RavenB.56081 (Customer) asked a question.
Hello,
I am creating a .NET framework (4.8) application with Okta OIDC sign in. The issue that I now face is that The sign in widget shows up correctly after clicking the sign in link. However, after entering username/password and 2FA, the: /authorization-code/callback throws 403 but then throw 404 upon refreshing.
Strange thing is that this doesn't happen when I use localhost. Only when I deploy to web server that I have this issue.
Note: I've added the page root URL to Security/API as Redirect
Below are the error that I get
First error:
The remote server returned an error: (403) Forbidden.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The remote server returned an error: (403) Forbidden.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[WebException: The remote server returned an error: (403) Forbidden.]
System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +629
System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +64
[HttpRequestException: An error occurred while sending the request.]
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +102
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +64
Okta.AspNet.Abstractions.<SendAsync>d__2.MoveNext() +302
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +102
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +64
Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__16.MoveNext() +511
Upon refreshing:
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /authorization-code/callback
Hi Raven,
Is there anything different about the environment on your web server compared to localhost? For example, any redirects that might be getting performed that typically wouldn't happen when developing on localhost? Opening up the developer tools and viewing the network tab while reproducing the error can often times provide helpful troubleshooting info.
If that doesn't help, I might recommend opening up a support case for this, as we could look into the specific flow of events that occurs when being authenticated
Hi Marcus,
We setup the web app on Azure. The actual Azure URL (ie: mycompany.appserviceenvironment.com) is not the one that users will see & access but the alias (mycompany.com)
Dev Tool Network tab doesn't record anything although when I look under Okta System Log, the access token is granted successfully.
I opened Dev Tol and try to catch the network but it only catches traffic up to the widget. After navigating away from the widget and back to application/authorization-code/callback, the traffic isn't caught.
So I fixed the problem but do not 100% understand the issue.
What I did was switching from app.UseOktaMvc to Microsoft's app.UseOpenIdConnectAuthentication, put Okta configurations in and it worked.
So just for future reference, Is there a particular reason why UseOpenIdConnectAuth works while UseOktaMvc doesn't?
Actually now I run into another issue:
The return claims no longer include id_token and access_token. I'm playing around with the settings but it but keep getting the same claims.