question

CJM-6643 avatar image
0 Votes"
CJM-6643 asked ShwetaMathur edited

OpenIDConnect Authorization Code Flow - redeems token on IIS express but not local IIS - C# asp.net

my owin startup.cs looks like this:

string clientId = ConfigurationManager.AppSettings["ClientId"];
string clientSecret = ConfigurationManager.AppSettings["ClientSecret"];
string redirectUri = ConfigurationManager.AppSettings["RedirectUri"];
static string tenant = ConfigurationManager.AppSettings["Tenant"];
string authority = string.Format(System.Globalization.CultureInfo.InvariantCulture, ConfigurationManager.AppSettings["Authority"], tenant);

 public void Configuration(IAppBuilder app)
 {
     app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
     app.UseCookieAuthentication(new CookieAuthenticationOptions());
     app.UseOpenIdConnectAuthentication(
         new OpenIdConnectAuthenticationOptions
         {
             // Sets the ClientId, authority, RedirectUri as obtained from web.config
             ClientId = clientId,
             ClientSecret = clientSecret,
             Authority = authority,
             RedirectUri = redirectUri, //struggling to see the difference between RedirectUri and CallbackPath
             //CallbackPath = new PathString("/home/"), // do i need this as well?
                
             PostLogoutRedirectUri = redirectUri,
             Scope = OpenIdConnectScope.OpenIdProfile,

             RedeemCode = true,
             ResponseMode = OpenIdConnectResponseMode.FormPost, // do i need this?
             SaveTokens = true, // do i need this?
             UsePkce = true, // default is true

             ResponseType = OpenIdConnectResponseType.Code,
             TokenValidationParameters = new TokenValidationParameters()
             {
                 ValidateIssuer = false,
             },

             Notifications = new OpenIdConnectAuthenticationNotifications
             {
                 AuthenticationFailed = OnAuthenticationFailed,
             },
         }
     );
 }

I don't understand why it tries to redeem the token on IIS Express and not on IIS Local. It's the same app so I am guessing it's something to do with IIS but I have no Idea what. Please help!

dotnet-csharpazure-ad-openid-connect
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ShwetaMathur avatar image
0 Votes"
ShwetaMathur answered

Hi @CJM-6643,

Thanks for reaching out.

ASP.Net applications generally run on IIS express. You cannot directly use IIS to host an ASP.NET Core application on IIS locally, as the development folder does not provide all of the necessary files IIS needs to host.

In a classic ASP.NET application everything is hosted inside of an IIS Worker Process (w3wp.exe) which is the IIS Application Pool. The pool hosts your ASP.NET application and your application is instantiated by the built-in ASP.NET hosting features in IIS.

However, for ASP.NET Core applications you can run IIS as a front-end proxy using an Out of Process model that proxies through IIS. Requests hit IIS and are forwarded to your ASP.NET Core app running the Kestrel Web Server (Reverse proxy).

In Process hosting model on IIS which does not use Kestrel and instead uses a new Web Server implementation (IISHttpServer) that is hosted directly inside of the IIS Application Pool.

For ASP.Net Core You can specify and update the value InProcess/OutProcess models in project configuration file under <AspNetCoreHostingModel>InProcess< /AspNetCoreHostingModel>

ByDefault, Hosting Model specified is InProcess which host the process inside IIS Worker Process (w3wp.exe or iisexpress.exe) ,But for debugging purpose, you can specify OutProcess to run the application locally.

Also , please refer OAuth 2.0 authorization code flow for all the required parameters and its values specified in startup.cs file.

As asked, the redirectUri and CallbackPath both are same and can be used interchangeably to specify where authentication responses can be sent.

and Response _mode is optional to informs the Authorization Server to be used for returning parameters from the Authorization Endpoint.


Thanks,
Shweta


Please remember to "Accept Answer" or Up-Vote if answer helped you.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.