ASP.NET Core OpenID Connect: Configure OIDC web authentication (#33908)

* Initial structure

* Link menu

* Add sample

* Update new authentication for OIDC

* samples

* Add links from the used standards

* Add a reference link

* Update sections

* Add a link

* Add some definitions

* Add image

* Update image

* Add an Overview

* Update docs

* Update doc

* Add customizations

* Update sections

* Add more data

* Add third party information

* Update texts

* add background to image

* clean up

* remove file

* Update text

* Update text

* Update text

* text

* fix line 80

* fix link

* link change due to build line 15

* build test

* Remove toc link due to build in dev branch

* reset link, no change to build

* fix links

* Test add toc menu

* Connect not connect

* Improve image

* fix small typos

* typo

* Update configuration

* Update programs

* Use FallbackPolicy instead of MVC options

* UseAuthorization()  comment

* Clean up sample using feedback

* code clean up

* Update text based on PR feedback

* 2 spaces

* Update text

* Update text

* Improve text

* text

* Update sample

* Update sample

* Fix code example

* spaces

* spaces

* spaces

* PR feedback

* Improve text

* Update schemes doc

* logout

* rename claim mappings

* Update code

* Update link

* Update link

* fix link

* logging

* Update links

* fix spacing

* grammer

* grammer

* Add Login page

* Add a challenge

Author: damienbod

aspnetcore/security/authentication/configure-oidc-web-authentication.md

@@ -0,0 +1,26 @@
+@page
+@model ErrorModel
+@{
+    ViewData["Title"] = "Error";
+}
+
+<h1 class="text-danger">Error.</h1>
+<h2 class="text-danger">An error occurred while processing your request.</h2>
+
+@if (Model.ShowRequestId)
+{
+    <p>
+        <strong>Request ID:</strong> <code>@Model.RequestId</code>
+    </p>
+}
+
+<h3>Development Mode</h3>
+<p>
+    Swapping to the <strong>Development</strong> environment displays detailed information about the error that occurred.
+</p>
+<p>
+    <strong>The Development environment shouldn't be enabled for deployed applications.</strong>
+    It can result in displaying sensitive information from exceptions to end users.
+    For local debugging, enable the <strong>Development</strong> environment by setting the <strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>
+    and restarting the app.
+</p>

aspnetcore/security/authentication/configure-oidc-web-authentication/_static/oidc-confidential-pkce-flow-drawio.png

@@ -0,0 +1,18 @@
+using System.Diagnostics;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace RazorPageOidc.Pages;
+
+[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
+public class ErrorModel : PageModel
+{
+    public string? RequestId { get; set; }
+
+    public bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
+
+    public void OnGet()
+    {
+        RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier;
+    }
+}

aspnetcore/security/authentication/configure-oidc-web-authentication/sample/oidc-net8/RazorPageOidc/Pages/Error.cshtml

@@ -0,0 +1,10 @@
+@page
+@model IndexModel
+@{
+    ViewData["Title"] = "Home page";
+}
+
+<div class="text-center">
+    <h1 class="display-4">Welcome</h1>
+    <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
+</div>

aspnetcore/security/authentication/configure-oidc-web-authentication/sample/oidc-net8/RazorPageOidc/Pages/Error.cshtml.cs

@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace RazorPageOidc.Pages;
+
+[Authorize]
+public class IndexModel : PageModel
+{
+    public void OnGet()
+    {
+    }
+}

aspnetcore/security/authentication/configure-oidc-web-authentication/sample/oidc-net8/RazorPageOidc/Pages/Index.cshtml

@@ -0,0 +1,4 @@
+@page
+@model RazorPageOidc.Pages.LoginModel
+@{
+}

aspnetcore/security/authentication/configure-oidc-web-authentication/sample/oidc-net8/RazorPageOidc/Pages/Index.cshtml.cs

@@ -0,0 +1,40 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace RazorPageOidc.Pages;
+
+[AllowAnonymous]
+public class LoginModel : PageModel
+{
+    [BindProperty(SupportsGet = true)]
+    public string? ReturnUrl { get; set; }
+
+    public async Task OnGetAsync()
+    {
+        var properties = GetAuthProperties(ReturnUrl);
+        await HttpContext.ChallengeAsync(properties);
+    }
+
+    private static AuthenticationProperties GetAuthProperties(string? returnUrl)
+    {
+        const string pathBase = "/";
+
+        // Prevent open redirects.
+        if (string.IsNullOrEmpty(returnUrl))
+        {
+            returnUrl = pathBase;
+        }
+        else if (!Uri.IsWellFormedUriString(returnUrl, UriKind.Relative))
+        {
+            returnUrl = new Uri(returnUrl, UriKind.Absolute).PathAndQuery;
+        }
+        else if (returnUrl[0] != '/')
+        {
+            returnUrl = $"{pathBase}{returnUrl}";
+        }
+
+        return new AuthenticationProperties { RedirectUri = returnUrl };
+    }
+}

aspnetcore/security/authentication/configure-oidc-web-authentication/sample/oidc-net8/RazorPageOidc/Pages/Login.cshtml

@@ -0,0 +1,8 @@
+@page
+@model RazorPageOidc.Pages.LogoutModel
+@{
+    ViewData["Title"] = "Logout";
+}
+
+<h1>Logout</h1>
+

aspnetcore/security/authentication/configure-oidc-web-authentication/sample/oidc-net8/RazorPageOidc/Pages/Login.cshtml.cs

@@ -0,0 +1,24 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace RazorPageOidc.Pages;
+
+[Authorize]
+public class LogoutModel : PageModel
+{
+    public IActionResult OnGetAsync()
+    {
+        return SignOut(new AuthenticationProperties
+        {
+            RedirectUri = "/SignedOut"
+        },
+        // Clear auth cookie
+        CookieAuthenticationDefaults.AuthenticationScheme,
+        // Redirect to OIDC provider signout endpoint
+        OpenIdConnectDefaults.AuthenticationScheme);
+    }
+}