1

I've created a custom login module for DNN with mixing authentications: 1) Authenticate thru ADFS. 2) Authenticate with regular forms authentication. Everything is working except:

protected void Adfs_Click(object sender, EventArgs e)
{
    HttpContext.Current.GetOwinContext()
                .Authentication.Challenge(new AuthenticationProperties { RedirectUri = redirectUrl },
                    OpenIdConnectAuthenticationDefaults.AuthenticationType);
}

the first click reloads the page and always works the second time. I've tried to disable the forms authentications like this post suggest, but because I'm working with DNN I can't do that.

I also test triggering the event on the Page_Load and works, but I want to allow the DNN native users to be able to login direct to DNN (host user) ... so I can't do the challenge there either.

Any help on what should I do to make the challenge works with the first click?

Thanks in advance.

Community
  • 1
  • 1
lienysd
  • 149
  • 1
  • 6
  • Did you ever managed to get that sorted? – iiminov Feb 24 '15 at 10:43
  • I wasn't able to find a solution.. unless I make the call from Page_Load event.. I ended with a total different solution... – lienysd Feb 25 '15 at 19:10
  • 1
    Would you mind sharing a few ideas? I am running into a problem where my SignIn is getting overtaken by DNN. So I end up getting redirected to DNNs Login page instead. – iiminov Feb 25 '15 at 23:03
  • 2
    The big problem with this solution is the incompatibility between forms authentication, OWIN-OpenId auth and DNN itself. In order to avoid been overtaken you must place your OWIN-OpenId module in your login page (set it up by default in DNN) and make the challenge in the Page_Load and once you have the token you should manually create a DNN user and do all the login logic talking to AAD-graph-API and get the claims you need. this should be done in Startup.Auth.cs=>ConfigureAuth=>Notifications=>AuthorizationCodeReceived. with this you'll be good to go but the click issue isn't resolved – lienysd Feb 26 '15 at 15:41
  • 2
    if you want to try a new approach: let's use the Relying Party - ADFS. here you'll use system.identitymodel.dll and system.identitymodel.services.dll, setting up the WSFederationAuthenticationModule and IHttpModule. To create the signin url you'll use WSFederationAuthenticationModule.CreateSignInRequest and in WSFederationAuthenticationModule =>OnSignedIn you'll be able to get the ADFS claims for your RP and create the DNN user and the login logic. This approach is much better and clean and doesn't affect the forms authentication. Hope it help ;) – lienysd Feb 26 '15 at 15:52
  • 1
    Its been a while since I gave this a try. Thank you for sharing your ideas. From my understanding the above works for a SSO scenario. I am looking for a hybrid solution. Hybrid? I am looking for DNN to do all of its usual user stuff. And I want a module to externally Authenticate users into their Office 365 accounts. Basically redirect user to Office 365. Get them to sign in. Get codes. And use those codes to communicate with the office api. But there are issues with that too. – iiminov Mar 19 '15 at 10:44
  • I'm straggling with exact same issue. The GetOwinContext() .Authentication.Challenge is not redirecting to Azure login from onclick event. Did any of you have any new ideas? – tatigo Aug 28 '15 at 02:11
  • @tatigo what is happening is when the challenge is trigger causes incompatibility between OWIN and Forms Authentication. That's why I'm using the WSFederationAuthentication option. For this approach you need to create a Relying Party on ADFS server, set the claims you need. On your side you need to create a DNN authentication provider that uses the DLLs I mentioned above and System.IdentityModel.Tokens.ValidatingIssuerNameRegistry.dll with these DLLs and the personalization of IHttpModule, WSFederationAuthenticationModule, login link, log out logic you'll have a solution. – lienysd Aug 31 '15 at 14:19
  • @iiminov sorry for the late answer.. I've created a DNN authentication provider that authenticates users against ADFS server (and gets all claims set on the server), and at the same time users can log in with DNN forms authentication ... In the login page both authentication providers exist and the user can choose which one to use. If you're still working on this i can help you. :) – lienysd Aug 31 '15 at 14:28
  • @lienysd I am certainly very interested though I am not sure if it will work with our setup here. – iiminov Sep 01 '15 at 06:08
  • @iiminov just let me know how and when I can help you. Right now my version is working on production and so far is been working perfect. Hopefully this approach helps you :) – lienysd Sep 01 '15 at 15:09
  • @lienysd when you put it like this it will be a while before I can revisit this topic again as I am currently busy with other work. Do you perhaps have a repository somewhere on github/codeplex/sourceforge where other developers can contribute or ask questions? Because it's starting to get out of hand for comments I can suggest stackoverflow chat room instead. – iiminov Sep 02 '15 at 08:29
  • @lienysd I will appreciate your help too! For now the workaround that I have is redirecting from DNN portal to standalon MVC application that will do the signin using the "standard" way, and redirects back when done. It works but is very ugly. Is there a place you would be comfortable sharing your work? – tatigo Sep 10 '15 at 04:23

0 Answers0