Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CookieAuthenticationOptions.LoginPath value not used when also using app.UseOpenIdConnectAuthentication

Tags:

asp.net-mvc

openid-connect

owin

azure-active-directory

I am using OWIN middleware for cookie authentication and openIdConnect. Before I added openIdConnect authentication to my startup auth code the cookie authentication option, LoginPath was used as the destination for redirecting unauthenticated users. This worked really well and is the functionality I would like to keep.

However, when I added app.UseOpenIdConnectAuthentication to my project, it started automatically redirecting unauthenticated users to my OpenIdConnect Authority (https://login.windows.net/).

Is there a way I can disable OpenIdConnectAuthentication setting the redirect path for unauthenticated users and rely on the LoginPath set for cookie authentication? My current work around is to manually set the redirect path in my authorize attribute, but I would like to let OWIN middleware handle this if possible.

Thanks.

Code:

public void ConfigureAuth(IAppBuilder app)
    {
        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        var cookieOptions = new CookieAuthenticationOptions();
        cookieOptions.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie;
        cookieOptions.LoginPath = new PathString("/Account/Login");

        app.SetDefaultSignInAsAuthenticationType(cookieOptions.AuthenticationType);

        app.UseCookieAuthentication(cookieOptions);

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = FranchiseAuthType,
            ClientId = franchiseClientId,
            Authority = FranchiseAuthority,
            PostLogoutRedirectUri = postLogoutRedirectUri,
        });
}
like image 746
amayer171292591 Avatar asked Jan 08 '23 13:01

amayer171292591

2 Answers

I'm not sure if you were able to resolve this issue, but what you want to do it is add 

AuthenticationMode = AuthenticationMode.Passive

To your authentication options. This will make the OpenIdConnect authentication rely solely on your code to make calls to it. I believe this is what you intend to happen.

So your new code should look like this:

public void ConfigureAuth(IAppBuilder app)
{
    // Enable the application to use a cookie to store information for the signed in user
    // and to use a cookie to temporarily store information about a user logging in with a third party login provider
    var cookieOptions = new CookieAuthenticationOptions();
    cookieOptions.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie;
    cookieOptions.LoginPath = new PathString("/Account/Login");

    app.SetDefaultSignInAsAuthenticationType(cookieOptions.AuthenticationType);

    app.UseCookieAuthentication(cookieOptions);

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        AuthenticationType = FranchiseAuthType,
        AuthenticationMode = AuthenticationMode.Passive,
        ClientId = franchiseClientId,
        Authority = FranchiseAuthority,
        PostLogoutRedirectUri = postLogoutRedirectUri,
    });
 }
like image 152
Sean Hallinan Avatar answered Feb 13 '23 06:02

Sean Hallinan

EDIT: This looked like it fixed my problems but it caused a more serious issue than the one it fixed. If I set use cookies after use open Id connect then my openidconnect notifications will have a null sessions HttpContext.Current.Session and after authentication my authentication result is not stored in the cookie.

Whichever authentication is added last becomes the authoritative source for setting the redirect path for unauthenticated uses.

By moving

app.UseCookieAuthentication();

After app.UseOpenIdConnectAuthentication() the desired behavior was achieved.

public void ConfigureAuth(IAppBuilder app)
{
    // Enable the application to use a cookie to store information for the signed in user
    // and to use a cookie to temporarily store information about a user logging in with a third party login provider
    var cookieOptions = new CookieAuthenticationOptions();
    cookieOptions.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie;
    cookieOptions.LoginPath = new PathString("/Account/Login");

    app.SetDefaultSignInAsAuthenticationType(cookieOptions.AuthenticationType);



    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        AuthenticationType = FranchiseAuthType,
        ClientId = franchiseClientId,
        Authority = FranchiseAuthority,
        PostLogoutRedirectUri = postLogoutRedirectUri,
    });
    //move this after UseOpenIdConnectAuthentication and the LoginPath 
    //value is used for redirecting unauthenticated users
    app.UseCookieAuthentication(cookieOptions);

}

like image 45
amayer171292591 Avatar answered Feb 13 '23 05:02

amayer171292591
Sign in to Comment

Related questions

Code generated using the T4 templates for Database First and Model First development may not work correctly if used in Code First mode [duplicate]
server cannot set status after http headers have been sent
The model item passed into the dictionary is of type 'System.Data.Entity.Infrastructure.DbQuery', but this dictionary requires a model item of type B
Convert view model data to json
asp.net mvc how to pass full model from view to controller
User profile image asp.net mvc identity
MVC @html.Actionlink include html i tag
Best practice on forming links to MVC /controller/actions
How to get error status code in ASP.NET MVC
Custom Attribute - getting "not a valid named attribute argument" for an enum
If condition in @Html.DisplayFor
MVC Display Template for multiple models
Two IdentityDbContext in the same database
How to get the 'Value' using 'Key' from json in Javascript/Jquery
Long running method in controller action - MVC [duplicate]
Render partial views located on remote server
Passing A List Of Objects Into An ActionResult MVC Controller Method Using jQuery Ajax
SignalR: Is it possible to force a connection to use a specific transport on the server side as the connection is established?
Attempt by method ... HttpConfiguration ... to access method ... DefaultFormatters ... failed
How to show Display Name for foreign key fields in ASP.NET MVC

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!