In an ASP.NET 4.8 webforms application, authenticated by okta, I'm trying to call an ASP.NET Core Web API, also secured by okta. How do I get and include the auth token in the call?
The code is their example okta-aspnet-webforms-example but with the buttons, text box and button click events events below added
Here is how okta is set up:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOktaMvc(new OktaMvcOptions()
{
OktaDomain = ConfigurationManager.AppSettings["okta:OktaDomain"],
ClientId = ConfigurationManager.AppSettings["okta:ClientId"],
ClientSecret = ConfigurationManager.AppSettings["okta:ClientSecret"],
AuthorizationServerId = ConfigurationManager.AppSettings["okta:AuthorizationServerId"],
RedirectUri = ConfigurationManager.AppSettings["okta:RedirectUri"],
PostLogoutRedirectUri = ConfigurationManager.AppSettings["okta:PostLogoutRedirectUri"],
GetClaimsFromUserInfoEndpoint = true,
Scope = new List<string> { "openid", "profile", "email" },
});
}
}
I'm calling an [AllowAnonymous] method successfully like this:
protected void Button1_Click( object sender, EventArgs e )
{
try
{
string buffer = string.Empty;
// Create an HttpClient instance
HttpClient client = new HttpClient();
var result = AsyncHelper.RunSync<string>( () => client.GetStringAsync( "http://localhost:44331/DoCdssLoginTests?sAdName=bob.bob" ) );
TextBox1.Text = result;
}
catch ( Exception ex )
{
TextBox1.Text = ex.Message;
throw;
}
}
and it works.
I'm trying this:
protected void Button_Secure_Click( object sender, EventArgs e)
{
try
{
// .net core code, GetToken and GetTokenAsynch don't exist in asp.net 4.8
// var accessToken = await HttpContext.GetTokenAsync( "access_token" );
var accessToken = HttpContext.Current.Request.Headers["authorization"];
string buffer = string.Empty;
// Create an HttpClient instance
HttpClient client = new HttpClient();
// uncomment out once I can get the token
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue( "Bearer", accessToken );
var result = AsyncHelper.RunSync<string>( () => client.GetStringAsync( "http://localhost:44331/DoCdssLoginTests?sAdName=bob.bob"));
TextBox1.Text = result;
}
catch ( Exception ex )
{
MsgBox(ex.ToString());
TextBox1.Text = ex.ToString();
//throw;
}
}
But the access token is always null, even when I'm logged in okta in the app.
What is the correct way to get and pass the authToken in ASP.NET 4.8?
