1

Hi Following from my previous question I need to rediect the user to the login page if the access and refresh token is expired. The problem is that I don't know how to get the address of the login page without hard coding it.

    public async Task<ActionResult> Shouts()
    {
        var authServerInfo = await this.GetAuthenticationServerInfo();
        var accessToken = await HttpContext.GetTokenAsync("access_token");

        var tokenClient = new TokenClient(authServerInfo.TokenEndpoint, "AuthTest_Code", "secret");
        using (var client = new HttpClient())
        {
            client.SetBearerToken(accessToken);
            var content = await client.GetStringAsync("http://localhost:5002/api/Values/Get");
            var data = JsonConvert.DeserializeObject<List<String>>(content);
            return View("Shouts", data);
        }            
    }
David
  • 5,403
  • 15
  • 42
  • 72

2 Answers2

0

You could add it as a setting in your appsettings.json file.

I have several ADFS settings stored in this file. An example of how it could look like is this:

{
    "PublicUrl": "BASE_URL_HERE",
    "ConnectionStrings": {
        //Connection strings here
    },
    "ApplicationInsights": {
        "InstrumentationKey": "APPINSIGHTS_INSTRUMENTATIONKEY_HERE"
    },
    "Logging": {
        "IncludeScopes": false,
        "LogLevel": {
            "Default": "Error",
            "Microsoft": "Warning",
            "Roxit": "Warning"
        }
    },
    "Authentication": {
        "AdfsBaseUrl": "ADFS_BASEURL_HERE",
        "AdfsLogout": "ADFS_LOGOUT_URL_HERE",
        "AdfsLogin": "ADFS_LOGIN_URL_HERE",
    }
}

As you can see I have a logout and login url. How to retrieve these configuration settings in your code you can read here: How to read AppSettings values from Config.json in ASP.NET Core

JKL
  • 978
  • 7
  • 21
  • what would that setting be? – David Nov 14 '18 at 09:27
  • That won't help I recently tried to redirect to rhe login page usingRedirect("http://localhost:5000/account/login); but I needed to build my return url in the query string and that failed. – David Nov 14 '18 at 10:07
  • Can't you do something like `return Redirect("localhost:5000/account/login");`? – JKL Nov 14 '18 at 10:48
  • the redirect url looks like this http://localhost:5000/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DAuthTest_Code%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A5001%252Fsignin-oidc%26response_type%3Did_token%2520code%26scope%3Dopenid%2520profile%2520TestAPI%2520offline_access%2520email%26response_mode%3Dform_post%26nonce%3D636777920187979812.ZTIxNTFhNTQtOTA0ZC00NzBhLWFiYTgtMzlhNTA0ZDBlZjQzMmUxY2FjM2ItYzcwOC00NTUzLTkyZmU I don't know how to build this from scratch – David Nov 14 '18 at 11:38
0

In ASP.Net you'd typically let the cookie authentication middleware handle this - i.e. if you do a HttpContext.SignOut("...my cookie scheme...") or the cookie expires then the next request to a secured action will automatically redirect to the login URL associated with that scheme.

It's also worth noting that the intention of OpenID Connect is that you'd align the session/auth cookie lifetime of your client web application to that of the IDP session and NOT to the lifetime of an access_token which would typically be much shorter (and renewed silently using a refresh token in a server-side application like this).

Check out the session management optional spec here:

https://openid.net/specs/openid-connect-session-1_0.html

You are of course free to define your own rules for how often an end user of your client must authenticate. You can use the max_age or prompt=login authorize endpoint arguments to force interactive authentication and then check the auth_time claim in the client app to verify that the user was indeed recently authenticated.

To pass additional parameters using the normal .Net Core 1.1 middleware it might looks like the following (2.x may be slightly different):

//Initialising OpenIdConnectEvents...
OnRedirectToIdentityProvider = context => {
    //context.Properties is of type AuthenticationProperties which can be passed via the Challenge() method.
    if(context.Properties.Items.ContainsKey("prompt"))
        context.ProtocolMessage.Prompt = context.Properties.Items["prompt"];
}
mackie
  • 4,996
  • 1
  • 17
  • 17
  • Just to be clear the way I should handle this is to logoff then redirect to my action. This should redirect me to the login page. THe only problem with this is the logoff is not seamless. I need to go to my Auth server logoff page first. – David Nov 14 '18 at 14:18
  • 1
    @David only if you want to sign out of your auth server too but it doesn't make sense to do that just because a token it issued has expired. – mackie Nov 14 '18 at 15:09
  • If you can write a small code snippet in asp.net core on how to pass "prompt=login" I'll give you the tick. – David Nov 15 '18 at 06:55
  • I tried this.I used await HttpContext.ChallengeAsync("oidc", prop); tp redirect to the Auth server but it just skips I cannot get the auth server login page to display – David Nov 20 '18 at 18:46
  • @David Do you have the URL it redirects to to hand? – mackie Nov 20 '18 at 22:19
  • do you mean something like this Redirect("localhost:5000/account/login)? – David Nov 22 '18 at 16:26
  • @David no I mean the network trace from your browser - we need to analyse the authorize request parameters to see if the correct stuff is being sent over – mackie Nov 22 '18 at 16:47