search

okta / samples-aspnet

samples-aspnet
https://github.com/okta/samples-aspnet
Apache License 2.0
42 stars 107 forks source link

SSO not working! #100

Open anshulMetacube opened 1 year ago

anshulMetacube commented 1 year ago

I made an app .NET Framework 4.8 , guiding myself by looking at your way of implementation. (I may have changed some line here and there to try different things but couldn't succeed)

AccountController :

public class AccountController : Controller
    {
        [HttpPost]
        [ValidateAntiForgeryToken]
        public ActionResult Login(FormCollection form)
        {
            if (!HttpContext.User.Identity.IsAuthenticated)
            {
                var properties = new AuthenticationProperties();
                properties.Dictionary.Add("sessionToken", form.Get("sessionToken"));
                properties.RedirectUri = "/Home/About";

                HttpContext.GetOwinContext().Authentication.Challenge(properties,
                    OktaDefaults.MvcAuthenticationType);

                return new HttpUnauthorizedResult();
            }

            return RedirectToAction("Index", "Home");
        }

        public ActionResult Login()
        {
            return View();
        }

        [HttpPost]
        public ActionResult Logout()
        {
            if (HttpContext.User.Identity.IsAuthenticated)
            {
                HttpContext.GetOwinContext().Authentication.SignOut(
                    CookieAuthenticationDefaults.AuthenticationType,
                    OktaDefaults.MvcAuthenticationType);
            }

            return RedirectToAction("Index", "Home");
        }

        public ActionResult PostLogout()
        {
            return RedirectToAction("Index", "Home");
        }
    }

Login View:

@using System.Configuration;
@{
    ViewData["Title"] = "Login";
}

<script src="https://global.oktacdn.com/okta-signin-widget/7.6.1/js/okta-sign-in.min.js" type="text/javascript"></script>
<link href="https://global.oktacdn.com/okta-signin-widget/7.6.1/css/okta-sign-in.min.css" type="text/css" rel="stylesheet" />

<div id="widget"></div>

<form method="POST" asp-action="Login">
    <input type="hidden" name="sessionToken" id="hiddenSessionTokenField" />
    @Html.AntiForgeryToken()
</form>

<script type="text/javascript">
    const signIn = new OktaSignIn({
        baseUrl: '@ConfigurationManager.AppSettings["okta:OktaDomain"]'
    });

    signIn.renderEl({ el: '#widget' }, (res) => {
        var sessionTokenField = $("#hiddenSessionTokenField");
        sessionTokenField.val(res.session.token);
        var form = sessionTokenField.parent();
        form.submit();
    }, (err) => {
        console.error(err);
    });
</script>

Expected Behaviour :

Whenever I sign in to okta dev console app in an tab, my app on other tab automatically signs in on reload or when clicked on login button and vice versa (i.e. if I sign in to my app, Okta dev console automatically sign in).

Actual Behaviour :

The app works fine when an instance of the same app is signed in, the other instance of the same app automatically signs in on reload. But, it doesn't work when I sign in to Okta, my app on other tab doesn't signs in!

Note : When I sign in to my app, Okta gets signed in (that is they have implemented such feature that recognises that another app is signed in but the domain is common.)

@bryanapellanes-okta Official Sample that I followed.