Want to configure hosted login page via an ASP.NET Core web app

APIs Authentication API
#1

I want my hosted login page to be configurable - essentially I want to pass the initialScreen parameter to configure the login page.

I’ve seen an example using JS, however I’m using ASP.NET Core 2 and I can’t find any such example.

I’m thinking that in my Login method in my controller I can somehow pass the parameter:
public async Task Login(string returnUrl = “/”)
{
await HttpContext.ChallengeAsync(“Auth0”, new AuthenticationProperties() { RedirectUri = returnUrl });

}

Then, in my hosted login page I can pickup the parameter. In the HTML page below, I have currently hard-coded initialScreen: ‘signUp’ when configuring lock.
I want ‘signUp’ to be passed as a parameter.

Sign In with Auth0
1 Like
#2

Also curious to know if this can be done. I’ve considered using an XHR in the hosted page to go back to my site to read the config.

#3

One option could be to use login_hint - though it’s not really meant for this usage but can be used.

Something like this:

public async Task Login(string returnUrl = “/”)
{
await HttpContext.ChallengeAsync(“Auth0”, new AuthenticationProperties() {new Dictionary<string,string>(){ {“login_hint”,“signup”}
});

HTH,
Zulfiqar

#4

Thanks for responding and for the login_hint idea. However, I still have an issue.

I’ve tried using login_hint.

In the controller code I did:
public async Task Login(string returnUrl = “/”)
{
var props = new AuthenticationProperties { RedirectUri = returnUrl };
props.Items.Add(“login_hint”, “signUp”);

        await HttpContext.ChallengeAsync("Auth0", props);
    }

Then on the hosted login page, I tried to retrieve the parameter login_hint by examining config.extraParams.
However, extraParams did not contain login_hint.

So, not sure what’s going on?

a) did I pass the new parameter “login_hint” incorrectly from my controller?
b) was I correct in looking for “login_hint” in config.extraParams?

Appreciate any help.
Cheers John.

#5

Can you please check network trace in chrome to see if login_hint is included in /authorize request to auth0? If it’s include - it should be available in extraParams

#6

No - it’s not included.

Here is network trace:

image
image790×324 16 KB

Here is debugging info from controller:

image
image691×305 52.3 KB

Hope this helps.

#7

hmm, that’s strange. Apparently parameters is the 2nd argument in AuthenticationProperties. Can you try following please?

await HttpContext.ChallengeAsync("Auth0", new AuthenticationProperties(null,new Dictionary<string,object>(){ {"prompt","signup"} }));

Thanks,
Zulfiqar

#8

Thanks Zulfiqar for continuing to help.

I’m not a C# expert so I may be missing something.

If I try your code, I get an error as follows:

image
image1027×139 49.5 KB

ie saying that ‘AuthenticationProperties’ does not contain a constructor that takes 2 arguments.

If we then examine the AuthenticationProperties class we see the following:
image

If I try something like:

image
image1024×151 51.6 KB

notice the message Property or indexer ‘AuthenticationProperties.Items’ cannot be assigned to – it is read only’
which corresponds to the class definition of Items ( get; }

Cheers, John

#9

Still stuck.
Looks like I need to reach out to official Auth0 support.

#10

I wound up using a cookie and custom domains to read the setting from the hosted login page. This will only work if your auth challenge and hosted page are on the same root domain. Here the auth challenge is issued at www.example.com and the login page is hosted at login.example.com.

[HttpGet("login-auth0-redirect")]
public IActionResult LoginAuth0Redirect(string mode = "login")
{
    Response.Cookies.Append("auth0-mode", mode, new CookieOptions
    {
        Domain = "example.com",
        Secure = true,
        Expires = DateTimeOffset.UtcNow.AddMinutes(5)
    });
    return new ChallengeResult("Auth0",
        new AuthenticationProperties
        {
            RedirectUri = Url.Action("Auth0Callback", "Account"),
        });
}

And in the hosted page:

#11

The hosted page code was cut off:

<script src="https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js"></script>
<script>
var auth0Mode = Cookies.get("auth0-mode") || "";
</script>
#12

Thanks Clayton for responding.

You mention that Auth Challenge and login page must be in same domain.

My scenario at the moment (in development phase) has Auth Challenge on a general Azure page (azurewebsites.net domain) and my login page is hosted using the auth0.com domain.

Does that mean that your solution won’t work for me?

#13

Correct, in order to share the cookie you must use Auth0 Custom Domains (https://auth0.com/docs/custom-domains) and serve your app from the same root domain.

#14

Thanks for confirming.

Looks like I probably need to reach out and see if there is another solution.

#15

I was able to pass the prompt parameter across with this code in the controller
[AllowAnonymous]
[Route(“login”)]
public async Task LogIn(string returnUrl = “/”)
{
var authenticationProperties = new AuthenticationProperties { RedirectUri = returnUrl };
authenticationProperties.SetParameter(“prompt”, “login”);
await HttpContext.ChallengeAsync(“Auth0”, authenticationProperties);
}

I can then access the value in the javascript using:
config.extraParams.prompt

#16

Thanks Andy for your code.

When I try it, I don’t have “SetParameter” as an available method. So, your code doesn’t work.

I’m using v 2.0.0 of the asp.net core framework.

Is there something I’m overlooking?

Here is snippet:
image

#17

The only thing it could be is the version .netcore that you are using, I have used it with version 2.1 and 2.2

1 Like
#18