Copied from stackoverflow: asp.net mvc - Auth0 Authentication not working when callbackurl is a directory - Stack Overflow
I’m having a hard time finding the right words to google I think. I am integrating Auth0 into a new web site, and I have followed the quick start tutorial for a AS.NET MVC site.
When I set the Allowed Callback to be https://localhost:44334, everything works like a charm. I can log in, I see the cookie created,all of it.
But, when I set the Allowed Callback to be https://localhost:44334/anyFolderHere, I get nothing. The site redirects to Auth0, I can log in, and I get redirected to the correct location. But no cookie, no auth token, nothing.
I can see in the Auth0 logs that it thinks everything went fine, login successful. I see no errors being thrown in my code, I just get nothing.
The code I have is almost line-for-line from their quick start. I am hesitant to start making changes until I can see it working…
I’m sure I am making a rookie mistake here, but I’m getting frustrated and just can’t see past myself.
Here is what I have:
public class Startup
{
/// <summary>
/// Configure OWIN to use OpenIdConnect
/// </summary>
/// <param name="app"></param>
public void Configuration(IAppBuilder app)
{
// Configure Auth0 parameters
string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0:Domain"];
string auth0ClientId = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientId"];
string auth0ClientSecret = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientSecret"];
string auth0RedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:RedirectUri"];
string auth0PostLogoutRedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:PostLogoutRedirectUri"];
// Enable the Cookie saver middleware to work around a bug in the OWIN implementation
app.UseKentorOwinCookieSaver();
// Set Cookies as default authentication type
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Account/Login")
});
// Configure Auth0 authentication
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "Auth0",
Authority = $"https://{auth0Domain}",
ClientId = auth0ClientId,
ClientSecret = auth0ClientSecret,
RedirectUri = auth0RedirectUri,
PostLogoutRedirectUri = auth0PostLogoutRedirectUri,
ResponseType = OpenIdConnectResponseType.CodeIdToken,
Scope = "openid profile",
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name"
},
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = notification =>
{
if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
var logoutUri = $"https://{auth0Domain}/v2/logout?client_id={auth0ClientId}";
var postLogoutUri = notification.ProtocolMessage.PostLogoutRedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
// transform to absolute
var request = notification.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
}
notification.Response.Redirect(logoutUri);
notification.HandleResponse();
}
return Task.FromResult(0);
}
}
});
}
}
public class AccountController : Controller
{
public ActionResult Login(string returnUrl)
{
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
{
RedirectUri = returnUrl ?? Url.Action("Index", "Home")
},
"Auth0");
return new HttpUnauthorizedResult();
}
[Authorize]
public void Logout()
{
HttpContext.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
HttpContext.GetOwinContext().Authentication.SignOut("Auth0");
}
}
