Authentication ticket value is null in the AuthorizationCodeReceived event

Question

I have been able to login to the identity provider, and get the access_token. My problem is with mapping the OpenID connect groups to roles. I am changing an MVC 4 website. The article post at ( https://developer.okta.com/blog/2018/04/18/authorization-in-your-aspnet-mvc-4-application ) gives a sample code for AuthorizationCodeReceived. The problem is that the Authentication ticket value is null in the AuthorizationCodeReceived event. . The article states that mapping the OpenIDConnect groups to roles is required to get authorization attributes to work. My website is not using Azure Active Directory. Do you have any advice?

Answer 1

I found a post that fixed the problem. The authentication works now. I wanted to post it for any future reference. https://stackoverflow.com/questions/20737578/asp-net-sessionid-owin-cookies-do-not-send-to-browser

Answer 2

The website does not have a webhost library reference.

Answer 3

How do I determine which lines have errors? No exceptions are thrown in the startup.cs file. I added a application_error event handler to the global_asax file also.

I tried setting the NameClaimType inOpenIdConnectOptions to "name". It did not work. Is that the correct value to use? I also tried "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier" That value did not work either.

I added a coworker's code to the MessageReceived event. Now the AuthorizationCodeReceived event does not fire. However, in the event SecurityTokenValidated the variable notification.AuthenticationTicket.Identity.Name is correct and the variable notification.AuthenticationTicket.Identity.IsAuthenticated returns true. I add the claims that include the role because the claims do not include the role claim value. No errors are thrown. It looks like the authentication works in the startup class file but does not flow to the controllers. I do not know why.

Nothing has improved. The variable Request.IsAuthenticated returns false. The variable HttpContext.GetOwinContext().Authentication.User.Identity.Name is an empty string. The variable User.Identity.Name is an empty string.

context.ProtocolMessage.Code = null;
context.ProtocolMessage.IdToken = idToken.ToString();
context.ProtocolMessage.AccessToken = accessToken.ToString();

Answer 4

I have made some progress but the Authorize attribute will not work. The variable filterContext.HttpContext.User.Identity.IsAuthenticated in the custom authorize attribute returns false. How can the variables HttpContext.GetOwinContext().Authentication and User.Identity.Name be correct in the controller but the authorize attribute does not work?
Both the Authorize and custom Authorize attribute do not work. They treat the user as unauthenticated.

The begin request event in global asax and custom authentication fire before the OWIN AuthorizationCodeReceived event. I have found that the OWIN context does not exist without a request, and the Startup class only runs once for the application, not for each request. Your Startup class should initialize your middleware and your application and the middleware and the application should access the OWIN context when needed.

Answer 5

Would this problem be fixed if an authentication ticket was issued by the external identity provider? Can the authorize attribute work with OWIN open id connect?

Right now I am attempting to use global.asax begin request to set the principal and roles.