I have two .NET web apps that both use Okta for authentication (different client id/secret for both).
App A - WebForms 4.5.2
App B - Web API
If I go to app A I get prompted for login, after logging in if I go to app B directly (in browser) it will not ask for my login credentials again and I get a valid response so I know Okta authentication is working on both apps.
App A needs to call App B (from the server side inside of a .ascx.cs file) and to get some HTML to render (i.e. A gets HTML from B to render to page on A). Ideally if a person is authenticated in app A then they should not have to authenticate in app B, however when I attempt on the server side, by creating a WebRequest, it does not work. Instead I get back the HTML for the Okta sign in page.
How do I need to configure the WebRequest in app A such that app B recognizes that the user is already authenticated? What would this flow be called?
Any help is appreciated.