.NET Framework, OIDC; How to properly authenticate a user in an authorization code based sign-in flow?

Question

I am attempting to use OIDC to outsource the work of authorization/Authentication on a project. After following a Microsoft tutorial located here, I made my application Redirect to an IP Successfully, but when it redirects back to the client the user is not authenticated.

In other examples from what I’ve seen the user is authenticated and you can access any basic user data that you need in the HTTP Headers. (all I would need is the user’s email, I’ve tested a method that could finish signing the user in with said email)

I don’t know why but my user isn’t being authenticated. The last comment I got from an architect (before he transferred out) was that I should try overriding the messagedRecieved function in the startup class after updating the responseType to code. I was told to look up how to override it but I haven’t been able to find it.

The only promising documentation on that was what I found here, which basically just says the process is hard.

from link:

For example, you might use MessageReceived for handling response_types that the middleware currently does not automatically process, like a sign-in flow based on authorization code. That’s not an easy endeavor, and as such not very common, but some advanced scenarios will sometimes require it, and this extensibility model makes doing so possible.

Here is what I currently have.

“

versioning information

 <compilation targetFramework="4.8" debug="true" />
    <httpRuntime targetFramework="4.5.1" />

Despite me scouring the internet, (very possible I’m blind) I haven’t found what code I’m supposed to use to properly override that function so I can hit the Token endpoint. I think that’s what I need to do based on this image I found. If you have a different way for me to hit the token endpoint, I'm all ears. here

this was the closest stack oveflow I found but it didn't go into any syntax which is what I need.

Pretty new to auth in general. did the best I could with research, and I think I'm asking the right question. Any help or even direction towards documentation of exactly how to do this would be greatly appreciated.

What are you actually trying to achieve/Do? Usually you don't need to override MessageReceived. Why do you want to do it? — Tore Nestenius, Nov 29 '22 at 14:38
I don't know that I want to do it to be honest. That's what I was told was the right way "for handling response types that the middleware currently does not automatically process, like a sign-in flow based on authorization code." (exactly my case) but if you have a different way of handling the sign-in flow, great. Maybe my problem is that my token endpoint is null under the protocol message? — Sagick, Nov 29 '22 at 14:44
That I think is the problem, as many solutions are custom, so there is not a one right answer here. it all depends and as there are many moving parts here, it is also a bit dangerous if you don't understand what is going on here. :-) Unfortunatly, it is a bit hard to give a full tutorial here over the chat :-) — Tore Nestenius, Nov 29 '22 at 14:51
is there a method that you recommend that i pursue to figure this out? — Sagick, Nov 29 '22 at 17:04
I recommend looking at some tutorials or online or in person training in the subject, its really important to understand how this work if you want your business to depend on it. I do training like that. — Tore Nestenius, Nov 29 '22 at 20:12
so I evidenced in my question that I have tried to look this up several times with multiple links. I was wondering if you knew of a specific tutorial that I haven't found yet. — Sagick, Nov 29 '22 at 20:48
no, cant't recommend a specific tutorials, its so many things involved, so you will need multiple tutorials :-) — Tore Nestenius, Nov 30 '22 at 08:53
You need to share your code using github to get a help. Anyway as a summary, Do you need a c# ssr app with Microsoft Login? Also remember that netframework is deprecated. You should use netcore. — JRichardsz, Dec 04 '22 at 14:53
.NET FX is not deprecated. Please look at https://learn.microsoft.com/en-us/lifecycle/products/microsoft-net-framework. — AlfredoRevilla-MSFT, Dec 07 '22 at 19:00

score 1 · Accepted Answer · answered Dec 06 '22 at 14:06

Sometimes intellisense is more usable than documentation. Turns out that microsoft.owen.security.openidconnect 4.2.2.0 has been updated much more recently than this article. I'll see if I can message Microsoft about updating that documentation.

but from what I can tell, in order to get the JWT ID token when using code as a response type you need to use the OpenIDConnectAuthenticationOptions.RedeemCode value and set it to true. Here is the description from the library comments:

When set to true the authorization code will be redeemed for tokens at the token endpoint. This property is set to false by default.

After that it's just a matter of decoding your JWT. Here's a link with more information in case anyone else runs into the same problem.

Code flow support for OpenIdConnect was added in 4.1.0. Documentation, as stated by its header and date (2015), is completely out of date. For a brief list of changes please take a look at https://github.com/aspnet/AspNetKatana/wiki/Roadmap#410-release-november-2019. — AlfredoRevilla-MSFT, Dec 07 '22 at 19:16

.NET Framework, OIDC; How to properly authenticate a user in an authorization code based sign-in flow?

1 Answers1