It's the Identity Server 3 Standalone Implementation Part 3 by scott Brady
When I run my hybridflow client application and login ,the consent page shows.
But after I confirm my choices about the scope and click "yes,allow" button,the page redirect to consent page.
It's the network preserve log image.
enter image description here
It's the final Http RequestURL and Its Response is the consent page.
https://localhost:44302/core/connect/authorize?client_id=hybridclient&redirect_uri=https%3a%2f%2flocalhost%3a44304&response_mode=form_post&response_type=code+id_token+token&scope=openid+profile+email+roles+offline_access&state=OpenIdConnect.AuthenticationProperties%3dGIPazkL_z51B5u_wmtKMsauUJ34gMgYgAYukTOJgcMWmtASfBx-77WQfQAeTcMuAonf8NHohQTkf6gTmZIWKqBPnw3vjEf27KXPcD-q6xoDssEPwjcq_DtRck3TysSUmvF3PmqRzV2Prcukj8OJdRTOGBRUFBwXbf2_-low93P9joO_WqzC-a6M_nTG1JVy9AWUEaVPvPt1NdNU5Wwgq6A&nonce=636184232732125913.OGEyYzY4ODItYThjNi00ZDI1LWIxNDMtMTc2ZjUyNTNlYWM1MzI1ZjY2YjktMjg2MS00NDBkLTg4MDQtNDBkNzJjZWIyNTVm
Looks like the returnUrl is always pointing at your singin page, which seems to always redirect to IdentityServer. Debug thru your code and you'll see where you re-enter your signin, even after the user has been logged in.
Related
I'm trying to use WsFederation on a "SSO Site" to authorize across a family of apps on the same domain. In my test configuration, I have the following setup:
SSO Site
example.com/SSOSite
Wtrealm is https://example.com/SSOSite
Wreply is https://example.com/SSOSite/signin-wsfed
Sample App
example.com/SampleApp
Wtrealm is https://example.com/SSOSite
Wreply is https://example.com/SSOSite/signin-wsfed?appName=SampleApp
Expected Result
An unauthenticated user navigates to example.com/SampleApp
The user is redirected into the Microsoft SSO login flow for example.com/SSOSite
Login process completes, sends user to example.com/SSOSite/signin-wsfed?appName=SampleApp
SSO Site application handles redirect back to Sample App site
Actual Result
In step 3 above, /signin-wsfed responds with a 302 pointing at / - that is, the root of example.com.
If I go directly to example.com/SSOSite, it completes the login as expected and /signin-wsfed passes control along to my own login controller method. It's only when the request begins at /SampleApp that signin-wsfed responds with the 302 to /
My Question
Why does this 302 to / happen? Is there a way to accomplish what I'm aiming for - using one realm to handle all logins and then send the user back to their desired application when the login completes?
How do I get the previous route in blazor?
For example, we have many pages which required authentication. So when a user tries to access that page we navigate the user to the login page.
After success full login we want a user to redirect back to the page he requested.
On successfull reset of the password from the forgot password email link, user stays at the success status screen.
On successfull password reset, I would like to redirect the user to the fusion auth login page or to my application. One way I am thinking is to write some custom javascript to automatically redirect the user but the challenge is we have 3 applications under a tenant and theme templates are specific to the tenant, how would be I able to differentiate the redirect url?
Ours is a MVC4 application.
We are OAuth & Formsauthentication to allow login with google, facebook & twitter.
For the first time when I login using google..
I am redirected to google page and I have provided credentials it logs me in, thats all fine.
After logout, and re-login, I am able to login automatically.
I think the cookies in the browser are not cleared though I have cleared them in logoff.
public ActionResult LogOff()
{
//Clears out Session
Response.Cookies.Clear();
//Signs out of WebSecurity and FormsAuthentication
WebSecurity.Logout();
FormsAuthentication.SignOut();
// clear authentication cookie
HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
cookie1.Expires = DateTime.Now.AddYears(-1);
Response.Cookies.Add(cookie1);
Session.Clear();
Session.Abandon();
return RedirectToAction(AXN_DFLT, CNTLR_DFLT);
}
After logoff I should be redirected to google page again on re-login.
but it is not happening.
somebody pls advise?
same kind of question here : ASPXAUTH Session invalidate on logout with OAUTH
but no answer!!
At first sight, there doesn't seem to be any problem in your described question. Your solution seems to be working fine. It seems to me that you are not understanding how OAuth, FormsAuthenticate, Sessions and Cookies fit altogether. For the sake of simplicity, I'll outline the process flow you have described and explain each of them...
The scenario is that you are NOT logged into neither your website nor your google account.
You browse to your website login page
Click on the "Login with Google" button: This redirects you to the Google Account login dialog, so you're not on your website anymore...you're now knocking on Google's door
You login successfully with Google: Google will issue a cookie (for Google's services only)
Up to this point, your browser owns one cookie...Google's one
4.You are redirected back to your website: Your website noticed an access token(not cookie) issued by Google and then your website will issue its own cookie which has nothing to do with Google's one
Up to this point, your logged in with Google and your website, meaning your browser owns 2 valid cookies (Google's and your website's)
5.Later on, you log out of your website: This action destroys any session related to YOUR website (including the cookie for your website). Notice that, Google's cookie is still valid, in fact, if you go to your gmail, youtube or any other Google's service you will perfectly bypass authentication because you haven't logged out from Google...ONLY from your website.
6.Then you decide to log back into your website by click the "Login with Google" button: This action will take you to Google's but, because Google detects that you are already authenticated (logged in) it doesn't need to re-authenticate you, it already knows who you are and does not prompt the login dialog, instead, it redirects you back to your website issuing a fresh new access token.
Basically, you are not required to login with Google again if you are already logged in
Hope it makes sense
I have set a web browser control in winform and navigate to the following url-
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxx&redirect_uri=https://www.facebook.com/connect/login_success.html&display=popup&scope=publish_stream,user_status&response_type=token
It show the login dialog box. After enter username and password facebook redirect to following
url-
https://www.facebook.com/login.php?skip_api_login=1&api_key=xxxxxxxx&signed_next=1&next=https://www.facebook.com/dialog/oauth?redirect_uri=https%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html&display=popup&scope=publish_stream%252Cuser_status&response_type=token&client_id=xxxxxxxxxx&ret=login&cancel_uri=https://www.facebook.com/connect/login_success.html?error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied%23_=_&display=popup
and display a message with two button called "okay" & "cancel"
xyourappxxxx would like to access your public profile, friend list and status updates.
if i click on "Okay" button this will redirect to following page with the msg of--
page---https://www.facebook.com/dialog/oauth/read
message---Success SECURITY WARNING: Please treat the URL above as you
would your password and do not share it with anyone.
application type: Native/desktop
App secret in client: no
Client OAuth Login: enbl
Embedded browser OAuth Login: enbl
Sandbox mod: ON
Problem is after authorization facebook not redirect to my redirect_uri and not getting any access token.
I am using vb.net 2008 express
thanks
I might be mis-understanding your question/issue, apologies if so..
in your first line.. you have the redirect_uri set to just go back to facebook, whereas it's supposed to be the URI of the page on your site that you want facebook to send the user to after they authenticate and approve your app, no?
in other words shouldnt your first line be:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxx&redirect_uri=**https://WWW.YOURDOMAIN.COM/YOURPAGE.ASPX**&display=popup&scope=publish_stream,user_status&response_type=token
after the user clicks "okay" on the popup, it will then redirect them to YOURPAGE.ASPX on your site, passing the access_token