Search code examples
c#asp.netvb.netowinopenid-connect

Microsoft OpenIdConnect Owin Response

I will apologise now if there is a really obvious answer to this!

I have a simple test project that signs a user in using openid connect and azure. The sign in and sign out work.

What I cant figure out is how to read the response body so I can determine who the logged in user is.

I am guessing there is some sort of async handler I have to add to the middleware to receive the response but I cant find any examples on how to do that. My code is in VB but I am happy with examples in C#, I just can't find any.

Can someone point me to some examples that show how the response is collected please?

Many thanks, Mike

My code is below.

signin.aspx

<%@ Page Title="" Language="VB" MasterPageFile="~/masterpage/MasterPage.master" AutoEventWireup="false" CodeFile="signin.aspx.vb" Inherits="signin" %>

<asp:Content ID="Content1" ContentPlaceHolderID="HeaderPlaceHolder" Runat="Server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="FCKBodyTopPlaceHolder" Runat="Server">
</asp:Content>
<asp:Content ID="Content3" ContentPlaceHolderID="BodyPlaceHolder" Runat="Server">
    
         <form runat="server" >
              <div>
            <asp:Button runat="server" ID="btnSignIn" Text="Sign In" />

            <asp:Button runat="server" ID="btnSignOut" Text="Sign Out" />
                  </div>

             
             </form>
        
</asp:Content>

signin.aspx.vb

Imports System
Imports System.IO
Imports System.Web
Imports Microsoft.Owin
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Partial Class signin
    Inherits System.Web.UI.Page

    Private Sub signin2_Load(sender As Object, e As EventArgs) Handles Me.Load
        If Not Request.IsAuthenticated Then
            btnSignIn.Visible = True
            btnSignOut.Visible = False
        Else
            btnSignIn.Visible = False
            btnSignOut.Visible = True
        End If

    End Sub

    Private Sub btnSignIn_Click(sender As Object, e As EventArgs) Handles btnSignIn.Click
        If Not Request.IsAuthenticated Then
            
                HttpContext.Current.GetOwinContext().Authentication.Challenge(New AuthenticationProperties, OpenIdConnectAuthenticationDefaults.AuthenticationType)
           
        End If
    End Sub

    Private Sub btnSignOut_Click(sender As Object, e As EventArgs) Handles btnSignOut.Click
        HttpContext.Current.GetOwinContext().Authentication.SignOut()
    End Sub
End Class

startup.vb

Imports System
Imports System.Threading.Tasks
Imports Microsoft.Owin
Imports Owin
Imports Microsoft.IdentityModel.Protocols.OpenIdConnect
Imports Microsoft.IdentityModel.Tokens
Imports Microsoft.Owin.Security
Imports Microsoft.Owin.Security.Cookies
Imports Microsoft.Owin.Security.OpenIdConnect
Imports Microsoft.Owin.Security.Notifications


<Assembly: OwinStartup(GetType(WEBCOMLogin.Startup))>
Namespace WEBCOMLogin
    Public Class Startup
        Private clientId As String = System.Configuration.ConfigurationManager.AppSettings("ClientId")
        Private redirectUri As String = System.Configuration.ConfigurationManager.AppSettings("RedirectUri")
        Shared tenant As String = System.Configuration.ConfigurationManager.AppSettings("Tenant")
        Private authority As String = String.Format(System.Globalization.CultureInfo.InvariantCulture, System.Configuration.ConfigurationManager.AppSettings("Authority"), tenant)

        Public Sub Configuration(ByVal app As IAppBuilder)
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
            app.UseCookieAuthentication(New CookieAuthenticationOptions())
            app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
                .ClientId = clientId,
                .Authority = authority,
                .RedirectUri = redirectUri,
                .PostLogoutRedirectUri = redirectUri,
                .Scope = OpenIdConnectScope.OpenIdProfile,
                .ResponseType = OpenIdConnectResponseType.IdToken,
                .ResponseMode = OpenIdConnectResponseMode.FormPost,
                .Notifications = New OpenIdConnectAuthenticationNotifications With {
                    .AuthenticationFailed = AddressOf OnAuthenticationFailed
                }
            })

        End Sub

        Private Function OnAuthenticationFailed(ByVal context As AuthenticationFailedNotification(Of OpenIdConnectMessage, OpenIdConnectAuthenticationOptions)) As Task
            context.HandleResponse()
            context.Response.Redirect("/?errormessage=" & context.Exception.Message)
            Return Task.FromResult(0)
        End Function
    End Class
End Namespace

Edit: Added screenshot of claims

Screen shot of claims

Claims Details

Solution

  • with OpenID Connect the user details are returned back in the Id-token and the easiest way to get access to who the user is is to either look in the HttpContext.Current.User object.

    You should not try to access it your self from the headers. Because the actual token data is never visible to your browser, instead it is retrieved by the OpenIDConnect handler in the background.