DEVHIDE
Login Or Sign up

Authentication.Challenge not working with ApiController

1.5k Views Asked by At

With ApiController, Authentication.Challenge not prompting Microsoft login for SSO. it executes SignIn action method, with out any errors. If I change from ApiController to Controller then it's prompting. does any one know how to prompt for Microsoft login using ApiController?

public class ValuesController : ApiController
{
    [System.Web.Http.Route("api/values/signin")]
    [System.Web.Http.HttpGet]
    public void SignIn()
    {
        if (!System.Web.HttpContext.Current.Request.IsAuthenticated)
        {
            HttpContext.Current.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }
}  


public class ValuesController : Controller
{
    public void SignIn()
    {
        if (!System.Web.HttpContext.Current.Request.IsAuthenticated)
        {
            HttpContext.Current.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }
}
single-sign-on .net-framework-version asp.net-apicontroller owin-middleware owin-security
Original Q&A
1

There are 1 best solutions below

0
Alexander Lysenko On

We also faced a similar problem on our product.

The issue was the following: Challenge sets 401 status code for current response, which is later handled by a responsible OWIN Middleware, so if status code is not 401 the middleware won't handle the response and won't trigger the redirect.

But the default behavior of void action of ApiController sets 204 response status code. Therefore 401 is overwritten with 204, as a result nothing happens.

So there are several solutions:

  1. Don't use ApiController if you can
  2. Use ApiController but not void action. Use for example something like this
public ActionResult SignIn()
{
    HttpContext.Current.GetOwinContext().Authentication.Challenge(...);
    return new HttpStatusCodeResult(HttpContext.GetOwinContext().Response.StatusCode);
}
  1. If you have to use a void method and ApiController then you can end the response and then the status code won't be modified.
public void SignIn()
{
    HttpContext.Current.GetOwinContext().Authentication.Challenge(...);
    System.Web.HttpContext.Current.Response.End();
}

Related Questions in SINGLE-SIGN-ON

Related Questions in .NET-FRAMEWORK-VERSION

Related Questions in ASP.NET-APICONTROLLER

Related Questions in OWIN-MIDDLEWARE

Related Questions in OWIN-SECURITY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.