ChallengeAsync works on localhost but Server 500 when published

Scott_Hooper · December 5, 2023, 11:27am

Quite new to Auth0. I have an MVC Razor web app using Auth0 authentication (Auth0.AspNetCore.Authentication 1.3.1). In debug on localhost my login function works flawlessly, but when I deploy the app to my asp.net hosting provider the login fails with a server 500 on /Account/Callback.

I have double and triple checked the Allowed Callback URL's, taking the path that worked on localhost and substituting the live published domain path.

My Account controller is as follows:

// Controllers/AccountController.cs

using Microsoft.AspNetCore.Authentication;
using Auth0.AspNetCore.Authentication;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization;
using System.Security.Claims;  
using AchtungCampersFeaturesList.Models;
using System.Diagnostics;

public static class ActiveUser
{
    public static AuthorisedUser user = new AuthorisedUser();

}

public class AccountController : Controller
{
    public async Task Login(string returnUrl = "/")
    {
        var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
            .WithRedirectUri(returnUrl)
            .Build();

        await HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
    }

    
    public async Task<IActionResult> Callback()
    {
        var userId = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
        var userName = User.Identity.Name;

        return RedirectToAction("Profile");
    }

#if !DEBUG 
[Authorize] 
#endif
    public async Task Logout()
    {
        var authenticationProperties = new LogoutAuthenticationPropertiesBuilder()
            .WithRedirectUri(Url.Action("Index", "Home"))
            .Build();

        await HttpContext.SignOutAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
        await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
    }

#if !DEBUG
[Authorize] 
#endif
    public IActionResult Profile()
    {
        return View(new UserProfileViewModel()
        {
            Name = User.Identity.Name,
            EmailAddress = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value,
            ProfileImage = User.FindFirst(c => c.Type == "picture")?.Value
        });
    }

#if !DEBUG 
[Authorize] 
#endif
    public IActionResult Claims()
    {
        return View();
    }

    [Route("/Account/NotAuthorised")]
    public IActionResult NotAuthorised()
    {
        return View();
    }
}

AdrianMRyan · December 18, 2023, 7:54pm

Hi @Scott_Hooper, thanks for taking the time to write this up. I'm a bit out of my depth though: are you using Retool at all in this application? These forums are for discussing building apps on our platform, and so might not be the best place to get help on a basic C# application. But if Retool is part of the toolchain, I can try to help with that part!