OIDC Forms Auth Module

Owned by Dev Raj Gautam, created
Last updated: Feb 16, 2022
4 min read

The EmpowerID OIDC Forms Auth Module enables legacy .NET web applications to utilize the Azure authentication. This module deploys a few pages alongside your application to pre-process requests, user claims transformation, and identity generation, which happens before your application receives and processes the HTTP request.

 

The typical process flow involving the OIDC Forms Auth Module

  1. A user attempts to log in to the application

  2. The OIDC module (authorize.aspx) redirects to the user agent Azure authorization endpoint.

  3. Upon successful authentication, Azure returns the authorization_code & ID token.

  4. The OIDC module (redeemcode.aspx) exchanges the authorization code for an access token.

  5. Upon successful code validation, Azure returns the access token.

  6. The OIDC module invokes the custom ID token validator configured for the application.

  7. The OIDC module invokes the custom claims transformer for the application.

  8. The OIDC module sets the HttpContext.User to the claims principal.

Step 1 - Configure Azure App Registration

  1. Login to Azure Portal using an admin account.

  2. Navigate to Azure Active Directory > App Registrations >New registration

     

  3. Please, provide the details asked to create the registration page and click on the Register button. Select Single Tenant or Multitenant based on the use case. Select Web and provide a redirect URI in your app to receive an authentication response after successfully authenticating the user.

  4. Navigate to the Overview section > Copy & save the Application (client) ID and Directory (tenant) ID values. These values will be used in the “Deploy the OIDC Auth Module” section.

  5. Navigate to Certificates & Secrets and create a client secret. Copy the generated secret and save it. This value will be used in the “Deploy the OIDC Auth Module” section.


Step 2: Deploy the OIDC Auth Module

  1. Add the following app setting keys with values in the Web.config file of the web application for which you wish to enable Azure OIDC Auth.

  2. Copy the “oidcfolder from the EmpowerID AuthNAuthO Toolkit and drop it in the Webforms application.



  3. Update the Login action to redirect to the oidc/authorize.aspx page

  4. Update the Logout action to the oidc/logout.aspx page

Step 3: Implement Custom Identity Token Validator

  1. Create a Class Library project and reference the OIDC Auth Module assembly, EmpowerID.OidcAuth.V47.dll.

  2. Add a class (i.e., MyCustomTokenValidator) that derives from the IIdentityTokenValidator interface and implement the ValidateToken method to set new claims and the Claims Principal the IdentityTokenResponse model.



  3. Add the ida:IdentityTokenValidator app setting key in the Web.config file of the web application. The value of this setting is the assembly fully qualified name of the type that implements the IIdentityTokenValidator interface in the EmpowerID.OidcAuth.V47.dll assembly.



Step 4: Implement Custom Claims Transformer

  1. Create a Class Library project and reference to the OIDC Auth Module assembly, EmpowerID.OidcAuth.V47.dll

  2. Add a class (i.e., MyCustomClaimsTransformer) that derives from the IClaimsTransformer interface and implement the TransformClaims method to set new claims or transform existing claims.

  3. Add the ida:ClaimsTransformer app setting key in the Web.config file of the web application. The value of this setting is the assembly fully qualified name of the type that implements the IClaimsTransformer interface in the EmpowerID.OidcAuth.V47.dll assembly.


Modernizing Legacy .Net Apps with Azure AD
OIDC Forms Auth Module

Azure EasyAuth Module

Azure Authentication using OWIN with ASP.NET