OpenIdConnect signin-oidc route not handled by ASP.NET MVC

Question

I am using an external OIDC identity provider to log my users into my webshop. The webshop is being built on ASP.NET MVC with .NET Framework 4.7.2.

I have started using the basic MVC template and adding my authentication code.

public void ConfigureAuth(IAppBuilder app)
{

    JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();// = new Dictionary<string, string>();

    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = CookieAuthenticationDefaults.AuthenticationType
    });

    var authority = "https://authentication.myOpenIdProvider.com/auth/oauth2/realms/root/realms/test";
    var redirectUri = "http://localhost:8888/signin-oidc";
    var postlogoUri = "http://localhost:8888/signout-callback-oidc";
    var clientId = "MyClientId";
    var clientSecret = "MyClientSecret";

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        ClientSecret = clientSecret,
        Authority = authority,
        RedirectUri = redirectUri,
        PostLogoutRedirectUri = postlogoUri,
        ResponseType = "code",
        Scope = "openid favorites",
        SignInAsAuthenticationType = "Cookies",
        RequireHttpsMetadata = false,
    });
}

When i hit login on my page, i get redirected to my authentication provider, also the correct redirectUri is passed.

public class AccountController : Controller
{
    public ActionResult Login()
    {
        if (!HttpContext.User.Identity.IsAuthenticated)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
            return new HttpUnauthorizedResult();
        }

        return RedirectToAction("Index", "Home");
    }

    ... 
}

However, after i succesfully authenticate with my external provider and get redirected to my site (currently its just http://localhost:8888/signin-oidc for dev purposes) the route is not handled. I am getting a 404, so something clearly isn't working like it is supposed to do.

I have installed ELMAH and this reports the following exception message:

System.Web.HttpException (0x80004005): The controller for path '/signin-oidc' was not found or does not implement IController.

For context: The same works in an ASP.NET Core API, using the same external openid provider with identical configuration.

The library is deprecated - Microsoft writes: "UseOpenIdConnectAuthentication is obsolete. Configure OpenIdConnect authentication with AddAuthentication().AddOpenIdConnect in ConfigureServices. See https://go.microsoft.com/fwlink/?linkid=845470 for more details." — soupy-norman, Jun 02 '23 at 08:24

score 11 · Accepted Answer · answered Jun 07 '19 at 09:33

11

For anyone browsing this in the future, this is the answer:

Owin.OpenIdConnect does not support "code" only ResponseTypes. You need to set "id_token" too. If, for any reason, you cannot do this, you will basically need to implement parts of the spec yourself (mainly by hooking up into the MessageReceived Notifications Event).

See this part in the source code of the OpenIdConnect Handler:

https://github.com/aspnet/AspNetKatana/blob/0f6dc4bf2722fb08759da3eacaf38f2a098771bd/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs#L258-L264

answered Jun 07 '19 at 09:33

5

`Authorization Code flow` is now supported in version 4.1.0 – Harsh Baid May 07 '20 at 21:16
3

However I still had to handle `MessageReceived` notification and get `id_token`, `access_token` and `refresh_token` and use those values in `AuthorizationCodeReceived` notification when I had authentication ticket available in notification args which I'm not sure is good way but it works when doing authorization cdoe flow with owin library version 4.1.0 – Harsh Baid May 08 '20 at 16:24
1

Here are the snippets for whoever needs it https://gist.github.com/harshbaid/89edd39b3304039d7a8a1119b32d90ae – Harsh Baid Aug 27 '20 at 18:43
@HarshBaid Could you provide more than a snippet? I would love to see a proper Configuration, because I am having issue with OIDC too. In case you want to have a look, [my OIDC issue](https://stackoverflow.com/questions/68191838/unexpected-behaviour-with-oidc-authentication-on-net-framework?noredirect=1#comment120538456_68191838) – Kristóf Horváth Jul 02 '21 at 10:13

score 0 · Answer 2 · answered Sep 04 '20 at 06:49

I had this in my Home

public void SignIn()
{
    if (!Request.IsAuthenticated)
    {
        HttpContext.GetOwinContext().Authentication.Challenge(
            new AuthenticationProperties { RedirectUri = "/" },
            OpenIdConnectAuthenticationDefaults.AuthenticationType);
    }
}

and similar RedirectUri parameter could be add to SignOut too

public void SignOut()
{
    HttpContext.GetOwinContext().Authentication.SignOut(
            new AuthenticationProperties { RedirectUri = Request.Url.Scheme + "://" + Request.Url.Authority },
            OpenIdConnectAuthenticationDefaults.AuthenticationType,
            CookieAuthenticationDefaults.AuthenticationType);
}

OpenIdConnect signin-oidc route not handled by ASP.NET MVC

2 Answers2

Linked