3

I have ASP.NET project with working Okta authentication set up, but I need to allow user to authenticate by another service, which also uses JWT. What are best practises to do it? Okta authentication was set up using this guid, so Startap.cs has this method:

public void Configuration(IAppBuilder app)
{
    app.UseOktaWebApi(new OktaWebApiOptions()
    {
        OktaDomain = ConfigurationManager.AppSettings["okta:OktaDomain"],
    });
}

I've already tried using this guid, but could not make it work because it gets error

Error CS1061 'AuthenticationBuilder' does not contain a definition for 'AddOpenIdConnect' and no accessible extension method 'AddOpenIdConnect' accepting a first argument of type 'AuthenticationBuilder' could be found (are you missing a using directive or an assembly reference?)

For code

services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = "OpenIdConnect";
            })
            .AddCookie()
            .AddOpenIdConnect(options =>{}); // error is thrown here
orlyohreally
  • 410
  • 6
  • 19

1 Answers1

0

After lots of googling and trying to find a solution I have created an AuthorizeAttribute and overrode IsAuthorized method:

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        // here we can check if default (in my case Okta) authorization allowed access for request
        if (base.IsAuthorized(actionContext))
        {
            return true;
        }
        // add some logic and return true or false depending on if access is allowed or not
        return false;
    }
}
orlyohreally
  • 410
  • 6
  • 19