0

I am struggling with ADFS UseOpenIdConnectAuthentication for more than a week now. It is frustrating.

Here is my Startup.Auth.cs code . the variable "dero" is false => not authenticated. Why?

using System;
using System.Configuration;
using System.Net.Http;
using System.Web;
using IdentityModel.Client;
using Microsoft.AspNet.Identity;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;

namespace Intel.Web
{
public partial class Startup
{
    private readonly string authority = ConfigurationManager.AppSettings["auth:Authority"];
    private readonly string clientId = ConfigurationManager.AppSettings["auth:ClientId"];
    private readonly string clientSecret = ConfigurationManager.AppSettings["auth:ClientSecret"];
    private readonly string metadataAddress = ConfigurationManager.AppSettings["auth:MetadataAddress"];
    private readonly string postLogoutRedirectUri = ConfigurationManager.AppSettings["auth:PostLogoutRedirectUri"];
    private readonly string redirectUri = ConfigurationManager.AppSettings["auth:RedirectUri"];
    private readonly string tokenEndpoint = ConfigurationManager.AppSettings["auth:TokenEndpoint"];
    private readonly string userInfoEndpoint = ConfigurationManager.AppSettings["auth:UserInfoEndpoint"];

    public void ConfigureAuth(IAppBuilder app)
    {
        app.SetDefaultSignInAsAuthenticationType(DefaultAuthenticationTypes.ApplicationCookie);

     app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            ClientId = this.clientId,
            Authority = this.authority,
            MetadataAddress = this.metadataAddress,
            ResponseType = "code id_token",
            RedirectUri = this.redirectUri,
            PostLogoutRedirectUri = this.postLogoutRedirectUri,
            ClientSecret = this.clientSecret,

            // AuthenticationMode = AuthenticationMode.Passive,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthorizationCodeReceived = async n =>
                {
                    var authContext = new AuthenticationContext("https://dev.adfs.myServer.com/adfs/", false);
                    var result = await authContext.AcquireTokenByAuthorizationCodeAsync(n.ProtocolMessage.Code,
                        new Uri(this.redirectUri), new ClientCredential(this.clientId, this.clientSecret));


                    var userInfoReq = new UserInfoRequest
                    {
                        Address = this.userInfoEndpoint,
                        Token = result.AccessToken
                    };

                    var client = new HttpClient();

                    var response = await client.GetUserInfoAsync(userInfoReq);

                    if (response.IsError) throw new Exception("Invalid access token");

                    n.AuthenticationTicket.Identity.AddClaims(response.Claims);


                    var dero = HttpContext.Current.User.Identity.IsAuthenticated;

                    //FormsAuthentication.SetAuthCookie("userName unic gen", false);
                    HttpContext.Current.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/FOGWeb" }, OpenIdConnectAuthenticationDefaults.AuthenticationType);
                    dero =  HttpContext.Current.User.Identity.IsAuthenticated;
                }
            }
        });
    }
}

}

Cătălin Rădoi
  • 1,804
  • 23
  • 43
  • if it's null it means, in your current http request, you're not logged in. – Jerdine Sabio Mar 23 '20 at 18:02
  • The subsequent requests will be authenticated. Try to access the user identity in a [Authorized] controller action and you should get the correct value. – TejSoft Mar 24 '20 at 05:19
  • it kinda dies in an infinite loop. It's related to this SO post (also mine) https://stackoverflow.com/questions/60773535/mvc5-adfs-with-useopenidconnectauthentication-securitytokenreceivedendless-loop – Cătălin Rădoi Mar 24 '20 at 07:41

0 Answers0