Introduction
I have an ASP.Net Core 2.2 web application.
I am attempting to keep my ClientSecret out of source control and using a global environment variable set on my computer that contains the private key value.
But it would appear it is not working even though I can see it’s value output into the path variable when I enter the command “path” into the CLI. I have gone through so many articles about hiding a private key via a global windows environment variable but they’re all to do with Node.js apps.
Steps to reproduce
To summarise the steps:
1.Use this quickstart if you want. https://auth0.com/docs/quickstart/webapp/aspnet-core/03-authorization?download=true And once you have downloaded the app, copy the Client Secret value to clipboard.
2.Type into your start menu search bar “Edit environment variables for your account” and select that option when it appears.
-
Add new variable called AUTH0_CLIENT_SECRET.
-
Swap this made up private key value…
"ClientSecret": "78y9t3287UYIG32e3redfe"
For the global environment variable we created in the Environment Variables window.
"ClientSecret": "{AUTH0_CLIENT_SECRET}"
Expected behaviour
I can authorize my user like I always have been able to sign into the application.
Actual behaviour
Moment I sign in I will get this error.
Message contains error: 'access_denied', error_description: 'Unauthorized', error_uri: 'error_uri is null', status code '401'.
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler:Error: Message contains error: 'access_denied', error_description: 'Unauthorized', error_uri: 'error_uri is null', status code '401'.
Environment data
.NET Core SDK (reflecting any global.json):
Version: 2.2.6
Runtime Environment:
OS Name: Windows
OS Version: 6.3.9600
OS Platform: Windows
RID: win81-x64