This is a simplified implementation of an OpenID Connect Provider and Relying Party using ASP.NET MVC. "Simplified" here means that all messages passed between the provider and the relying party are valid OpenID Connect messages. But not all scenarios that should be handled by an OpenID Connect provider and relying party are handled by this implementation.
This project is intended to be a reference implementation for people who want to build Web applications with external authentication functionality when they are in control of both the client and the server.
In this project, the OpenID Connect protocol is implemented from scratch using basic Controllers and Action methods (as opposed to using an OpenID Connect or oAuth library). This gives you full control over the flow and the messages passed. You probably do not want to change the flow as it is imposed by the protocol and it ensures that the authentication is done securely. But you might very well want to extend the messages to add your custom data (which is allowed by the OpenID protcol).
The following diagram shows the external authentication flow and the messages passed between the user agent (Client Browser) and the authentication client Web application (Relying Party) and the authentication server Web application (Identity Provider).
-
Add the following entries to your "hosts" file:
127.0.0.1 provider.localhost 127.0.0.1 relyingparty.localhostto point the hostnames used by the project ("provider.localhost" and "relyingparty.localhost") to the loopback IP address "127.0.0.1". On my computer, the "hosts" file is located at
C:\Windows\System32\drivers\etc\hosts -
Run Visual Studio as an administrator and open "AuthenticationClientServer.sln". The two website projects will fail to load. But a hidden ".vs" folder will be created under the solution folder which is what we need.
-
Open
<solution folder>\.vs\config\applicationhost.configfor editing and add the following XML elements under the<sites>element. Remember to replace the physicalPath place holders below.<site name="Provider" id="2"> <application path="/" applicationPool="Clr4IntegratedAppPool"> <virtualDirectory path="/" physicalPath="Path to your Provider project folder goes here" /> </application> <bindings> <binding protocol="http" bindingInformation="*:50343:provider.localhost" /> </bindings> </site> <site name="RelyingParty" id="3"> <application path="/" applicationPool="Clr4IntegratedAppPool"> <virtualDirectory path="/" physicalPath="Path to your RelyingParty project folder goes here" /> </application> <bindings> <binding protocol="http" bindingInformation="*:57339:relyingparty.localhost" /> </bindings> </site>
-
Right-Click each of the website projects in the Solution Explorer and select "Reload Project".
-
In the Solution Explorer, right-click Provider > Debug > Start new instance.
The website will open in a browser window. Click "Register" on the top-right and fill the form to create a new user account.
Click "Log off" from the top-right. -
Go back to Visual Studio, right-click the solution item in the Solution Explorer and select "Set StartUp Projects..."
Select "Multiple startup projects".
Next to "Provider" select "Start" and next to "RelyingParty" select "Start".
Click OK. -
Right-Click the "Provider" project in the Solution Explorer and select "Properties".
From the left tabs select "Web".
Set the "Start Action" to "Don't open a page. Wait for a request from an external application." and save. -
Hit F5 and login to the RelyingParty using your Provider account.