Reputation: 31
OpenIdConnectAuthentication SaveTokens makes Request.IsAuthenticated = false
My application is an ASP.NET (.net framework 4.7) web forms app and I am using CookieAuthentication and OpenIdConnect authentication to authenticate against Azure Active Directory. I also need to retrieve access_token in order to call a downstream API.
The corresponding app registrations are created and configured. The Client app registration has both: issue Access Tokens and ID tokens, and the API app registration has a configured scope that is added in my client app OpenIdConnectAuthentication configuration.
So far it looks like the first part of the workflow (authenticating the user to access the web forms app) is working just fine, an even when I add "RedeemToken = true" in my OpenIdCOnnectAuthentication middleware, the application still seems fine with no issues. However, as soon as I set "SaveTokens = true" my "Request.IsAuthenticated" property is always "false".
Below is my current configuration:
OWIN Middleware Configuration
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
CookieManager = new SystemWebCookieManager()
});
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
ClientSecret = "clientSecret",
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
RedirectUri = postLogoutRedirectUri,
ResponseType = OpenIdConnectResponseType.Code,
SaveTokens = true,
Scope = "openid offline_access api://<api>/api-access",
RedeemCode = true
});
Checking if the Request is authenticated to then retrieve the access_token
protected void Page_Load(object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
var result = Request.GetOwinContext().Authentication.AuthenticateAsync("Cookies").Result;
string token = result.Properties.Dictionary["access_token"];
}
}
If I remove "SaveTokens = true" then Request.IsAuthenticated is set up properly but I cannot access tokens.
Any idea how SaveTokens might be impacting the value of Request.IsAuthenticated or what I am doing wrong?
Thanks in advance.
Upvotes: 0
Views: 557
Answers (0)
Related Questions
- LWA Rotation in C# code - Access token is missing in the request header
- How to acquire new oauth2 AccessToken with refresh token
- Calling Graph API for Teams after user has logged in with Azure AD Authentication
- How to handle multiple single tenant app registrations in Azure AD in OWIN
- AcquireToken(string resource, string clientId, UserCredential userCredential) not working for Azure Authentication
- SSO Request.IsAuthenticated is always false after the first Login, however the first SSO login works fine
- How can create userManager directly with 'id_token', 'access_token', expiry etc.?
- OWIN OpenId Authentication - Active Session after logout
- How to make ASP.NET create authenticated session with Owin OpenId Connect library?
- Asp redirects to Login even though Request.IsAuthenticated = true (using windows authentication)