I have setup my ASP.NET MVC 4.7 application like this.
Aside from the files bello, nothing has been changed from the original generated project.
The thing is, I can successfuly redirect to my Keycloak login page, but when it redirects to the url specified after successful login, it reroutes back to the Identity server (which is keycloak) and the identity server reroutes back to the reroute URL.
Here is the dev tools log, it does look like the cookies and sessions are passed properly
After successful login in Keycloak page, it redirects to /home
which is correct as that is what I set
It does looks like cookies are passed properly:
However, it does seem that after calling /home (redirect) it calls the authentication again in Keycloak
This is causing an infinite loop. As authentication will then call /home
and home calls the authentication again and again.
I already tried the approaches I found in the internet including using UseKentorOwinCookieSaver
, using SystemWebCookieManager
, and anything I tried online with no luck.
What am I missing here? Help help, I’ve been stuck on this issue for days now.
Here is the code
Startup.cs
using Microsoft.Owin;
using Owin;
using System;
using System.Threading.Tasks;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Owin.Security.Keycloak;
using Microsoft.Owin.Security.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System.IdentityModel.Tokens;
using Microsoft.Owin.Host.SystemWeb;
[assembly: OwinStartup(typeof(AspNetMVC4.Startup))]
namespace AspNetMVC4
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseKentorOwinCookieSaver();
const string persistentAuthType = "keycloak_auth";
app.SetDefaultSignInAsAuthenticationType(persistentAuthType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = persistentAuthType,
AuthenticationMode = AuthenticationMode.Active,
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebCookieManager()
});
var desc = new AuthenticationDescription();
desc.AuthenticationType = "keycloak_auth";
desc.Caption = "keycloak_auth";
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "Auth0",
Authority = "http://localhost:8080/auth/realms/master",
ClientId = "keycloakdemo",
ClientSecret = "tUM2gZiW5H3Lx2DQ4b5t4x5FzzrmADGi",
// RedirectUri = "http://localhost:44337/",
//PostLogoutRedirectUri = auth0PostLogoutRedirectUri,
RedirectUri = "https://localhost:44337/home",
ResponseType = OpenIdConnectResponseType.Code,
Scope = "openid profile email",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebCookieManager(),
});
}
}
}
HomeController.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace AspNetMVC4.Controllers
{
public class HomeController : Controller
{
[Authorize]
public ActionResult Index()
{
return View();
}
public ActionResult About()
{
bool flag = User.Identity.IsAuthenticated;
ViewBag.Message = "Your application description page.";
return View();
}
public ActionResult Contact()
{
ViewBag.Message = "Your contact page.";
return View();
}
}
}
2
Answers
I finally figured it out and sucesfuly integrated Keycloak to ASP.NET MVC 4.7, I am posting my solution here to help those who will have the same set of issues i had. The thing is, Keycloak and OWIN/OpenID is not integrated seemless in ASP.NET MVC frameworks libraries so what i dis is to manualy process everything including the User Identity, process the tokens and identity and use the tokens to retrieve the informations i need thru Keycloak own Rest API. I have made a quick and dirty demo here:
https://github.com/ruellm/ASPNetMVC4-Keycloak
Hopefuly it can help a soul someboday, as I was stuck for almost 2 weeks and finally solved it.
you need to make sure you use samesite=none and also use HTTPS to get the cookies to work.