10

I have written a webpage that takes advantage of Google/Facebook auth using MVC5 and OAuth.

Sometimes, I'm able to auth very well using either Facebook or Google. It works quite well.

However often what happens is:

  1. Navigate to the login page.
  2. Choose either google or facebook.
  3. Provide the account info, getting the necessary redirects.
  4. Redirect back to login page, but not logged in.

I'm not receiving (or not looking in the right place) any errors that clue me in - I am using SSL on Azure for hosting.

Does anyone have tips for why it sometimes works, and sometimes does not? This feels like it could be a cookie thing, or maybe a server side configuration problem? I can't figure out why it would sometimes work and sometimes wouldn't work.

I've tried:

  • Using a second machine, one that has never logged in before (to rule out cookies), same problem.
  • Clearing my cookie cache, same problem.

How I'm configured:

public void ConfigureAuth(IAppBuilder app)
{
    // Enable the application to use a cookie to store information for the signed in user
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login")
    });
    // Use a cookie to temporarily store information about a user logging in with a third party login provider
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

    // Uncomment the following lines to enable logging in with third party login providers
    //app.UseMicrosoftAccountAuthentication(
    //    clientId: "",
    //    clientSecret: "");

    //app.UseTwitterAuthentication(
    //   consumerKey: "",
    //   consumerSecret: "");

    app.UseFacebookAuthentication(
       appId: "abc",
       appSecret: "123");

    app.UseGoogleAuthentication();
}

I've followed this tutorial to use OAuth in MVC5: Create an ASP.NET MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on (C#)

bad_coder
  • 11,289
  • 20
  • 44
  • 72
stuck
  • 2,264
  • 2
  • 28
  • 62
  • i have the same issue. i have a site hosted on azure, boilerplate login code, works 90% of the time, other times its stuck on a loop. restarting the site on azure, waiting 30 secs and then redoing it works fine. – spaceman Feb 06 '14 at 10:12
  • 1
    Have you ever found a solution? It's also a long running problem overhere. – roberth Sep 07 '15 at 08:16
  • 1
    This seems to have solved the problem for me: https://github.com/KentorIT/owin-cookie-saver – Cooper Sep 09 '15 at 13:12

2 Answers2

4

To resolve this issue: you can upgrade your application to use ASP.NET Core. If you must continue stay on ASP.NET, perform the following:

Update your application’s Microsoft.Owin.Host.SystemWeb package be at least version and Modify your code to use one of the new cookie manager classes, for example something like the following:

app.UseCookieAuthentication(new CookieAuthenticationOptions 
{ 
    AuthenticationType = "Cookies", 
    CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager() 
});

Reference Link

shubham mahore
  • 162
  • 10
2

this is a major issue where randomly your application will start going into an infinite loop and some times redeploying the application makes it work but only temporary. the quick way i found to address this issue is using nuget package kentor.owincookiesaver as commented by @cooper. you should make a call to this class before cookieauthentication call in the owin startup class as shown below

app.UseKentorOwinCookieSaver();

app.UseCookieAuthentication(new CookieAuthenticationOptions());

Apparently there is a bug in owin and katana where your cookie just disappear and this fixes it.

Baahubali
  • 4,604
  • 6
  • 33
  • 72
  • where is this bug documented? – Andy Cohen Jan 06 '17 at 16:56
  • this solution work in my case, http://stackoverflow.com/questions/42431801/after-implementing-to-office-365-able-to-login-but-getting-bad-request – Vikrant More Feb 27 '17 at 07:09
  • The bug is documented here: https://katanaproject.codeplex.com/workitem/197 and the workaround is documented here: https://github.com/KentorIT/owin-cookie-saver The Kentor.OwinCookieSaver nuget package has been downloaded 95,000 times. – Jon Crowell Apr 19 '17 at 21:29