Owin, pass custom query parameters in Authentication Request

c# asp.net-mvc owin katana openid-connect
Aliaksei picture Aliaksei · Jul 25, 2014 · Viewed 7.9k times · Source

We have our own OpenID Connect Provider. We want to pass custom query parameter in Authentication request using Owin middleware. And we cannot find the way how to implement this using Microsoft.Owin.Security.OpenIdConnect assembly. Even We cannot find how to add a standard request parameter to Authentication Request (e.g. "login_hint parameter").

For example Google has "login_hint" and "hd" parameters (https://developers.google.com/accounts/docs/OAuth2Login#sendauthrequest), and we want to have almost the same parameters. But we even cannot find how to send these parameters to Google using Owin. Tried this code:

var googleOptions = new GoogleOAuth2AuthenticationOptions()
{
    ClientId = "...",
    ClientSecret = "...",
};
app.UseGoogleAuthentication(googleOptions);

...

public ActionResult ExternalLogin(string provider)
{
    var ctx = Request.GetOwinContext();
    var properties = new AuthenticationProperties();
    properties.Dictionary.Add("login_hint ", "[email protected]");
    properties.Dictionary.Add("hd", "hd");
    ctx.Authentication.Challenge(properties, provider);
    return new HttpUnauthorizedResult();
}

But Authentication request url will be generated without "login_hint" and "hd" parameters.

Will be very grateful for any help to resolve this problem.

Answer

Eugene D. Gubenkov picture Eugene D. Gubenkov · May 1, 2015

You're almost there! What's left is overriding built-in GoogleOAuth2AuthenticationProvider and here is the example how to do it:

class CustomGoogleAuthProvider : GoogleOAuth2AuthenticationProvider
{
    public CustomGoogleAuthProvider()
    {
        OnApplyRedirect = (GoogleOAuth2ApplyRedirectContext context) =>
        {
            IDictionary<string, string> props = context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary;

            string newRedirectUri = context.RedirectUri;

            string[] paramertsToPassThrough = new[] { "login_hint", "hd", "anything" };

            foreach (var param in paramertsToPassThrough)
            {
                if (props.ContainsKey(param))
                {
                    newRedirectUri += string.Format("&{0}={1}", param, HttpUtility.UrlEncode(props[param]));
                }
            }

            context.Response.Redirect(newRedirectUri);
        };
    }
}

OWIN middleware registration:

app.UseGoogleAuthentication(new Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationOptions()
{
    // other config ...
    Provider = new CustomGoogleAuthProvider(),
});

The result (by the way with current version (3.0.1) of Google OAuth middleware login_hint flows from Authentication parameters out-of-the-box):

result

Related questions

Do I need a Global.asax.cs file at all if I'm using an OWIN Startup.cs class and move all configuration there?

Let's say for example in a brand new ASP.NET MVC 5 application made from the MVC with Individual Accounts template, if I delete the Global.asax.cs class and move it's configuration code to Startup.cs Configuration() method as follow, …

Read More
Current user in owin authentication

I started to build a web api for mobile apps and I'm having a hard time with implementing authentication. I use Bearer and although everything is supposed to be fine, I cannot get the current user from action in controller. …

Read More
How IsPersistent works in OWIN Cookie authentication

It seems I don't understand clearly how IsPersistent in OWIN cookie authentication works, the code below is to use IsPersistent: var context = Request.GetOwinContext(); var authManager = context.Authentication; var properties = new AuthenticationProperties { IsPersistent = isPersistence }; authManager.SignIn(properties, identity); I don't …

Read More