K1lleR99
K1lleR99
PostsComments
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
yea I implemented normal jwt auth before the oauth is a new thing for me
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
I'm still researching
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
do u recommend some resources/courses to learn it?
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
feel free bro
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
I saw that pkce word before in the AddOpenIdConnect options but didn't know what it does
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
and added these in the pipeline: 
app.UseAuthentication();
  app.UseAuthorization();
app.UseAuthentication();
  app.UseAuthorization();
and this in the auth controller: 
[AllowAnonymous]
    [HttpGet("ologin")]
    public IActionResult OLogin()
    {
        return Challenge(new AuthenticationProperties
        {
            RedirectUri = "https://localhost:4200" // <-- the angular app,
            

        }, OpenIdConnectDefaults.AuthenticationScheme);
    }
[AllowAnonymous]
    [HttpGet("ologin")]
    public IActionResult OLogin()
    {
        return Challenge(new AuthenticationProperties
        {
            RedirectUri = "https://localhost:4200" // <-- the angular app,
            

        }, OpenIdConnectDefaults.AuthenticationScheme);
    }
but no idea what next
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
in some extensions cs file: 
var authOptions = services.BindValidateReturn<OpenIdOptions>(config);
services.AddOptions<JwtSettings>()
   .BindConfiguration(nameof(JwtSettings))
   .ValidateDataAnnotations()
   .ValidateOnStart();

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
 .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
 {
     //options.LoginPath = "/account/clogin";
 }) // For session-based authentication
 .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
 {
     // Set the identity provider's base URL (this will handle discovery of other endpoints)
     options.Authority = authOptions.Authority;
     options.MetadataAddress = authOptions.MetadataAddress;

     // Client ID and Client Secret for your application
     options.ClientId = authOptions.ClientId;
     options.ClientSecret = authOptions.ClientSecret;

     // Specify the type of OpenID Connect flow (Authorization Code flow in this case)
     options.ResponseType = OpenIdConnectResponseType.Code;

     // Save tokens (access_token, id_token) in the authentication ticket
     options.SaveTokens = true;

     // Handle the callback after login
     options.CallbackPath = authOptions.CallbackPath;
     //options.CallbackPath = "/api/odc/callback";

     //options.ForwardSignIn

     // Fetch user info after authentication
     options.GetClaimsFromUserInfoEndpoint = true;
     //options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

     // Scope includes 'openid' which is required for OpenID Connect
     options.Scope.Add("openid");

     //options.Scope.Add("openid");
     //options.Scope.Add("profile");
     //options.Scope.Add("email");

     options.Events = new OpenIdConnectEvents
     {
         OnRedirectToIdentityProvider = context =>
         {
             context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP");  // Add custom headers for debugging
             return Task.CompletedTask;
         },
         OnAuthenticationFailed = context =>
         {
             // Capture and log more detailed error messages
             context.Response.StatusCode = 500;
             context.HandleResponse();
             return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
         },
         OnAccessDenied = context =>
         {
             // Capture and log more detailed error messages
             context.Response.StatusCode = 403;
             context.HandleResponse();
             return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
         },
         //OnAuthorizationCodeReceived = context =>
         //{
         //    // Capture and log more detailed error messages
         //    context.Response.StatusCode = 200;
         //    context.HandleResponse();
         //    return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
         //},

         OnRemoteFailure = context =>
         {
             // Capture remote failures for better error handling
             context.HandleResponse();

             context.Response.Redirect("/error?message=" + context.Failure?.Message);
             return Task.CompletedTask;
         }
     };


     // JWT Signing algorithm based on metadata
     //options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
     //{
     //    ValidIssuer = authOptions.Authority,
     //    NameClaimType = "email",
     //    RoleClaimType = "role"
     //};
 });
var authOptions = services.BindValidateReturn<OpenIdOptions>(config);
services.AddOptions<JwtSettings>()
   .BindConfiguration(nameof(JwtSettings))
   .ValidateDataAnnotations()
   .ValidateOnStart();

services.AddAuthentication(options =>
{
    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
 .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
 {
     //options.LoginPath = "/account/clogin";
 }) // For session-based authentication
 .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
 {
     // Set the identity provider's base URL (this will handle discovery of other endpoints)
     options.Authority = authOptions.Authority;
     options.MetadataAddress = authOptions.MetadataAddress;

     // Client ID and Client Secret for your application
     options.ClientId = authOptions.ClientId;
     options.ClientSecret = authOptions.ClientSecret;

     // Specify the type of OpenID Connect flow (Authorization Code flow in this case)
     options.ResponseType = OpenIdConnectResponseType.Code;

     // Save tokens (access_token, id_token) in the authentication ticket
     options.SaveTokens = true;

     // Handle the callback after login
     options.CallbackPath = authOptions.CallbackPath;
     //options.CallbackPath = "/api/odc/callback";

     //options.ForwardSignIn

     // Fetch user info after authentication
     options.GetClaimsFromUserInfoEndpoint = true;
     //options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

     // Scope includes 'openid' which is required for OpenID Connect
     options.Scope.Add("openid");

     //options.Scope.Add("openid");
     //options.Scope.Add("profile");
     //options.Scope.Add("email");

     options.Events = new OpenIdConnectEvents
     {
         OnRedirectToIdentityProvider = context =>
         {
             context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP");  // Add custom headers for debugging
             return Task.CompletedTask;
         },
         OnAuthenticationFailed = context =>
         {
             // Capture and log more detailed error messages
             context.Response.StatusCode = 500;
             context.HandleResponse();
             return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
         },
         OnAccessDenied = context =>
         {
             // Capture and log more detailed error messages
             context.Response.StatusCode = 403;
             context.HandleResponse();
             return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
         },
         //OnAuthorizationCodeReceived = context =>
         //{
         //    // Capture and log more detailed error messages
         //    context.Response.StatusCode = 200;
         //    context.HandleResponse();
         //    return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
         //},

         OnRemoteFailure = context =>
         {
             // Capture remote failures for better error handling
             context.HandleResponse();

             context.Response.Redirect("/error?message=" + context.Failure?.Message);
             return Task.CompletedTask;
         }
     };


     // JWT Signing algorithm based on metadata
     //options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
     //{
     //    ValidIssuer = authOptions.Authority,
     //    NameClaimType = "email",
     //    RoleClaimType = "role"
     //};
 });
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
gotcha
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
backend for frontend
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
what is the bff 😅
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
I see Identity.External in the cookies about no idea what it does or how to handle
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
could be anything I have no idea about the correct way yet
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
there is admin frontend app and normal client frontend app connected to the backend app service they r diff sub domains
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
code: 
services.AddAuthentication(options =>
 {
     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
 })
  .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
  {
      //options.LoginPath = "/account/clogin";
  }) // For session-based authentication
  .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
  {
      // Set the identity provider's base URL (this will handle discovery of other endpoints)
      options.Authority = authOptions.Authority;
      options.MetadataAddress = authOptions.MetadataAddress;

      // Client ID and Client Secret for your application
      options.ClientId = authOptions.ClientId;
      options.ClientSecret = authOptions.ClientSecret;

      // Specify the type of OpenID Connect flow (Authorization Code flow in this case)
      options.ResponseType = OpenIdConnectResponseType.Code;

      // Save tokens (access_token, id_token) in the authentication ticket
      options.SaveTokens = true;

      // Handle the callback after login
      options.CallbackPath = authOptions.CallbackPath;
      //options.CallbackPath = "/api/odc/callback";

      //options.ForwardSignIn

      // Fetch user info after authentication
      options.GetClaimsFromUserInfoEndpoint = true;
      //options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

      // Scope includes 'openid' which is required for OpenID Connect
      options.Scope.Add("openid");

      //options.Scope.Add("openid");
      //options.Scope.Add("profile");
      //options.Scope.Add("email");

      options.Events = new OpenIdConnectEvents
      {
          OnRedirectToIdentityProvider = context =>
          {
              context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP");  // Add custom headers for debugging
              return Task.CompletedTask;
          },
          OnAuthenticationFailed = context =>
          {
              // Capture and log more detailed error messages
              context.Response.StatusCode = 500;
              context.HandleResponse();
              return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
          },
          OnAccessDenied = context =>
          {
              // Capture and log more detailed error messages
              context.Response.StatusCode = 403;
              context.HandleResponse();
              return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
          },
          //OnAuthorizationCodeReceived = context =>
          //{
          //    // Capture and log more detailed error messages
          //    context.Response.StatusCode = 200;
          //    context.HandleResponse();
          //    return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
          //},

          OnRemoteFailure = context =>
          {
              // Capture remote failures for better error handling
              context.HandleResponse();

              context.Response.Redirect("/error?message=" + context.Failure?.Message);
              return Task.CompletedTask;
          }
      };


      // JWT Signing algorithm based on metadata
      //options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
      //{
      //    ValidIssuer = authOptions.Authority,
      //    NameClaimType = "email",
      //    RoleClaimType = "role"
      //};
  });
services.AddAuthentication(options =>
 {
     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
 })
  .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
  {
      //options.LoginPath = "/account/clogin";
  }) // For session-based authentication
  .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
  {
      // Set the identity provider's base URL (this will handle discovery of other endpoints)
      options.Authority = authOptions.Authority;
      options.MetadataAddress = authOptions.MetadataAddress;

      // Client ID and Client Secret for your application
      options.ClientId = authOptions.ClientId;
      options.ClientSecret = authOptions.ClientSecret;

      // Specify the type of OpenID Connect flow (Authorization Code flow in this case)
      options.ResponseType = OpenIdConnectResponseType.Code;

      // Save tokens (access_token, id_token) in the authentication ticket
      options.SaveTokens = true;

      // Handle the callback after login
      options.CallbackPath = authOptions.CallbackPath;
      //options.CallbackPath = "/api/odc/callback";

      //options.ForwardSignIn

      // Fetch user info after authentication
      options.GetClaimsFromUserInfoEndpoint = true;
      //options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

      // Scope includes 'openid' which is required for OpenID Connect
      options.Scope.Add("openid");

      //options.Scope.Add("openid");
      //options.Scope.Add("profile");
      //options.Scope.Add("email");

      options.Events = new OpenIdConnectEvents
      {
          OnRedirectToIdentityProvider = context =>
          {
              context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP");  // Add custom headers for debugging
              return Task.CompletedTask;
          },
          OnAuthenticationFailed = context =>
          {
              // Capture and log more detailed error messages
              context.Response.StatusCode = 500;
              context.HandleResponse();
              return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
          },
          OnAccessDenied = context =>
          {
              // Capture and log more detailed error messages
              context.Response.StatusCode = 403;
              context.HandleResponse();
              return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
          },
          //OnAuthorizationCodeReceived = context =>
          //{
          //    // Capture and log more detailed error messages
          //    context.Response.StatusCode = 200;
          //    context.HandleResponse();
          //    return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
          //},

          OnRemoteFailure = context =>
          {
              // Capture remote failures for better error handling
              context.HandleResponse();

              context.Response.Redirect("/error?message=" + context.Failure?.Message);
              return Task.CompletedTask;
          }
      };


      // JWT Signing algorithm based on metadata
      //options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
      //{
      //    ValidIssuer = authOptions.Authority,
      //    NameClaimType = "email",
      //    RoleClaimType = "role"
      //};
  });
48 replies