Hello,
In asp.net 4.8 (not Core) web application, I have set Client Id, RedirectUri, Tenant and Authority in Web.Config. In Startup.cs, I have following:
string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];
string redirectUri = System.Configuration.ConfigurationManager.AppSettings["RedirectUri"];
static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];
string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant);
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.CodeIdToken,
TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false // This is a simplification
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
}
);
}
When I run the application, I'm able to enter username and password. Then I get redirected to redirectUri specified in web.config file. Is it correct to assume that I'm getting authenticated since I get redirected to redirecttUri?
On the redirectUri page, I'm running this code but Request.IsAuthenticated always fails as if I wasn't authenticated. What am I'm missing. Why Request.IsAuthenticated is false?
@if (!Request.IsAuthenticated)
{
Response.Redirect(@Url.Action("SignIn", "Home"));
}
else
{
<span><br />Hello @System.Security.Claims.ClaimsPrincipal.Current.FindFirst("name").Value;</span>
<br /><br />
@Html.ActionLink("See Your Claims", "Index", "Claims")
<br /><br />
@Html.ActionLink("Sign out", "SignOut", "Home")
}