OpenID VB.NET Integration not returning Claims

bc-joneil · February 5, 2024, 4:46pm

I am trying to integrate a Legacy VB.NET App using OIDC. I followed the Secure Your ASP.NET Web Forms Application with OpenID Connect and Okta, but updated the logic to use VB.NET.

I can see in Chrome Dev Tools that the Authorize URL is hit and the Okta Logs show the call. However after the authorization call, when the Sign-in redirected URI page is hit the Response.IsAuthenticated is always false and none of the Notification Callbacks are hit (except RedirectToEntityProvider)

Hers is my startup.vb file

Public Class Startup

    Private ReadOnly _clientId As String = ConfigurationManager.AppSettings("okta:ClientId")
    Private ReadOnly _redirectUri As String = ConfigurationManager.AppSettings("okta:RedirectUri")
    Private ReadOnly _authority As String = ConfigurationManager.AppSettings("okta:OrgUri")
    Private ReadOnly _clientSecret As String = ConfigurationManager.AppSettings("okta:ClientSecret")
    Private ReadOnly _oktaDomain As String = ConfigurationManager.AppSettings("okta:OktaDomain")
    Private ReadOnly _sessionTimeoutInMinutes As String = ConfigurationManager.AppSettings("SessionTimeoutInMinutes")

    Public Sub Configuration(ByVal app As IAppBuilder)
        ConfigureOkta(app)
    End Sub

    Public Sub ConfigureOkta(ByVal app As IAppBuilder)
        If app Is Nothing Then
            Throw New ArgumentNullException(NameOf(IAppBuilder))
        End If

        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)

        Dim authOptions As New CookieAuthenticationOptions
        authOptions.AuthenticationType = "Cookies"
        authOptions.CookieManager = New Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()

        authOptions.Provider = New CookieAuthenticationProvider() With
            {
                .OnResponseSignIn = Sub(context As CookieResponseSignInContext)
                                        System.Diagnostics.Debug.WriteLine("On Response Sign In ")
                                        context.Properties.AllowRefresh = True
                                        context.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(Double.Parse(_sessionTimeoutInMinutes))
                                    End Sub
            }
        app.UseCookieAuthentication(authOptions)

        app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions() With
            {
                .ClientId = _clientId,
                .ClientSecret = _clientSecret,
                .Authority = _authority,
                .RedirectUri = _redirectUri,
                .ResponseType = OpenIdConnectResponseType.CodeIdToken,  ' .CodeToken,
                .Scope = OpenIdConnectScope.OpenIdProfile,
                .Notifications = New OpenIdConnectAuthenticationNotifications With
                {
                    .AuthenticationFailed = Function(context)
                                                Console.WriteLine("Authentication Failed with Error: {0}", context.Exception.Message)
                                                Return Task.FromResult(0)
                                            End Function,
                    .AuthorizationCodeReceived = Async Function(n As AuthorizationCodeReceivedNotification)
                                                     System.Diagnostics.Debug.WriteLine("Begin Authorization Code Recieved Callback")
                                                     System.Diagnostics.Debug.WriteLine("Authorization Code: {0}", n.Code)

                                                     Dim tokenClient = New TokenClient($"{_authority}/v1/token", _clientId, _clientSecret)
                                                     Dim tokenResponse = Await tokenClient.RequestAuthorizationCodeAsync(n.Code, _redirectUri)
                                                     If (tokenResponse.IsError) Then
                                                         Throw New Exception(tokenResponse.Error)
                                                     End If

                                                     Dim userInfoClient = New UserInfoClient($"{_authority}/v1/userinfo")
                                                     Dim userInfoResponse = Await userInfoClient.GetAsync(tokenResponse.AccessToken)

                                                     System.Diagnostics.Debug.WriteLine("Identity Token: {0}", tokenResponse.IdentityToken)
                                                     System.Diagnostics.Debug.WriteLine("Access Token: {0}", tokenResponse.AccessToken)
                                                     n.AuthenticationTicket.Identity.AddClaim(New Claim("id_token", tokenResponse.IdentityToken))
                                                     n.AuthenticationTicket.Identity.AddClaim(New Claim("access_token", tokenResponse.AccessToken))
                                                 End Function,
                    .MessageReceived = Function(context)
                                           System.Diagnostics.Debug.WriteLine("Message Received")
                                           Return Task.FromResult(0)
                                       End Function,
                    .SecurityTokenReceived = Function(context)
                                                 System.Diagnostics.Debug.WriteLine("Security Token Received")
                                                 Return Task.FromResult(0)
                                             End Function,
                    .SecurityTokenValidated = Function(context)
                                                  System.Diagnostics.Debug.WriteLine("Security Token Validated")
                                                  Return Task.FromResult(0)
                                              End Function,
                    .TokenResponseReceived = Function(context)
                                                 System.Diagnostics.Debug.WriteLine("Token Response Received")
                                                 Return Task.FromResult(0)
                                             End Function,
                    .RedirectToIdentityProvider = Function(context)
                                                      System.Diagnostics.Debug.WriteLine("Redirect To Identity Provider")
                                                      Return Task.FromResult(0)
                                                  End Function
                }
             })

    End Sub

Here is the logic that invokes the Challenge:

        If (Not Request.IsAuthenticated) Then
            HttpContext.Current.GetOwinContext().Authentication.Challenge(
            New AuthenticationProperties With {.RedirectUri = "/"},
            OpenIdConnectAuthenticationDefaults.AuthenticationType)
        End If

hello-world · February 22, 2024, 7:53pm

@bc-joneil ,
I am running into a very similar issue. Have you been able to make any progress on resolving this?
Thanks

bc-joneil · February 22, 2024, 8:11pm

@hello-world,
I did not make any progress.

system · March 23, 2024, 8:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.