Auth failure with MVC and OWIN using documentation

rprimrose · April 5, 2017, 10:51am

I’ve been bashing this for hours with no good direction from the forum or other sources on the internet.

I’m trying to integrate Auth0 into an existing MVC application while I’m also working on a future SPA+Web Api solution to ultimately replace it.

I have followed the documentation at Auth0 ASP.NET (OWIN) SDK Quickstarts: Login, followed by Auth0 ASP.NET (OWIN) SDK Quickstarts: Login.

I have my OWIN security configuration as follows. It uses a custom cookie provider where I do some claims augmentation.

        app.UseCookieAuthentication(
            new CookieAuthenticationOptions
            {
                Provider = cookieProvider,
                AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
                LoginPath = new PathString("/Authentication/SignIn")
            });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Configure Auth0 authentication
        var options = new Auth0AuthenticationOptions
        {
            Domain = Settings.Domain,
            ClientId = Settings.ClientId,
            ClientSecret = Settings.ClientSecret
        };
        app.UseAuth0Authentication(options);

The authentication/signin view contains the following:

@{
    ViewBag.Title = "Sign In";
}

<div id="root" style="width: 320px; margin: 40px auto;">
</div>

<script>
    var lock = new Auth0Lock('@Settings.ClientId', '@Settings.Domain',
        {
            container: 'root',
            auth: {
                redirectUrl: window.location.origin + '/signin-auth0',
                responseType: 'code',
                params: {
                    scope: 'openid email profile'
                }
            },
            theme: {
                authButtons: {
                    "AzureADv2": {
                        displayName: "Microsoft"
                    }
                }
            }
        });
    lock.show();
</script>

Once authenticated, the browser redirects to /signin-auth0 which returns a 302 without a location header. This leaves the browser with a blank page.

Chrome provides the following for the /signin-auth0 request

![alt text][1]

Where is this going wrong? I’m expecting that the user should be authenticated and redirected to the original page they were requesting.

mathijs.van.gool · April 5, 2017, 2:29pm

Hi,

ASP MVC should forward the call to a default controller and function “/Auth0Account/ExternalLoginCallback”.
That function will convert the external cookie to an application cookie. I see that it is not documented on that page that you listed.

However on the page Auth0 ASP.NET (OWIN) SDK Quickstarts: Login you can browse some sample code. What it seems that you are missing is located here:
https://github.com/auth0-samples/auth0-aspnet-owin-mvc-sample/blob/master/01-Login/MvcApplication/MvcApplication/Controllers/Auth0AccountController.cs

If you would like to change the URL, you can specify a “redirectPath” in the app.UseAuth0Authentication settings.
Also please review the used AuthenticationType in the cookie authentication. The example is using “DefaultAuthenticationTypes.ApplicationCookie” instead “CookieAuthenticationDefaults.AuthenticationType” what you are using.

Topic		Replies	Views
ASP.NET OWIN callbackURL "/signin-auth0" cannot be found Help aspnet-mvc	15	11589	December 17, 2018
Auth0 ASP.Net.Owin SSO Validate cookie cross domain Help sso , owin , multi-tenant , aspnet-mvc	7	6871	March 2, 2018
Auth0 sso with ASP.NET web forms application Help auth0 , login	1	3286	May 20, 2024
Critical login issue with ASP.NET MVC 5 Help aspnet-mvc , net	0	4001	May 14, 2021
Auth0 Authentication not working when callbackurl is a directory Help aspnet-mvc	2	5703	January 15, 2019

Auth failure with MVC and OWIN using documentation

Related Topics