Auth0 Home Blog Docs

Auth0 Authentication not working when callbackurl is a directory

aspnet-mvc

#1

Copied from stackoverflow: https://stackoverflow.com/questions/51965185/auth0-authentication-not-working-when-callbackurl-is-a-directory

I’m having a hard time finding the right words to google I think. I am integrating Auth0 into a new web site, and I have followed the quick start tutorial for a AS.NET MVC site.

When I set the Allowed Callback to be https://localhost:44334, everything works like a charm. I can log in, I see the cookie created,all of it.

But, when I set the Allowed Callback to be https://localhost:44334/anyFolderHere, I get nothing. The site redirects to Auth0, I can log in, and I get redirected to the correct location. But no cookie, no auth token, nothing.

I can see in the Auth0 logs that it thinks everything went fine, login successful. I see no errors being thrown in my code, I just get nothing.

The code I have is almost line-for-line from their quick start. I am hesitant to start making changes until I can see it working…

I’m sure I am making a rookie mistake here, but I’m getting frustrated and just can’t see past myself.

Here is what I have:

public class Startup
{
    /// <summary>
    /// Configure OWIN to use OpenIdConnect 
    /// </summary>
    /// <param name="app"></param>
    public void Configuration(IAppBuilder app)
    {
        // Configure Auth0 parameters
        string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0:Domain"];
        string auth0ClientId = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientId"];
        string auth0ClientSecret = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientSecret"];
        string auth0RedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:RedirectUri"];
        string auth0PostLogoutRedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:PostLogoutRedirectUri"];

        // Enable the Cookie saver middleware to work around a bug in the OWIN implementation
        app.UseKentorOwinCookieSaver();

        // Set Cookies as default authentication type
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
            LoginPath = new PathString("/Account/Login")
        });

        // Configure Auth0 authentication
        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = "Auth0",

            Authority = $"https://{auth0Domain}",

            ClientId = auth0ClientId,
            ClientSecret = auth0ClientSecret,

            RedirectUri = auth0RedirectUri,
            PostLogoutRedirectUri = auth0PostLogoutRedirectUri,

            ResponseType = OpenIdConnectResponseType.CodeIdToken,
            Scope = "openid profile",

            TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name"
            },

            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                RedirectToIdentityProvider = notification =>
                {
                    if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
                    {
                        var logoutUri = $"https://{auth0Domain}/v2/logout?client_id={auth0ClientId}";

                        var postLogoutUri = notification.ProtocolMessage.PostLogoutRedirectUri;
                        if (!string.IsNullOrEmpty(postLogoutUri))
                        {
                            if (postLogoutUri.StartsWith("/"))
                            {
                                // transform to absolute
                                var request = notification.Request;
                                postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                            }
                            logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
                        }

                        notification.Response.Redirect(logoutUri);
                        notification.HandleResponse();
                    }
                    return Task.FromResult(0);
                }
            }
        });
    }
}


public class AccountController : Controller
    {
        public ActionResult Login(string returnUrl)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
                {
                    RedirectUri = returnUrl ?? Url.Action("Index", "Home")
                },
                "Auth0");
            return new HttpUnauthorizedResult();
        }

        [Authorize]
        public void Logout()
        {
            HttpContext.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
            HttpContext.GetOwinContext().Authentication.SignOut("Auth0");
        }
    }

#3

:wave: @russ.harding did you update the callback URL in all the right places within your application? Are you still experiencing this issue or were you able to solve it. Please let us know we can take a further look!