4

I'm trying to set up external SSO provider (FusionAuth) to ASP.NET Framework 4.8 project using OpenIDConnect/Oauth with Authorization Code Grant Request.

When response with authorization code comes from the sso server, the /signin-oidc endpoint is not available.

I found in similar posts, the middleware may not fully configured and it's needed to add app.UseAuthentication() to Startup.cs, but I'm not sure how to do it with on Framework 4.8

Looks like the challenge scheme is not turned on.

Here is my Startup class. Microsoft.Owin.Host.SystemWeb and other dependencies was installed.

using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.OpenIdConnect;
using Owin;

[assembly: OwinStartup(typeof(WebApplication6_Framework.Startup))]

namespace WebApplication6_Framework
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
            app.UseCookieAuthentication(new CookieAuthenticationOptions()
            {
                CookieName = "MyCookies",
                AuthenticationType = CookieAuthenticationDefaults.AuthenticationType

            });
            app.UseOpenIdConnectAuthentication(
                new OpenIdConnectAuthenticationOptions
                {
                    Authority = "<authority>",
                    ClientId = "<client_id>",
                    ClientSecret = "<client_secren>",
                    RedirectUri = "https://localhost:44309/signin-oidc",

                    SignInAsAuthenticationType = "Cookies",

                    PostLogoutRedirectUri = "https://localhost:44309",

                    Scope = OpenIdConnectScope.OpenIdProfile,

                    ResponseType = "code", // OpenIdConnectResponseType.Code,

                    TokenValidationParameters = new TokenValidationParameters()
                    {
                        ValidateIssuer = false // For test
                    },

                    RequireHttpsMetadata = false
                }
            );
        }

    }

}

404 when I come from SSO server with authorization code to my applicaitons on /signin-oidc endpoint.

Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /signin-oidc

Tried both, with [Autorize] attribue on controller and with the code from Login controller:

public void SignIn()
        {
            if (!Request.IsAuthenticated)
            {
                HttpContext.GetOwinContext().Authentication.Challenge(
                    new AuthenticationProperties { RedirectUri = "https://localhost:44309/signin-oidc" },
                    OpenIdConnectAuthenticationDefaults.AuthenticationType);
            }
        }

With the same settings in the ASP.NET 6 project, everything works.

Thanks in advance for any help.

UPDATE:

Refference for the same problems but for the previous framework versions:

OpenIdConnect signin-oidc route not handled by ASP.NET MVC

https://learn.microsoft.com/en-us/answers/questions/291678/authentication-ticket-value-is-null-in-the-authori.html?page=1&pageSize=10&sort=oldest

Nothing of this still works for me, but it is a good entry point for cause of the problems.

nzim
  • 105
  • 2
  • 9
  • Also I tried to create new ASP.NET Framework 4.8 MVC + Microsoft.Identity auth template where the `Startup.cs` class was already created out of the box. After I applied my settings, the error remained – nzim Apr 29 '22 at 11:04

0 Answers0