Trying out core in .net 6 and having a redirect issue I cannot explain

I am following the ASP.NET Core: Login quickstart article, link is account specific so I cannot provide it here. I am also adapting it to C# 10/.net 6.

It is using razor pages and a two MapGets to setup logging in and out.

One the razor page, the login is: Login I am specifically avoiding asp-… helpers because instead of using an AccountController, I am using two smaller minimal api calls:

app.MapGet("/login", async context => {
    var returnUrl = context.Request.Query["returnUrl"] switch
        StringValues { Count: 0 } => "/",
        StringValues { Count: int n } results => results[n - 1]

    await context.ChallengeAsync(new AuthenticationProperties() { RedirectUri = returnUrl });

What I expected to happen is that this /login call would redirect over to auth0, but instead it is trying to go to: https://localhost:7147/Account/Login?ReturnUrl=%2F

The link for login appears rightly as /login and that handler above is invoked. I am at my wits-end trying to figure out where this /Account/Login stuff is coming from because it isn’t specified ANYWHERE in the application. I realize the sample uses an AccountController. I am suspecting this behaviour is something built into core that my google-fu is not good enough to find.

The project I have built is at: IdeaPlexWeb/Program.cs at main · idea-plex/IdeaPlexWeb · GitHub

It is not necessarily the case that all of the auth0 settings are configured correctly in the webapp, note that credientials won’t be found in the repo, they are stored in the secrets.

Any help is appreciated.

I have happened upon some code that indeed changes the paths for the cookie, such as:

.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
    options.LoginPath = "/login";
    options.LogoutPath = "/logout";

However, it will just create an infinite loop, but for some reason the same thing in the sample using the AccountController doesn’t create an infinite loop.

So it turns out all I had to do was add “Auth0” to the ChallengeAsync. That detail might have been nice to have in the quickstart.

Right now I can login and logout, which is great!

1 Like

Perfect! Glad to hear that and thanks for sharing with the rest of community! I’m gonna pass it as feedback to our team responsible for quickstarts!