
	</system.webServer>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.WindowsAzure.Storage" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.1.0" newVersion="6.5.1.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.0.0" newVersion="6.5.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.6.0" newVersion="4.0.6.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Threading.Tasks.Extensions" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.2.0.1" newVersion="4.2.0.1" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.Primitives" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.1.32.0" newVersion="3.1.32.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.1.0" newVersion="6.5.1.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.5.0" newVersion="4.0.5.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.Configuration.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.1.32.0" newVersion="3.1.32.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.DependencyInjection.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.Options" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.1.32.0" newVersion="3.1.32.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.Logging.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.DependencyInjection" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.FileProviders.Abstractions" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.1.32.0" newVersion="3.1.32.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.Configuration" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.1.32.0" newVersion="3.1.32.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.FileProviders.Physical" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.1.32.0" newVersion="3.1.32.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.FileSystemGlobbing" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.Extensions.Configuration.FileExtensions" publicKeyToken="adb9793829ddae60" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-3.1.32.0" newVersion="3.1.32.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="YamlDotNet" publicKeyToken="ec19458f3c15af5e" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="11.0.0.0" />
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
				<bindingRedirect oldVersion="0.0.0.0-6.5.1.0" newVersion="6.5.1.0" />
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:1659;1699;1701" />
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=2.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:default /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
		</compilers>
	</system.codedom>
</configuration>

I do know in the OKTA web forms sample, the login page and everything it off the root and in the web site project that OKTAVal.aspx is in a “Test” subfolder. Could that have an issue and/or does with with the values in the web.config file of

"<add key="okta:RedirectUri" value="https://localhost:44314/authorization-code/callback" />
<add key="okta:PostLogoutRedirectUri" value="https://localhost:44314/" />"

One other things I can’t I am not sure I am understanding on with the web site project which isn’t completely working is that after get the Widget and enter the credential information (and doesn’t appear to so to the OKTA domain URL for validation) it responds with an error of the 404 on the Login.aspx page. There is no one there. The working OKTA web forms example has one but not the web project one. I am not sure how to get it to even not work with a login.aspx file or why it’s tempting that.

Any information would be greatly appreciated.

Has anybody used OKTA with a asp.net web site project not a webforms project?

As mentioned in my question above…what is working is a web forms project… But what it not working is in the web site project.

I have confirmed in the web site project that it’s able to talk to the QKTA domain I have (DEV account) and it get’s the 200. BUT like this which is VB:

HttpContext.Current.GetOwinContext.Authentication.User.Claims.Where(Function(x) x.Type = “access_token”)

What is returns is emtpy whereas on the webforms (working app) it is returning the actual value.

One other thing I observed is that the line:

HttpContext.Current.GetOwinContext().Authentication.Challenge(
properties,
OpenIdConnectAuthenticationDefaults.AuthenticationType);

In the web forms (working app) has a seesionid that is different than
HttpContext.Current.GetOwinContext().Authentication.User.Claims.Where(x => x.Type == “access_token”);

On the destination page.

However, in the web site project (non-working app) converted into VB but the codefile - the sessionid’s are the same.

So, has anybody used this OKTA with a web site project? If so, any reference ?

This is getting to be a very bothersome aspect and getting very little success with the use of OKTA in a web site project.

Any information would be greatly appreciated.