Auth0 Home Blog Docs

Auth failure with MVC and OWIN using documentation

lock
mvc
owin

#1

I’ve been bashing this for hours with no good direction from the forum or other sources on the internet.

I’m trying to integrate Auth0 into an existing MVC application while I’m also working on a future SPA+Web Api solution to ultimately replace it.

I have followed the documentation at https://auth0.com/docs/quickstart/webapp/aspnet-owin, followed by https://auth0.com/docs/quickstart/webapp/aspnet-owin/01-login.

I have my OWIN security configuration as follows. It uses a custom cookie provider where I do some claims augmentation.

        app.UseCookieAuthentication(
            new CookieAuthenticationOptions
            {
                Provider = cookieProvider,
                AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
                LoginPath = new PathString("/Authentication/SignIn")
            });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Configure Auth0 authentication
        var options = new Auth0AuthenticationOptions
        {
            Domain = Settings.Domain,
            ClientId = Settings.ClientId,
            ClientSecret = Settings.ClientSecret
        };
        app.UseAuth0Authentication(options);

The authentication/signin view contains the following:

@{
    ViewBag.Title = "Sign In";
}

<div id="root" style="width: 320px; margin: 40px auto;">
</div>

<script>
    var lock = new Auth0Lock('@Settings.ClientId', '@Settings.Domain',
        {
            container: 'root',
            auth: {
                redirectUrl: window.location.origin + '/signin-auth0',
                responseType: 'code',
                params: {
                    scope: 'openid email profile'
                }
            },
            theme: {
                authButtons: {
                    "AzureADv2": {
                        displayName: "Microsoft"
                    }
                }
            }
        });
    lock.show();
</script>

Once authenticated, the browser redirects to /signin-auth0 which returns a 302 without a location header. This leaves the browser with a blank page.

Chrome provides the following for the /signin-auth0 request

![alt text][1]

Where is this going wrong? I’m expecting that the user should be authenticated and redirected to the original page they were requesting.


#2

Hi,

ASP MVC should forward the call to a default controller and function “/Auth0Account/ExternalLoginCallback”.
That function will convert the external cookie to an application cookie. I see that it is not documented on that page that you listed.

However on the page https://auth0.com/docs/quickstart/webapp/aspnet-owin/01-login you can browse some sample code. What it seems that you are missing is located here:
https://github.com/auth0-samples/auth0-aspnet-owin-mvc-sample/blob/master/01-Login/MvcApplication/MvcApplication/Controllers/Auth0AccountController.cs

If you would like to change the URL, you can specify a “redirectPath” in the app.UseAuth0Authentication settings.
Also please review the used AuthenticationType in the cookie authentication. The example is using “DefaultAuthenticationTypes.ApplicationCookie” instead “CookieAuthenticationDefaults.AuthenticationType” what you are using.


#3