'Authentication.Challenge not working with ApiController

With ApiController, Authentication.Challenge not prompting Microsoft login for SSO. it executes SignIn action method, with out any errors. If I change from ApiController to Controller then it's prompting. does any one know how to prompt for Microsoft login using ApiController?

public class ValuesController : ApiController
{
    [System.Web.Http.Route("api/values/signin")]
    [System.Web.Http.HttpGet]
    public void SignIn()
    {
        if (!System.Web.HttpContext.Current.Request.IsAuthenticated)
        {
            HttpContext.Current.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }
}  


public class ValuesController : Controller
{
    public void SignIn()
    {
        if (!System.Web.HttpContext.Current.Request.IsAuthenticated)
        {
            HttpContext.Current.GetOwinContext().Authentication.Challenge(
                new AuthenticationProperties { RedirectUri = "/" },
                OpenIdConnectAuthenticationDefaults.AuthenticationType);
        }
    }
}
single-sign-on.net-framework-versionasp.net-apicontrollerowin-middlewareowin-security


Solution 1:[1]

We also faced a similar problem on our product.

The issue was the following: Challenge sets 401 status code for current response, which is later handled by a responsible OWIN Middleware, so if status code is not 401 the middleware won't handle the response and won't trigger the redirect.

But the default behavior of void action of ApiController sets 204 response status code. Therefore 401 is overwritten with 204, as a result nothing happens.

So there are several solutions:

  1. Don't use ApiController if you can
  2. Use ApiController but not void action. Use for example something like this
public ActionResult SignIn()
{
    HttpContext.Current.GetOwinContext().Authentication.Challenge(...);
    return new HttpStatusCodeResult(HttpContext.GetOwinContext().Response.StatusCode);
}
  1. If you have to use a void method and ApiController then you can end the response and then the status code won't be modified.
public void SignIn()
{
    HttpContext.Current.GetOwinContext().Authentication.Challenge(...);
    System.Web.HttpContext.Current.Response.End();
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Alexander Lysenko

Related Questions

Rails authentication strategy

Login Failure: Pool is empty and connection creation failed

User Auth/Identity Service that takes care of social logins?

Logout from Keycloak does not logout Active Directory User

SNOWFLAKE - AZURE ACTIVE DIRECTORY Integration

Everytime I change my Microsoft Teams Tab's code the content of the tab does not change

React-router HashRouter When redirecting root URL with query parameters, route gets appended after params

Symfony 6 - CAS Bundle

Apache superset with Okta integration

Azure AD OIDC Single Sign-On with HashiCorp Vault - Interactive Login Prompt Not Appearing

How to enable sign-in with Google on Backstage?

How to enable sign-in with Google on Backstage?

SAML SP Metadata XML SSO, Recipient and Destination URLs

How to use the AWS Python SDK while connecting via SSO credentials

Best practice: Generate email link to bypass authentication