ASP.NET Web Forms, Auth0 and OWIN

Sometimes supporting an old technology is much more troublesome, but when you manage to overcome the challenge, you will be feeling so much more satisfied.

My boss wants to use Auth0 for authentication, but the application that we need to modify is in ASP.NET Web Forms and there is no Auth0 quickstart for ASP.NET Web Forms and I can't find an example online.

I remember I saw somewhere that we can use OWIN on ASP.NET Web Forms with a bit of tweaking. Following the awesome blog post below, I managed to get OWIN to work.


Next, I followed Auth0 quickstart for ASP.NET (OWIN)

https://auth0.com/docs/quickstart/webapp/aspnet-owin/01-login#configure-auth0

One thing to note, the RedirectUri specified in the app has to be registered in Callback URLs in the Auth0 account.

Then comes the customization. First, I need to be able to secure pages. Reading online, I found out that simply adding the following to web.config works great. Notice the authentication tag with mode set to None.

    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
      <authentication mode="None"/>
    </system.web>

Second, I need to capture the redirect. Based on the Auth0 quickstart, whenever a secure page is requested, it will redirect to https://domain_name/Account/Login. For somewhat reason when I change this path under LoginPath in the quickstart, it doesn't change the redirection at all. So I decided to leave it as is.

Per my understanding, unless FriendUrls is enabled in ASP.NET Web Forms, /Account/Login won't work properly. That means I have to handle it manually. At a glance, my options are HTTP Module or OWIN Middleware. Since I already have OWIN installed, I wrote a custom OWIN Middleware.

https://www.hanselman.com/blog/IntroducingASPNETFriendlyUrlsCleanerURLsEasierRoutingAndMobileViewsForASPNETWebForms.aspx

There are many ways in writing custom middleware, so I just picked one.

https://benfoster.io/blog/how-to-write-owin-middleware-in-5-different-steps

On my middleware Invoke method, I have the following:

public async override Task Invoke(IOwinContext context)
{
       if (context.Request.Uri.AbsolutePath.Equals("/Account/Login", StringComparison.OrdinalIgnoreCase))
       {
             string auth0RedirectUri = ConfigurationManager.AppSettings["auth0:RedirectUri"];
             context.Authentication.Challenge(new AuthenticationProperties
            {
                RedirectUri = auth0RedirectUri
            }, "Auth0");
        }
        else
        {
              await Next.Invoke(context);
         }
}

Then I register my middleware after app.UseOpenIdConnectAuthentication() in Auth0 quickstart with code similar to the following:

app.Use(typeof(CustomMiddleware));

And that's it. So far, it has been working well.

Comments

Post a Comment

Popular posts from this blog

AWS EC2 Can't Reach EC2 Metadata Service After Subnet Change

Just another black box day. I had to move an EC2 instance to a different subnet, so I created an AMI out of it and launch it on a different subnet. Everything went well and it has no issue reaching the internet, but apparently not everything went well. The AWS agents such as SSM agent and CodeDeploy agent in the instance stop working. After checking the logs, they can't access the EC2 metadata. Since this is a Windows Server 2019 instance, it also shows that it is not activated, which is strange. On the following article, I found out that my issue was due to the "Gateway Address doesn't match that of the current subnet". https://aws.amazon.com/premiumsupport/knowledge-center/waiting-for-metadata/ Running the suggested command fixed the issue: Import-Module c:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psm1 ; Add-Routes
Read more

A2 Hosting with .NET Core 2.1

Technology advances so fast and I have a new web application which I built using .NET Core 2.1. However, my current web hosting provider does not support .NET Core and I have to look for a new web hosting. Reading some forums, found out that A2 Hosting plans to install .NET Core 2.1 in their shared hosting on August 2018. So on September 5th, 2018, I signed up for a new account with them. The coupon HOSTINGFACTS that I found from a web hosting review website still works and gave me 53% one-time discount. Everything went smoothly until I found out that in my Plesk, I was unable to go higher than .NET 4.6.2. So, I decided to chat with their customer support. It took a while to get in touch with an agent, which makes sense because they have lots of customers and it was during busy hour. From the chat with their customer support, I found out that .NET Core 2.1 has indeed been installed and what is weird is I don't have to flip the .NET version in Plesk. With that information, I d...
Read more

Xcode CodeSign Incorrectly States Password is Incorrect

I was trying to create an archive in Xcode to prepare the app for testing. It requires a code signing certificate and Xcode tried to reach out to Keychain to obtain it, so it prompted me for a password to my Keychain. My first thought is since the Keychain lives in my Mac, it has to be my Mac's password, so I entered it and it failed. I re-checked the characters, re-entered and it still failed. That is odd considering I did that before without issue. I found out that my Keychain Access app was still active. I have to quit the app and then it proceeds properly. So, the solution is quit the Keychain Access app before entering password for signing.
Read more