So in my endeavors to support Facebook, Google, Outlook and etc login providers the middle ware IdentityServer3 on git has proven worth its weight in gold.
If you need to customize the views for a client, let us suppose a customer wants the login page to be branded for their company logo….What??… the nerve of them.. lol… Seriously, it is extremely easy… See this link: [ branding ] Perhaps they want to use a bootstrap theme, different layout or various validation rules… See that link…
My next post will be about using this with an Angular2 application. Much easier than I even thought!
When you deploy to IIS be sure to edit the web sites Authentication settings
Anonymous Authentication: Enabled
Basic Authentication: Disabled
Windows Authentication: Disabled
Digest Authentication: Disabled
Forms Authentication: Disabled
ASP.NET Authentication: Disabled
With this setup, you will not automatically be logged in via your Domain Account, but instead prompted to login via the Middleware Login Page.
If you want your users to use their windows login, you can enable Windows Authentication.
I upgraded an existing MVC3 Project that once used Web Form login and Active Directory as a means to authenticate a user, to now use a login process similar to sites that let you use OAUTH2 but pick either facebook, google or other identity service provider.
When I finished the upgrade process I was getting the login form via the IdentityServer3 middle-ware, but when it tried to redirect to the original site (client) it was just loop and loop… and … well you get the point by now….
To fix the issue: (found numerous solutions here…)
The short is that I needed to either add the session_onstart in global aspx or add a CallbackPath.
GLOBAL.ASAX file fix:
protected void Session_Start(object sender, EventArgs e)
/// When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used.
/// As a result, a new session ID is generated for each page request until the session object is accessed.
/// If your application requires a static session ID for the entire session,
/// you can either implement the Session_Start method in the application's Global.asax file and store data in the Session object to fix the session ID,
/// or you can use code in another part of your application to explicitly store data in the Session object.
base.Session["init"] = 0;
The CallBackPath solution goes in your code where you are configuring your owin process app.UseOpenIdConnectAuthentication — do this in the client application.
ClientId = "app_jcrl",
Authority = Constants.BaseAddress,
RedirectUri = "https://jcrl3g.jcdev.org/home/",
PostLogoutRedirectUri = "https://jcrl3g.jcdev.org/",
ResponseType = "code id_token",
Scope = "openid profile read write offline_access",
CallbackPath = new PathString("/home/index/"), // Critical to prevent infinite loop
TokenValidationParameters = new TokenValidationParameters
NameClaimType = "name",
RoleClaimType = "role"