I want to avoid login dailog box when on opening a word document using WebDavServer.
The official documentation says I can do it like this "implement URL-authentication. Your URLs will look like http://server/[SessionID1234567890]/path/file.docx"
https://www.webdavsystem.com/server/documentation/ms_office_read_only
So what does that mean I do not have any authentication at Backend of my .net app and just send the sessionID. That's it. but it does not work.
I already had MS-OFBA with OIDC but I disabled it to test this. Please point me towards right resource.
Official website hardly has any detailed information (Even their official answers on SO)
I already had MS-OFBA with OIDC but I disabled it to test this.
public static void MsOfbaConfiguration(this IAppBuilder app, string baseUrl)
{
app.Use(async (owinContext, next) =>
{
var request = owinContext.Request;
var response = owinContext.Response;
const string authenticatedCallback = "/authenticated";
const string login = "/login";
var returnUrl = $"{baseUrl}{authenticatedCallback}";
var isAuthenticated = request.User?.Identity?.IsAuthenticated ?? false;
switch (request.Method)
{
case "GET" when request.Path.StartsWithSegments(new PathString("/ping")):
await response.WriteAsync($"\"{baseUrl.Split('/').Last()} pong\"").ConfigureAwait(false);
response.StatusCode = (int)HttpStatusCode.OK;
return;
case "OPTIONS" when request.Headers.Get("User-Agent").Contains("Office") && !isAuthenticated:
var loginUrl = $"{baseUrl}{login}";
response.Headers["X-FORMS_BASED_AUTH_REQUIRED"] = $"{loginUrl}?returnUrl={returnUrl}";
response.Headers["X-FORMS_BASED_AUTH_RETURN_URL"] = returnUrl;
response.Headers["X-FORMS_BASED_AUTH_DIALOG_SIZE"] = "800x600";
response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
case "GET" when request.Path.StartsWithSegments(new PathString(login)) && isAuthenticated:
response.Redirect(returnUrl);
return;
case "GET" when request.Path.StartsWithSegments(new PathString(authenticatedCallback)):
return;
default:
await next().ConfigureAwait(false);
break;
}
});
}
public static IAppBuilder UseOpenIdConnectAuthConfiguration(this IAppBuilder app, string baseUrl)
{
var optionsMonitor = GlobalServiceProvider.ServiceProvider.GetService<IOptionsMonitor<OidcOptions>>();
var oidcOptions = optionsMonitor.Get(OidcOptions.Contexts.PortalStartup);
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = oidcOptions.Authority,
AuthenticationMode = AuthenticationMode.Active,
ClientId = oidcOptions.ClientId,
RedirectUri = $"{baseUrl}signin",
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
ResponseType = "code",
Scope = oidcOptions.Scope,
RedeemCode = true,
PostLogoutRedirectUri = $"{baseUrl}logout",
RequireHttpsMetadata = true,
Notifications = new OpenIdConnectAuthenticationNotifications()
.WithUserProfile()
.WithFailureControl(),
UseTokenLifetime = false,
SaveTokens = true,
});
return app;
}
public static OpenIdConnectAuthenticationNotifications WithFailureControl(this OpenIdConnectAuthenticationNotifications notifications)
{
_ = notifications ?? throw new ArgumentNullException(nameof(notifications));
notifications.AuthenticationFailed = OnAuthenticationFailed;
return notifications;
}
private static Task OnAuthenticationFailed(AuthenticationFailedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> arg)
{
arg.Response.StatusCode = (int)HttpStatusCode.BadRequest;
arg.HandleResponse();
return Task.FromResult(0);
}