Asp.net OWIN - Infinite loop when trying to use roles

Hi everyone,

I’ve tried to test the Auth0 integration with an ASP.NET 4.6.1 application by using the following quickstart:

https://auth0.com/docs/quickstart/webapp/aspnet-owin/03-authorization

I downloaded the example and hooked it up with my default app, added the roles rule as per the tutorial and if I try to access the /Account/Admin route with an “admin” role, everything works as expected.

The problem appears when I try to access this route with any other role.

Expected result: I am redirected to the homepage (or the callback url of my choice).

Actual result: The app starts an infinite loop that ends with a ““OpenIdConnectMessage.Error was not null, indicating an error. Error: ‘access_denied’. Error_Description (may be empty): ‘’. Error_Uri (may be empty): ‘’.”” error.

I tried investigating myself but I am out of ideas. Has anyone else encountered this?

In case it helps anyone, easiest way to reproduce:

• use the example code provided in the quickstart
• assign the user a “user” role (in the example’s case, the user’s email should not end with “example.com”)
• try to access the /Account/Admin route

Thanks!

Hi @only_me_jo

This seems to be a legacy implementation issue with ASP.NET, in short it creates a redirect loop as it redirects to the login page which in turn redirects back to the page it was trying to request (which in this case is /Account/Admin).

You can read more about it in this blog post (which contains a potential solution that you can customize).

Hope this helps!

I’ve also just pulled the quick start project and tried it and I still have the same issue. I have tried using the CustomAuthroizeAttribute but it doesn’t seem to work, as I still get in the same loop

Also getting this, it looks like if you don’t have permission, it redirects you back to auth0, when it should throw a permission error, since you are authenticated, but not authorized.