Problem with following Auth0 tutorial. Basic Auth0 usage with .NET

I have been following this tutorial to integrate basic user login/password authentication for our simple ASP.NET web application:
https://auth0.com/docs/quickstart/webapp/aspnet-core-3/01-login

I was able to get the login page to come up, and I was able to create an account. Then I received an email and confirmed my account, but when I was redirected from there my app crashed. I was able to rerun the app and login, but again the site crashed when I was redirected. I have since been tinkering with some values to make the redirection work, and in so doing I have lost the previous functionality I had. I can no longer access a login page.

The error I now receive when clicking on the login button is

"An unhandled exception occurred while processing the request.
Exception: OpenIdConnectAuthenticationHandler: message.State is null or empty.
Unknown location

Exception: An error was encountered while handling the remote login.
Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()"

I am brand new to Auth0 and to ASP.NET, so I think this is probably a very simple problem: I just don’t know enough to solve it. Please let me know if I can post any code snippets that might make this problem easy to solve.

Thanks!

Here is one relevant portion of code:

.AddOpenIdConnect(“Auth0”, options => {
// Set the authority to your Auth0 domain
options.Authority = $“https://dev-7o2zbcn0.auth0.com”;

            // Configure the Auth0 Client ID and Client Secret
            options.ClientId = "GPIZ29lJhB5wk45Ixsay4SUeUmOxjE7P";
            options.ClientSecret = "MAiYmvl9GmXf0wgbZbiMJXXKA9j-4C7GP1ns0cOCB2WbzkXQVlqeip2K5i0zXy-Q";

            // Set response type to code
            options.ResponseType = OpenIdConnectResponseType.Code;

           // Configure the scope
            options.Scope.Add("openid");

            // Set the callback path, so Auth0 will call back to http://localhost:.../callback
            // Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard
            options.CallbackPath = new PathString("/Backroom/Products");

            // Configure the Claims Issuer to be Auth0
            options.ClaimsIssuer = "Auth0";

            options.Events = new OpenIdConnectEvents
            {
                // handle the logout redirection
                OnRedirectToIdentityProviderForSignOut = (context) =>
                {
                    var logoutUri = $"https://{Configuration["dev-7o2zbcn0.auth0.com"]}/?client_id={Configuration["GPIZ29lJhB5wk45Ixsay4SUeUmOxjE7P"]}";

                    var postLogoutUri = "/Backroom/Campaigns";
                    if (!string.IsNullOrEmpty(postLogoutUri))
                    {
                        if (postLogoutUri.StartsWith("/"))
                        {
                            // transform to absolute
                            var request = context.Request;
                            postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                        }
                        logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
                    }

                    context.Response.Redirect(logoutUri);
                    context.HandleResponse();

                    return Task.CompletedTask;
                }
            };
        });

Here is my Account Controller code:

public class AccountController : Controller
{
public async Task Login(string returnUrl = “/Backroom/Products”)
{
await HttpContext.ChallengeAsync(“Auth0”, new AuthenticationProperties() { RedirectUri = returnUrl });
}

    [Authorize]
    public async Task Logout()
    {
        await HttpContext.SignOutAsync("Auth0", new AuthenticationProperties
        {
            // Indicate here where Auth0 should redirect the user after a logout.
            // Note that the resulting absolute Uri must be whitelisted in the
            // **Allowed Logout URLs** settings for the app.
            RedirectUri = Url.Action("https://localhost:44351/")
        });
        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
    }
}

On Auth0, the only allowed callback URL is
https://localhost:44351/Backroom/Products

and the only allowed logout URL is
https://localhost:44351/Backroom/Campaigns

1 Like

So, has nobody helped you? I am having the same problem. Were you able to resolve it?

1 Like

Same problem here, working through the ASP.NET Core demo. There’s a lot of magic going on, I’m not seeing any great way to debug this.

1 Like