Reputation: 205
ASP.NET Forms Authentication user logged out after SSO
I have an ASP.NET Framework website running Forms Authentication where users sign in using their username/password credentials. When the user attempts to access specific areas of the website I need them to verify their identity by using the Microsoft OAuth flow. This works by creating a request to:
login.microsoftonline.com/common/oauth2/authorize/common/oauth2/authorize?client_id=[clientID]&response_type=id_token&amr_values=ngcmfa&response_mode=form_post&scope=openid%20profile%20email&redirect_uri=[returnUrl]&nonce=[token].
This works fine - the user gets redirected to the Microsoft login page and can sign in using their company's policies for MFA etc. However - when the user is redirected back to my site he gets signed out of Forms Authentication. This is probably related to the auth cookie is not present in the request coming back from the external site verification - but why does the user get signed out of his existing context? I get that the post back to my URL is not authenticated as the user (unless I supply some value in the postback) - but why is the existing user signed out from my site? I just want the user to verify their identity via an external provider while still remaining logged into my site.
Upvotes: 0
Views: 36
Answers (0)
Related Questions
- SSO In an old ASP.NET Web Forms website
- ASP.NET forms authentication cross app redirects not working
- Forms Authentication SSO - Why does User.Identity.IsAuthenticated == false
- Forms Authentication ReturnUrl and subdomain for single sign-on
- Google+ sign in and ASP.NET forms authentication, how do I sign out?
- How to preserve authentication for ASP.NET Forms authentication cookie, Http to Https (different domains) and back?
- Can forms authentication ignore returnUrl
- ASP.NET external authentication