I have a .net app with login setup via Auth0 (works fine with user interaction) but I want to login with a script with no user interaction, which isn’t working. Basically I want to run a LogicApp or some script with hard coded user/pass at night that access a page inside my app.
I’ve tried Azure LogicApps and Postman with the same results. I try to access a page inside my app by passing user/password as basic auth. I get a few redirects and back to the signin page. Auth0 is no providing any logs, so I assume the authentication is not reaching Auth0.
Obs1: I had this setup that I’m sure was working about 6 months ago, just recently I realized that it had stopped working, could’ve been a change in Auth0 or due to migrating from .net core 2.1 to 3.
Obs2: I also started testing the login with a Bearer token, but there will be too many changes in the code that I want to leave this as plan b.
Snippet of Startup.cs
services.Configure(options =>‘’’
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
options.Secure = CookieSecurePolicy.Always;
});// Add authentication services
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(“Auth0”, options =>
{
// Set the authority to your Auth0 domain
options.Authority = $“https://login.myapp.net”;// Configure the Auth0 Client ID and Client Secret
options.ClientId = "";
options.ClientSecret = "*******;//Set response type to code
options.ResponseType = “code”;// Configure the scope
options.Scope.Clear();
options.Scope.Add(“openid”);
options.Scope.Add(“profile”);
options.Scope.Add(“email”);//Set the correct name claim type
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = “name”,
RoleClaimType = “https://schemas.myapp.net”
};// Set the callback path
options.CallbackPath = new PathString(“/callback”);// Configure the Claims Issuer
options.ClaimsIssuer = “Auth0”;
Postman result (3 redirects and a found - login page):
GET https://myapp.net/
302GET https://myapp.net/Account%2FLogin
302GET https://login.myapp.net/login?state=***********&protocol=oauth2&redirect_uri=https%3A%2F%2Fapp.myapp.net%2Fcallback&response_type=code&scope=openid%20profile%20email&code_challenge=*********&code_challenge_method=S256&response_mode=form_post&nonce=*************&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
200
197ms
▼
Request Headers
Authorization: Basic **********
User-Agent: PostmanRuntime/7.22.0
Accept: /
Cache-Control: no-cache
Postman-Token: **************
Accept-Encoding: gzip, deflate, br
Cookie: did=; auth0_compat=**
Referer: https://login.myapp.net/authorize?client_id=***************&redirect_uri=https%3A%2F%2Fapp.myapp.net%2Fcallback&response_type=code&scope=openid%20profile%20email&code_challenge=***********&code_challenge_method=S256&response_mode=form_post&nonce=******&state=*************&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Connection: keep-alive
Response Headers
Server: nginx
Date: Wed, 11 Mar 2020 04:18:29 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ot-tracer-spanid: 6ed01af3e
ot-tracer-traceid: 3d5f35a407
ot-tracer-sampled: true
X-Auth0-RequestId: 655374d6432978
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1583900310
set-cookie: _csrf=eML8VgsIOn-ONcU0u3TeTx7U; Max-Age=864000; Path=/usernamepassword/login; HttpOnly; Secure
X-Robots-Tag: noindex, nofollow
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
X-Frame-Options: deny
Content-Security-Policy: frame-ancestors ‘none’
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
ETag: W/“a6e-Dn+oh0+jgssgYbnM4PE”
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
Content-Encoding: gzip
Strict-Transport-Security: max-age=15768000
▼
Response Body
[sign in page]