Secure Your ASP.NET Core App with OAuth 2.0

oktadev-blog · July 15, 2019, 5:16pm

Learn how to use Single Sign-On (SSO) to secure your ASP.NET MVC Application.

oktadev-blog · July 15, 2019, 11:09am

Richard Clarke

Hi
Great article. Just what I was looking for.
One thing I’m not clear on is how to make a subsequent request to the authorisation server. I need to do something similar to the code in your article in the OnCreatingTicket method i.e. make a call for more info from the authorisation server (not the user info call) and do it from a MVC controller action in my app. I need to send an authorization header with a bearer token containing the access token. In the OnCreatingTicket, you get the access token from the context, but I don’t know how to get the access token from within a controller method.
Regards Richard.

oktadev-blog · July 20, 2019, 6:08pm

Fatima Zahra Raefat

hello, I tried to follow all these steps but I found a problem in LiveMusicFinder, it doesn’t run and I got this error :
The program ‘[5916] dotnet.exe’ terminated with the code -2147450751 (0x80008081).
Thank u for your help

oktadev-blog · July 30, 2019, 4:20am

Matt Raible

Can you please try comparing your code to the example on GitHub?

oktadev-blog · May 11, 2020, 7:55pm

Eric Brown

when setting up the 2nd app (.net core) i get the following error.

There isn’t that much to change to set it up, anyone know what i did wrong?

An unhandled exception occurred while processing the request.
SocketException: No such host is known
System.Net.Http.ConnectHelper.ConnectAsync(string host, int port, CancellationToken cancellationToken)

HttpRequestException: No such host is known
System.Net.Http.ConnectHelper.ConnectAsync(string host, int port, CancellationToken cancellationToken)

IOException: IDX20804: Unable to retrieve document from: ‘[PII is hidden]’.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)

InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘[PII is hidden]’.
Microsoft.IdentityModel.Protocols.ConfigurationManager<t>.GetConfigurationAsync(CancellationToken cancel)

oktadev-blog · May 15, 2020, 4:49pm

Eric Brown

FYI the URL appsetting had “Desktop” appended to the end for some reason, copy and paste error i guess

oktadev-blog · September 12, 2020, 11:49am

Assil

In the controller, Aren’t you able to access the request?
The token is stored in request.Headers.Authorization .
This is one way of getting the token but there are so many other ways. No need for subsequent requests to the authentication server.

oktadev-blog · April 14, 2021, 10:14pm

bluebaronca

I want to setup an SSO login page for an existing identity server. I want it setup like this but at the end, I want it to 302 to another app with the auth token. Is this facility built in?

kishanpAICORP · December 10, 2021, 2:20pm

Hi,
I want to implement the Proxy with mentioned approach.
I am not able to find how can i use Proxy with this, Can you please provide me a link where i can find how to use the Proxy with this approach.

github.com

okta/okta-aspnet/blob/master/docs/aspnet4x-mvc.md#proxy-configuration

[<img src="https://devforum.okta.com/uploads/oktadev/original/1X/bf54a16b5fda189e4ad2706fb57cbb7a1e5b8deb.png" align="right" width="256px"/>](https://devforum.okta.com/)

[![Support](https://img.shields.io/badge/support-Developer%20Forum-blue.svg)](https://devforum.okta.com/)

# Installing the package

You can install the package by using the NuGet Package Explorer to search for [Okta.AspNet](https://nuget.org/packages/Okta.AspNet).

Or, you can use the `dotnet` command:


```
dotnet add package Okta.AspNet
```
# Usage guide

These examples will help you to understand how to use this library. You can also check out our ASP.NET samples:

* [ASP.NET MVC Samples](https://github.com/okta/samples-aspnet)
* [ASP.NET Web Forms Samples](https://github.com/okta/samples-aspnet-webforms)

This file has been truncated. show original

kishanpAICORP · March 1, 2023, 1:47pm

Hi, I would like to implement the RefreshToken middleware here.
When the application token is expired then it should send the Refreshtoken and It should login again with the OktaAuth2.0 authetication method.

Here we have the TokenEndpoint to get the refreshtoken, But not sure how to refresh the Token by using this endpoint.

kemmrich · March 30, 2024, 9:47pm

I too enjoyed the article and it was easy to use as a template to do what I needed to do. A lot, though, has changed since .net core 2.2. Are you thinking about updating the article for .net 8? Including the refresh token and PKCE would be great additions.

– Kevin

alisaduncan · April 8, 2024, 4:55pm

Hi there @kemmrich,

Welcome to the community!

Thanks for requesting .NET 8 content. I agree that we should have a post for a newer version and utilize both PKCE and refresh tokens. I’ll add this to our list!

iKingNinja · April 21, 2024, 11:24am

Hello, I found this tutorial really helpful! However since I am pretty new to ASP.NET Core I would like some clarification.

Should the OnCreatingTicket action be used to save data into the database or should it only be used to authenticate the user? If the latter is the case what would be the appropriate way of saving user data obtained through OAuth into the database?

kemmrich · November 9, 2024, 4:14pm

This works great on dev machine and I run it using:
dotnet jkt_oAuth.dll --urls https://localhost:5001

but when I send it to the user and I try to do the same thing, it always seems to want to use localhost! Below is the approach I am using to force it to listen on a web address:
dotnet jkt_oAuth.dll --urls https://myUsersDomain.com:5001

Is there an inherent issue with using the dotnet command (with a dll) or am I just missing something. Nowhere in the code or appsettings.json is localhost mentioned.

Thanks in advance,
Kevin

Post		Replies	Views
ASP.NET Core SSO with Okta - Odd Behavior Questions dotnet	1	3854	January 24, 2024
How to use Okta for SSO between Multiple Apps in .NET OAuth/OIDC	10	10614	January 17, 2024
MVC .net 4.5 + saml 2 Questions	1	4363	January 12, 2024
Implementing OKTA SSO (using OIDC) for multiple ASP.NET web apps OAuth/OIDC dotnet	1	90	November 7, 2024
Okta integration with ASPNet Core 3.1 Identity Questions	2	3734	January 27, 2024

Secure Your ASP.NET Core App with OAuth 2.0

Related topics