I am trying to integrate a Legacy VB.NET App using OIDC. I followed the Secure Your ASP.NET Web Forms Application with OpenID Connect and Okta, but updated the logic to use VB.NET.
I can see in Chrome Dev Tools that the Authorize URL is hit and the Okta Logs show the call. However after the authorization call, when the Sign-in redirected URI page is hit the Response.IsAuthenticated is always false and none of the Notification Callbacks are hit (except RedirectToEntityProvider)
Hers is my startup.vb file
Public Class Startup
Private ReadOnly _clientId As String = ConfigurationManager.AppSettings("okta:ClientId")
Private ReadOnly _redirectUri As String = ConfigurationManager.AppSettings("okta:RedirectUri")
Private ReadOnly _authority As String = ConfigurationManager.AppSettings("okta:OrgUri")
Private ReadOnly _clientSecret As String = ConfigurationManager.AppSettings("okta:ClientSecret")
Private ReadOnly _oktaDomain As String = ConfigurationManager.AppSettings("okta:OktaDomain")
Private ReadOnly _sessionTimeoutInMinutes As String = ConfigurationManager.AppSettings("SessionTimeoutInMinutes")
Public Sub Configuration(ByVal app As IAppBuilder)
ConfigureOkta(app)
End Sub
Public Sub ConfigureOkta(ByVal app As IAppBuilder)
If app Is Nothing Then
Throw New ArgumentNullException(NameOf(IAppBuilder))
End If
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
Dim authOptions As New CookieAuthenticationOptions
authOptions.AuthenticationType = "Cookies"
authOptions.CookieManager = New Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
authOptions.Provider = New CookieAuthenticationProvider() With
{
.OnResponseSignIn = Sub(context As CookieResponseSignInContext)
System.Diagnostics.Debug.WriteLine("On Response Sign In ")
context.Properties.AllowRefresh = True
context.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(Double.Parse(_sessionTimeoutInMinutes))
End Sub
}
app.UseCookieAuthentication(authOptions)
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions() With
{
.ClientId = _clientId,
.ClientSecret = _clientSecret,
.Authority = _authority,
.RedirectUri = _redirectUri,
.ResponseType = OpenIdConnectResponseType.CodeIdToken, ' .CodeToken,
.Scope = OpenIdConnectScope.OpenIdProfile,
.Notifications = New OpenIdConnectAuthenticationNotifications With
{
.AuthenticationFailed = Function(context)
Console.WriteLine("Authentication Failed with Error: {0}", context.Exception.Message)
Return Task.FromResult(0)
End Function,
.AuthorizationCodeReceived = Async Function(n As AuthorizationCodeReceivedNotification)
System.Diagnostics.Debug.WriteLine("Begin Authorization Code Recieved Callback")
System.Diagnostics.Debug.WriteLine("Authorization Code: {0}", n.Code)
Dim tokenClient = New TokenClient($"{_authority}/v1/token", _clientId, _clientSecret)
Dim tokenResponse = Await tokenClient.RequestAuthorizationCodeAsync(n.Code, _redirectUri)
If (tokenResponse.IsError) Then
Throw New Exception(tokenResponse.Error)
End If
Dim userInfoClient = New UserInfoClient($"{_authority}/v1/userinfo")
Dim userInfoResponse = Await userInfoClient.GetAsync(tokenResponse.AccessToken)
System.Diagnostics.Debug.WriteLine("Identity Token: {0}", tokenResponse.IdentityToken)
System.Diagnostics.Debug.WriteLine("Access Token: {0}", tokenResponse.AccessToken)
n.AuthenticationTicket.Identity.AddClaim(New Claim("id_token", tokenResponse.IdentityToken))
n.AuthenticationTicket.Identity.AddClaim(New Claim("access_token", tokenResponse.AccessToken))
End Function,
.MessageReceived = Function(context)
System.Diagnostics.Debug.WriteLine("Message Received")
Return Task.FromResult(0)
End Function,
.SecurityTokenReceived = Function(context)
System.Diagnostics.Debug.WriteLine("Security Token Received")
Return Task.FromResult(0)
End Function,
.SecurityTokenValidated = Function(context)
System.Diagnostics.Debug.WriteLine("Security Token Validated")
Return Task.FromResult(0)
End Function,
.TokenResponseReceived = Function(context)
System.Diagnostics.Debug.WriteLine("Token Response Received")
Return Task.FromResult(0)
End Function,
.RedirectToIdentityProvider = Function(context)
System.Diagnostics.Debug.WriteLine("Redirect To Identity Provider")
Return Task.FromResult(0)
End Function
}
})
End Sub
Here is the logic that invokes the Challenge:
If (Not Request.IsAuthenticated) Then
HttpContext.Current.GetOwinContext().Authentication.Challenge(
New AuthenticationProperties With {.RedirectUri = "/"},
OpenIdConnectAuthenticationDefaults.AuthenticationType)
End If