locked
Open ID in existing web forms application RRS feed

  • Question

  • User-897025274 posted

    I am looking to change current web application authentication from siteminder to openid.<br>
    we have internal authentocation server and i need to redirect for authentication<br>
    The samples avilable are mostly for core and mvc.any Simple demo for this openid implementation in asp.net web app?<br>
    please advice.
    Sunday, June 3, 2018 9:36 AM

All replies

  • User409696431 posted

    You will find many results if you google for "implement openid in web forms application".   One example is: https://blogs.msdn.microsoft.com/webdev/2012/09/12/integrate-openauthopenid-with-your-existing-asp-net-application-using-universal-providers/

    Sunday, June 3, 2018 7:38 PM
  • User-897025274 posted
    Thanks for the update.
    Following is the requirement.
    Application :asp.net web forms
    Authorization server:our internal server for which I have subscribed and having consumer key and secret.
    My app should launch auth server login page when user hits app url and get authentication.
    But the samples all about social media login, register user etc.
    My requirement is to secure my web forms app using already avialable authorization servers.
    Any sample/direction to learn will be helpful
    Monday, June 4, 2018 11:12 AM
  • User475983607 posted

    krishkumar_s

    Thanks for the update.
    Following is the requirement.
    Application :asp.net web forms
    Authorization server:our internal server for which I have subscribed and having consumer key and secret.
    My app should launch auth server login page when user hits app url and get authentication.
    But the samples all about social media login, register user etc.
    My requirement is to secure my web forms app using already avialable authorization servers.
    Any sample/direction to learn will be helpful

    It is impossible to answer this question as we have no idea how your authorization server works or what Open ID scope you are trying to implement.  Perhaps there is someone in your organization that you can ask for assistance?

    A common flow for a web app is the app redirects to the authentication server when a secured resource is requested by the browser.  The redirect passes the key, secret, and redirect URL to the authentication server.  The auth server validates the key, secret, and redirect URL which is commonly signed by a cert (JWT) or encrypted and redirects the login page.  The user enters their username and password.  A successful authentication cause a redirect back the web app.  The web app validates the response token and creates a auth cookie for use in the web app.

    There are generic Open ID NuGet packages that might work but you need to know how your auth server works and what scope you need to implement.

    https://www.nuget.org/packages/Microsoft.Owin.Security.OpenIdConnect

    https://openid.net/specs/openid-connect-basic-1_0.html

    Monday, June 4, 2018 2:56 PM
  • User-897025274 posted
    client credentials,certificate,authorization code,implicit grant were the types supported.i have a local sample which redirects to auth server and fails when the web app tries to get access token over auth code.
    Monday, June 4, 2018 3:08 PM
  • User475983607 posted

    krishkumar_s

    client credentials,certificate,authorization code,implicit grant were the types supported.i have a local sample which redirects to auth server and fails when the web app tries to get access token over auth code.

    You listed OAuth terms which is not very helpful.

    Keep in mind that we cannot see your code and the phrase "auth server and fails when the web app tries to get access token over auth code." is too vague to hazard a guess.   What fails?  Are you by chance using IdentityServer? 

    I would contact the owners of the authentication server and ask for assistance or read the support docs. 

    Monday, June 4, 2018 3:34 PM
  • User-897025274 posted
    Thanks for the advice.
    Monday, June 4, 2018 3:45 PM