Okta Sign In Widget and protecting ASP.NET pages


#1

We’ve got a multi-page website (VB ASP.NET) that needs to be secured with a username and password.

We are interested in using the Okta Sign In Widget to be the front door for that process.

We have our Okta application setup and the Sign In Widget is working properly where when we enter the proper user credentials the res.session.setCookieAndRedirect(redirectUrl) is redirecting properly to our “main menu”.

Obviously at this point in time, the “main menu” is not “protected” as I can navigate directly to that main menu page and get it to render.

I am looking for some thoughts / sample code to add to my ASPX pages that need to be protected to:

(1) Check and see if the Okta cookie is set / present and to verify the user is authenticated
(2) If not, redirect to the Okta Sign In Widget page

Thanks,
Steve


#2

Hey Steve! The easiest way to get the widget working with a server-side rendered application is with OpenID Connect. The widget can be used to kick off the OIDC flow, and the application (with the right OIDC middleware) will handle the callback from Okta.

Is OIDC an option for your ASP.NET site? (Are you using any OWIN middleware already?)