Auth0 Home Blog Docs

ASP.NET Core 2: Intermittent Correlation Failed Errors

auth0
login

#1
  • Which SDK does this apply to? Auth0.AuthenticationApi v5.4 / Lock 11.3
  • Which version of the platform are you facing this error on? .NET Core 2
  • Was this code working before? Have you made any changes in the dashboard recently? I think this error has always occurred intermittently.
  • HAR: I will keep trying on this. Because of the intermittent nature of the problem, this is a little bit tougher. I do have a HAR where the intermittent problem does not occur… Let me know if you would like me to include that. Otherwise, I’m sure I will get this eventually.

I am seeing intermittent Correlation Failed errors in production. The code we’re using comes straight out of the ASP.NET Core 2 quickstart samples.

For the most part, this happens in Chrome, although when I try this on Safari (on a phone) it seems much more prevalent… Mobile is not our target right now, but I would say Safari seems to be pretty much broken right now.
To reproduce this, when I go to my site after several hours (maybe a whole day?) of inactivity, It shows the “you last logged in with…” dialog, and then when I click my email address, it crashes.

Here’s the trace, if that helps:

Exception: Correlation failed.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
System.Runtime.CompilerServices.TaskAwaiter.GetResult()
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.MoveNext()
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
System.Runtime.CompilerServices.TaskAwaiter.GetResult()
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()

I have also seen an “oops! something went wrong!” page once or twice.

I understand this issue may be cookie related, so I thought I would also include my cookies:

.AspNetCore.Correlation.Auth0.9vfQ2_WqWLP6U1UXAi29WBtXqsuo97f2txMiHCiovP0 | N
.AspNetCore.OpenIdConnect.Nonce.CfDJ8DczvQ50mOVLnddvitCTG7Kp9Mc2yKSennC7oggfuaXdypiCvst-PX2Hva-N9UxUe20wXELi1G6LHg8W_XHmCtbv9MN3lROrFKfrEaTf8MPue32mGPFLqMjiPIGJTuKlAxaC4r-kQMIHH1_MJzZV44mrQ5b1Jq8tPXgT0vZcAeC-QblWwgFWJN8PzdG0b2NOCog3p-0QQPVkuZr_D2v65roPEi-1nstgExcxlme_w_zzH98Fit3FcXKBPXq6TQY0oVfTHWpKLyPUj1dPg1WLCBc | N
ARRAffinity | 7055382eb098285fb6aecb1d7b22ab0e092973bf2838304a05303973781a3ebb

Here’s my config:

using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;

namespace Keystone.Web.Config.IoC
{
    internal static class Auth0Config
    {
        public static void ConfigureAuth0(IServiceCollection services, IConfiguration configuration)
        {
            services.AddAuthentication(options =>
                {
                    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                })
                .AddCookie()
                .AddOpenIdConnect("Auth0", options =>
                {
                    // Set the authority to your Auth0 domain
                    options.Authority = $"https://{configuration["Auth0:Domain"]}";

                    // Configure the Auth0 Client ID and Client Secret
                    options.ClientId = configuration["Auth0:ClientId"];
                    options.ClientSecret = configuration["Auth0:ClientSecret"];

                    // Set response type to code
                    options.ResponseType = "code";

                    // Configure the scope
                    options.Scope.Clear();
                    options.Scope.Add("openid");
                    options.Scope.Add("profile");
                    options.Scope.Add("email");

                    // Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard 
                    // e.g. http://localhost:5000/signin-auth0 
                    options.CallbackPath = new PathString("/signin-auth0");

                    // Configure the Claims Issuer to be Auth0
                    options.ClaimsIssuer = "Auth0";

                    // Saves tokens to the AuthenticationProperties
                    options.SaveTokens = true;

                    //Signature validation for HS256 signed token

                   options.TokenValidationParameters = new TokenValidationParameters
                   {
                       NameClaimType = "name",
                       RoleClaimType = "https://schemas.quickstarts.com/roles"
                   };

                    options.Events = new OpenIdConnectEvents
                    {
                        // handle the logout redirection 
                        OnRedirectToIdentityProviderForSignOut = (context) =>
                        {
                            // This is for "flowing the API token" which we are apparently not using.
                            //context.ProtocolMessage.SetParameter("audience", "{YOUR_API_IDENTIFIER}"); 

                            var logoutUri = $"https://{configuration["Auth0:Domain"]}/v2/logout?client_id={configuration["Auth0:ClientId"]}";

                            var postLogoutUri = context.Properties.RedirectUri;
                            if (!String.IsNullOrEmpty(postLogoutUri))
                            {
                                if (postLogoutUri.StartsWith("/"))
                                {
                                    // transform to absolute
                                    var request = context.Request;
                                    postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                                }
                                logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
                            }

                            context.Response.Redirect(logoutUri);
                            context.HandleResponse();

                            return Task.CompletedTask;
                        }
                    };
                });
        }
    }
}

#2

Also: I am currently on a free account, and we aren’t using SSL/HTTPS yet.


#3

I’ve created a HAR file showing the problem: https://www.dropbox.com/s/yxes4x3ixs6m2lk/example.har?dl=0


#5

@brianm_accounts I am getting someone to take a look into this


#6

@brianm_accounts looks like you got a response in the Github issue:


#7

@jeremy.meiss Thank you for having someone take a look at this. The github response really did contain anything that will help be resolve this… I hope someone will look at the HAR file I included. I am using the configuration from the quickstart, so if I am having problems, I must not be alone.