Auth0 Home Blog Docs

Auth0 Authentication not working when callbackurl is a directory

aspnet-mvc

#1

Copied from stackoverflow: https://stackoverflow.com/questions/51965185/auth0-authentication-not-working-when-callbackurl-is-a-directory

I’m having a hard time finding the right words to google I think. I am integrating Auth0 into a new web site, and I have followed the quick start tutorial for a AS.NET MVC site.

When I set the Allowed Callback to be https://localhost:44334, everything works like a charm. I can log in, I see the cookie created,all of it.

But, when I set the Allowed Callback to be https://localhost:44334/anyFolderHere, I get nothing. The site redirects to Auth0, I can log in, and I get redirected to the correct location. But no cookie, no auth token, nothing.

I can see in the Auth0 logs that it thinks everything went fine, login successful. I see no errors being thrown in my code, I just get nothing.

The code I have is almost line-for-line from their quick start. I am hesitant to start making changes until I can see it working…

I’m sure I am making a rookie mistake here, but I’m getting frustrated and just can’t see past myself.

Here is what I have:

public class Startup
{
    /// <summary>
    /// Configure OWIN to use OpenIdConnect 
    /// </summary>
    /// <param name="app"></param>
    public void Configuration(IAppBuilder app)
    {
        // Configure Auth0 parameters
        string auth0Domain = System.Configuration.ConfigurationManager.AppSettings["auth0:Domain"];
        string auth0ClientId = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientId"];
        string auth0ClientSecret = System.Configuration.ConfigurationManager.AppSettings["auth0:ClientSecret"];
        string auth0RedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:RedirectUri"];
        string auth0PostLogoutRedirectUri = System.Configuration.ConfigurationManager.AppSettings["auth0:PostLogoutRedirectUri"];

        // Enable the Cookie saver middleware to work around a bug in the OWIN implementation
        app.UseKentorOwinCookieSaver();

        // Set Cookies as default authentication type
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
            LoginPath = new PathString("/Account/Login")
        });

        // Configure Auth0 authentication
        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = "Auth0",

            Authority = $"https://{auth0Domain}",

            ClientId = auth0ClientId,
            ClientSecret = auth0ClientSecret,

            RedirectUri = auth0RedirectUri,
            PostLogoutRedirectUri = auth0PostLogoutRedirectUri,

            ResponseType = OpenIdConnectResponseType.CodeIdToken,
            Scope = "openid profile",

            TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name"
            },

            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                RedirectToIdentityProvider = notification =>
                {
                    if (notification.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
                    {
                        var logoutUri = $"https://{auth0Domain}/v2/logout?client_id={auth0ClientId}";

                        var postLogoutUri = notification.ProtocolMessage.PostLogoutRedirectUri;
                        if (!string.IsNullOrEmpty(postLogoutUri))
                        {
                            if (postLogoutUri.StartsWith("/"))
                            {
                                // transform to absolute
                                var request = notification.Request;
                                postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                            }
                            logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
                        }

                        notification.Response.Redirect(logoutUri);
                        notification.HandleResponse();
                    }
                    return Task.FromResult(0);
                }
            }
        });
    }
}


public class AccountController : Controller
    {
        public ActionResult Login(string returnUrl)
        {
            HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
                {
                    RedirectUri = returnUrl ?? Url.Action("Index", "Home")
                },
                "Auth0");
            return new HttpUnauthorizedResult();
        }

        [Authorize]
        public void Logout()
        {
            HttpContext.GetOwinContext().Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
            HttpContext.GetOwinContext().Authentication.SignOut("Auth0");
        }
    }