
BrianW.03127 (Customer) asked a question.
I did implemented the OKTA authentication in VB.NET application. It's successfully redirecting to the Okta Site, getting authenticated. But When I check with the Request.IsAuthenticated, its always false. Because of that my application hitting OKTA again and again. Please refer my startup class below
<Assembly: OwinStartup(GetType(FacilityRevocationManagement.Startup))>
Namespace FacilityRevocationManagement
Public Class Startup
Private ReadOnly _clientId As String = ConfigurationManager.AppSettings("okta:ClientId")
Private ReadOnly _redirectUri As String = ConfigurationManager.AppSettings("okta:RedirectUri")
Private ReadOnly _authority As String = ConfigurationManager.AppSettings("okta:OrgUri")
Private ReadOnly _clientSecret As String = ConfigurationManager.AppSettings("okta:ClientSecret")
Public Sub Configuration(ByVal app As IAppBuilder)
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
IdentityModelEventSource.ShowPII = True
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
ConfigureAuth(app)
End Sub
Public Sub ConfigureAuth(ByVal app As IAppBuilder)
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions With {
.ClientId = _clientId,
.ClientSecret = _clientSecret,
.Authority = _authority,
.RedirectUri = _redirectUri,
.ResponseType = OpenIdConnectResponseType.CodeIdToken,
.Scope = OpenIdConnectScope.OpenIdProfile,
.TokenValidationParameters = New TokenValidationParameters With {
.NameClaimType = "name"
},
.Notifications = New OpenIdConnectAuthenticationNotifications With {
.AuthorizationCodeReceived = Async Function(n)
Dim tokenClient = New TokenClient($"{_authority}/v1/token", _clientId, _clientSecret)
Dim tokenResponse = Await tokenClient.RequestAuthorizationCodeAsync(n.Code, _redirectUri)
If tokenResponse.IsError Then
Throw New Exception(tokenResponse.[Error])
End If
Dim userInfoClient = New UserInfoClient($"{_authority}/v1/userinfo")
Dim userInfoResponse = Await userInfoClient.GetAsync(tokenResponse.AccessToken)
Dim claims = New List(Of Claim)(userInfoResponse.Claims) From {
New Claim("id_token", tokenResponse.IdentityToken),
New Claim("access_token", tokenResponse.AccessToken)
}
n.AuthenticationTicket.Identity.AddClaims(claims)
End Function
}
})
End Sub
End Class
This function used to check whether user authenticated
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not IsPostBack Then
If Not Request.IsAuthenticated Then
HttpContext.Current.GetOwinContext().Authentication.Challenge(New AuthenticationProperties With {
.RedirectUri = "/FacilityRevocationManagement/View/Welcome.aspx"
}, OpenIdConnectAuthenticationDefaults.AuthenticationType)
End If

Thanks for your answer and sorry for my late reply. I found the issue from my side. Actually I copied the ORGURI from address bar instead of details in the application. Address bar URL is identical to the ORGURI, but actually not. Once I found that I'm able to get Authenticate as usual.