Reputation: 953
Using Passive Authentication in IdentityServer with OWIN in MVC5
I am trying to set up a proof of concept to move our Forms Authentication with a SQL Membership provider into a brokered authentication process. In order to do this, I am planning on leveraging Thinktecture's Identity Server 2 as the identity provider.
I have downloaded IdentityServer 2 and installed it and tried following the instructions from here: http://www.cloudidentity.com/blog/2014/02/20/ws-federation-in-microsoft-owin-componentsa-quick-start/
However, whenever I try to access a controller action which is restricted by the AuthorizeAttribute, I get an HttpResponse of 401 instead of a redirect to the IdentityServer's login page. The Startup.Auth.cs is set up with the following:
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(WsFederationAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = WsFederationAuthenticationDefaults.AuthenticationType
});
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions
{
MetadataAddress = "https://dvancuykidstrial.cloudapp.net/FederationMetadata/2007-06/FederationMetadata.xml"
,Wtrealm = "http://owin2.testing.com/"
,AuthenticationMode = AuthenticationMode.Passive
,BackchannelCertificateValidator = new FakeCertificateValidator()
});
}
}
Incidentally, the FakeCertificateValidator is simply an implemnentation of ICertificateValidator which merely returns true when the Validate function is invoked. This just lets me get past the self-signed certs I'm using for the PoC.
public class FakeCertificateValidator : ICertificateValidator
{
public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
}
Can anyone see what I am doing wrong here?
Upvotes: 3
Views: 5736
Answers (2)
Reputation: 953
I got my answer from here: https://katanaproject.codeplex.com/discussions/551624. The problem turns out to be that I had set the following:
AuthenticationMode = AuthenticationMode.Passive
The differences between the two modes according to the discussions are as follows:
In passive mode the middleware need to be invoked by name. In active mode the middleware will kick in for any 401 response
I had assumed (incorrectly) that the differences between the two modes were more along the lines of: Active and Passive Federation in WIF
Upvotes: 11
Reputation: 12452
I'm using OpenIdConnect instead of Federation but the symptom was the same so maybe this will help. I got my app working after I pulled in the 3.0.0-rc1 OWIN packages from nuGet. Also my proxy settings were not getting picked up for some reason, so I had to add a section to my web.config:
<system.net>
<defaultProxy>
<proxy proxyaddress="http://your.proxy.server.com"/>
</defaultProxy>
</system.net>
Upvotes: 1
Related Questions
- MVC 5 External authentication with authentication mode=Forms
- ASP.Net MVC with Active Directory Authentication using Owin Middleware
- Custom Identity using MVC5 and OWIN
- How to use OWIN forms authentication without aspnet identity
- Custom OWIN authentication
- How do to authenticate a registered user using OWIN & Identity?
- ASP.NET MVC 5 OWIN Area Authentication
- OWIN Authentication with IIS Basic Authentication
- Owin Authentication.SignIn not working
- Mixed authentication for OWIN