I'm implementing both Custom Authentication (for External Users) and Microsoft Authentication (for Internal Users). This is a .net 4.7.2 framework webform project.
I have added a startup.cs to the project.
[assembly: OwinStartup(typeof(AppModelv2_WebApp_OpenIDConnect_DotNet.Startup))]
namespace AppModelv2_WebApp_OpenIDConnect_DotNet
{
public class Startup
{
string clientId = System.Configuration.ConfigurationManager.AppSettings["ClientId"];
string redirectUri = System.Configuration.ConfigurationManager.AppSettings["RedirectUri"];
static string tenant = System.Configuration.ConfigurationManager.AppSettings["Tenant"];
string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings["Authority"], tenant);
/// <summary>
/// Configure OWIN to use OpenIdConnect
/// </summary>
/// <param name="app"></param>
public void Configuration(IAppBuilder app)
{
// Configure Forms Authentication for custom authentication
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
// Configure OpenIdConnectAuthentication for Microsoft login
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = OpenIdConnectScope.OpenIdProfile,
ResponseType = OpenIdConnectResponseType.CodeIdToken,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed
}
});
}
/// <summary>
/// Handle failed authentication requests by redirecting the user to the home page with an error in the query string
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
private Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
context.HandleResponse();
context.Response.Redirect("/?errormessage=" + context.Exception.Message);
return Task.FromResult(0);
}
}
}
Login.aspx.cs
protected void btnInternal_Click(object sender, EventArgs e)
{
HttpContext.Current.GetOwinContext().Authentication.Challenge(
new AuthenticationProperties { RedirectUri = "/" },
OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
protected void btnExternal_Click(object sender, EventArgs e)
{
//Assume validation for username password against db is done
string customUsername = "externaljohn";
ClaimsIdentity customIdentity = new ClaimsIdentity(new List<Claim>
{
new Claim(ClaimTypes.Name, customUsername),
}, "Custom");
HttpContext.Current.GetOwinContext().Authentication.SignIn(customIdentity);
Response.Redirect("Default.aspx");
}
Default.aspx.cs
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
// Get the username
string username = HttpContext.Current.User.Identity.Name;
// Now you can use the 'username' variable as needed
// For example, display it in a label on the page
lblUsername.Text = "Welcome, " + username + "!";
}
This is working fine with Microsoft login. When I click "Internal" button, it will redirect to Microsoft login page where I can enter my office 365 credentials and then it will navigate to Default.aspx page and show username correctly.
However, when I click "External" button, it will redirect to Default.aspx but HttpContext.Current.User.Identity.IsAuthenticated is always false.
I haven't done any changes to web.config except adding the appettings for ClientId, Tenant, authority and redirectUri