K1lleR99
K1lleR99
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
yea I implemented normal jwt auth before the oauth is a new thing for me
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
I'm still researching
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
do u recommend some resources/courses to learn it?
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
feel free bro
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
I saw that pkce word before in the AddOpenIdConnect options but didn't know what it does
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
and added these in the pipeline:
app.UseAuthentication();
app.UseAuthorization();
app.UseAuthentication();
app.UseAuthorization();
and this in the auth controller:
[AllowAnonymous]
[HttpGet("ologin")]
public IActionResult OLogin()
{
return Challenge(new AuthenticationProperties
{
RedirectUri = "https://localhost:4200" // <-- the angular app,


}, OpenIdConnectDefaults.AuthenticationScheme);
}
[AllowAnonymous]
[HttpGet("ologin")]
public IActionResult OLogin()
{
return Challenge(new AuthenticationProperties
{
RedirectUri = "https://localhost:4200" // <-- the angular app,


}, OpenIdConnectDefaults.AuthenticationScheme);
}
but no idea what next
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
in some extensions cs file:
var authOptions = services.BindValidateReturn<OpenIdOptions>(config);
services.AddOptions<JwtSettings>()
.BindConfiguration(nameof(JwtSettings))
.ValidateDataAnnotations()
.ValidateOnStart();

services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//options.LoginPath = "/account/clogin";
}) // For session-based authentication
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Set the identity provider's base URL (this will handle discovery of other endpoints)
options.Authority = authOptions.Authority;
options.MetadataAddress = authOptions.MetadataAddress;

// Client ID and Client Secret for your application
options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret;

// Specify the type of OpenID Connect flow (Authorization Code flow in this case)
options.ResponseType = OpenIdConnectResponseType.Code;

// Save tokens (access_token, id_token) in the authentication ticket
options.SaveTokens = true;

// Handle the callback after login
options.CallbackPath = authOptions.CallbackPath;
//options.CallbackPath = "/api/odc/callback";

//options.ForwardSignIn

// Fetch user info after authentication
options.GetClaimsFromUserInfoEndpoint = true;
//options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

// Scope includes 'openid' which is required for OpenID Connect
options.Scope.Add("openid");

//options.Scope.Add("openid");
//options.Scope.Add("profile");
//options.Scope.Add("email");

options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP"); // Add custom headers for debugging
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 500;
context.HandleResponse();
return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
},
OnAccessDenied = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 403;
context.HandleResponse();
return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
},
//OnAuthorizationCodeReceived = context =>
//{
// // Capture and log more detailed error messages
// context.Response.StatusCode = 200;
// context.HandleResponse();
// return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
//},

OnRemoteFailure = context =>
{
// Capture remote failures for better error handling
context.HandleResponse();

context.Response.Redirect("/error?message=" + context.Failure?.Message);
return Task.CompletedTask;
}
};


// JWT Signing algorithm based on metadata
//options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
//{
// ValidIssuer = authOptions.Authority,
// NameClaimType = "email",
// RoleClaimType = "role"
//};
});
var authOptions = services.BindValidateReturn<OpenIdOptions>(config);
services.AddOptions<JwtSettings>()
.BindConfiguration(nameof(JwtSettings))
.ValidateDataAnnotations()
.ValidateOnStart();

services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//options.LoginPath = "/account/clogin";
}) // For session-based authentication
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Set the identity provider's base URL (this will handle discovery of other endpoints)
options.Authority = authOptions.Authority;
options.MetadataAddress = authOptions.MetadataAddress;

// Client ID and Client Secret for your application
options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret;

// Specify the type of OpenID Connect flow (Authorization Code flow in this case)
options.ResponseType = OpenIdConnectResponseType.Code;

// Save tokens (access_token, id_token) in the authentication ticket
options.SaveTokens = true;

// Handle the callback after login
options.CallbackPath = authOptions.CallbackPath;
//options.CallbackPath = "/api/odc/callback";

//options.ForwardSignIn

// Fetch user info after authentication
options.GetClaimsFromUserInfoEndpoint = true;
//options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

// Scope includes 'openid' which is required for OpenID Connect
options.Scope.Add("openid");

//options.Scope.Add("openid");
//options.Scope.Add("profile");
//options.Scope.Add("email");

options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP"); // Add custom headers for debugging
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 500;
context.HandleResponse();
return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
},
OnAccessDenied = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 403;
context.HandleResponse();
return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
},
//OnAuthorizationCodeReceived = context =>
//{
// // Capture and log more detailed error messages
// context.Response.StatusCode = 200;
// context.HandleResponse();
// return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
//},

OnRemoteFailure = context =>
{
// Capture remote failures for better error handling
context.HandleResponse();

context.Response.Redirect("/error?message=" + context.Failure?.Message);
return Task.CompletedTask;
}
};


// JWT Signing algorithm based on metadata
//options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
//{
// ValidIssuer = authOptions.Authority,
// NameClaimType = "email",
// RoleClaimType = "role"
//};
});
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
gotcha
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
backend for frontend
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
what is the bff 😅
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
I see Identity.External in the cookies about no idea what it does or how to handle
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
could be anything I have no idea about the correct way yet
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
there is admin frontend app and normal client frontend app connected to the backend app service they r diff sub domains
48 replies
CC#
Created by K1lleR99 on 9/10/2024 in #help
If I handled the SSO oauth as client in the backend [ASP.NET] how to integrate it with the frontend?
code:
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//options.LoginPath = "/account/clogin";
}) // For session-based authentication
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Set the identity provider's base URL (this will handle discovery of other endpoints)
options.Authority = authOptions.Authority;
options.MetadataAddress = authOptions.MetadataAddress;

// Client ID and Client Secret for your application
options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret;

// Specify the type of OpenID Connect flow (Authorization Code flow in this case)
options.ResponseType = OpenIdConnectResponseType.Code;

// Save tokens (access_token, id_token) in the authentication ticket
options.SaveTokens = true;

// Handle the callback after login
options.CallbackPath = authOptions.CallbackPath;
//options.CallbackPath = "/api/odc/callback";

//options.ForwardSignIn

// Fetch user info after authentication
options.GetClaimsFromUserInfoEndpoint = true;
//options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

// Scope includes 'openid' which is required for OpenID Connect
options.Scope.Add("openid");

//options.Scope.Add("openid");
//options.Scope.Add("profile");
//options.Scope.Add("email");

options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP"); // Add custom headers for debugging
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 500;
context.HandleResponse();
return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
},
OnAccessDenied = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 403;
context.HandleResponse();
return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
},
//OnAuthorizationCodeReceived = context =>
//{
// // Capture and log more detailed error messages
// context.Response.StatusCode = 200;
// context.HandleResponse();
// return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
//},

OnRemoteFailure = context =>
{
// Capture remote failures for better error handling
context.HandleResponse();

context.Response.Redirect("/error?message=" + context.Failure?.Message);
return Task.CompletedTask;
}
};


// JWT Signing algorithm based on metadata
//options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
//{
// ValidIssuer = authOptions.Authority,
// NameClaimType = "email",
// RoleClaimType = "role"
//};
});
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
{
//options.LoginPath = "/account/clogin";
}) // For session-based authentication
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// Set the identity provider's base URL (this will handle discovery of other endpoints)
options.Authority = authOptions.Authority;
options.MetadataAddress = authOptions.MetadataAddress;

// Client ID and Client Secret for your application
options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret;

// Specify the type of OpenID Connect flow (Authorization Code flow in this case)
options.ResponseType = OpenIdConnectResponseType.Code;

// Save tokens (access_token, id_token) in the authentication ticket
options.SaveTokens = true;

// Handle the callback after login
options.CallbackPath = authOptions.CallbackPath;
//options.CallbackPath = "/api/odc/callback";

//options.ForwardSignIn

// Fetch user info after authentication
options.GetClaimsFromUserInfoEndpoint = true;
//options.ForwardSignIn = CookieAuthenticationDefaults.AuthenticationScheme;

// Scope includes 'openid' which is required for OpenID Connect
options.Scope.Add("openid");

//options.Scope.Add("openid");
//options.Scope.Add("profile");
//options.Scope.Add("email");

options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
context.HttpContext.Response.Headers.Add("OIDC-DEBUG", "Redirecting to IDP"); // Add custom headers for debugging
return Task.CompletedTask;
},
OnAuthenticationFailed = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 500;
context.HandleResponse();
return context.Response.WriteAsync("Authentication failed: " + context.Exception.Message);
},
OnAccessDenied = context =>
{
// Capture and log more detailed error messages
context.Response.StatusCode = 403;
context.HandleResponse();
return context.Response.WriteAsync("Access denied: " + context.Result.ToString());
},
//OnAuthorizationCodeReceived = context =>
//{
// // Capture and log more detailed error messages
// context.Response.StatusCode = 200;
// context.HandleResponse();
// return context.Response.WriteAsync("Authorization code received: " + context.TokenEndpointRequest.Code);
//},

OnRemoteFailure = context =>
{
// Capture remote failures for better error handling
context.HandleResponse();

context.Response.Redirect("/error?message=" + context.Failure?.Message);
return Task.CompletedTask;
}
};


// JWT Signing algorithm based on metadata
//options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
//{
// ValidIssuer = authOptions.Authority,
// NameClaimType = "email",
// RoleClaimType = "role"
//};
});
48 replies