.netowinopenid-connectowin-middleware

How is OWIN OpenID Connect Login called?


Using OWIN and OpenID Connect and I am having a hard time understanding how my code works. I got this from a sample on the web. This is a .Net 4.7.2 application.

Relevant OWIN Startup code:

     app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
            {
                ClientId = System.Configuration.ConfigurationManager.AppSettings["clientID"], 
                ClientSecret = System.Configuration.ConfigurationManager.AppSettings["clientSecret"],
                Authority = System.Configuration.ConfigurationManager.AppSettings["Authority"],
                RedirectUri = System.Configuration.ConfigurationManager.AppSettings["redirectURI"],


                Scope = System.Configuration.ConfigurationManager.AppSettings["scope"],
                CallbackPath = new Microsoft.Owin.PathString(System.Configuration.ConfigurationManager.AppSettings["callbackURL"]),
                RedeemCode = true,
                SaveTokens = true,
                ResponseType = OpenIdConnectResponseType.Code,
                ResponseMode = OpenIdConnectResponseMode.Query
 }

Then I have this Index page with the Login function:

<form method="post" action="">
    <div class="d-flex justify-content-center">
        @*<button class="btn btn-primary mx-2" formaction="/Home/Login">Please Login!</button>*@
        <input  class="btn btn-primary mx-2" type="button" value="Login for access..." onclick="location.href='@Url.Action("Login", "Home")'" />
    </div>

Then this Login function in the Home Controller:

[Authorize]
    public ActionResult Login()
    {

        var user = User;
       

        //_Claims = ClaimsPrincipal.Current.Identities.First().Claims.ToList();

        string result = string.Empty;
        if (User.Identity.IsAuthenticated)
        {
            //do something
        }
    }

Somehow my Login button does a request out to my Identity Provider and everything is working. But where and how? I am not doing anything to trigger it. And I do not use any Challenge() method/mechanism. Can someone explain or point me to a detailed explanation of this? Thanks in advance!


Solution

  • when the authorization handler sees a controller with the [Authorize] attribute and the user is not logged in (not authenticated), it will automatically send a challenge to the Authentication module. It will in turn look at what handlers are added to it (OpenIDConnect). So it will then automatically contact your identity provider that will ask the user to authenticate. Eventually, the authentiaction handler gets a request back from the IdentityServer (Via the browser) so it can sign-in the user.