MVC4的问题和Google的外部登录

Question

I've an ASP .NET MVC4 application that uses SimpleMembership and allows users to sign in with their google accounts.

In order to do that I configured the application's AuthConfig class by uncommenting the OAuthWebSecurity.RegisterGoogleClient(); line to add google as an external login method. I didn't really change much inside the external login methods that already come with the ASP .NET MVC4 Internet Application template.

Problem:

Everything works fine when I run it locally (IIS express) or when I deploy it to a 'test' server (IIS 6.1, accessible on the intranet only). When I click my "sign in with google" button, I'm sent to google's authentication page, whose url looks something like this:

https://accounts.google.com/ServiceLogin?service=lso&passive=12096...(long url)

Alas, when I deploy it to the 'production' server (internet facing) and try to access it via internet, Google authentication stops working: when I click my "sign in with google" I'm being sent to an url that looks like this:

http://MY_APPLICATION_NAME.MY_DOMAIN.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid...(long url)

This url is wrong not only because it has my domain in it (I believe it should be accounts.google.com?), but also because the rest of it is completely different from the url I get when the authentication works.

What I know and have tried:

If I use fiddler, I can see that the application is behaving differently when I'm accessing the application via internet or intranet.

• If I access it from within the network, I see I'm making a request to http://MY_APPLICATION_NAME.MY_DOMAIN.com/account/ExternalLogin?returnUrl= and then "Tunnel to www.google.com:443, Tunnel to accounts.google.com:443" . This works ok.
• If I access it from the internet I see I'm making a request to http://MY_APPLICATION_NAME.MY_DOMAIN.com/account/ExternalLogin?returnUrl= and then another one to http://MY_APPLICATION_NAME.MY_DOMAIN.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid...(long url) . This obviously gives a 404.

I might be wrong but I assume that this url is generated by the OAuthWebSecurity.RequestAuthentication(provider, returnUrl) . What puzzles me is that it looks like it is requesting the authenticaton to my server instead of accounts.google.com.

My research so far has only brought to me posts/questions/etc. showing how easy it is to use SimpleMembership for external authentication and I can see everyone does it pretty much the same way.

Conclusion:

I believe this probably has something to do with something I must configure on web.config or IIS. I do know that the requests to my application arrive at my DNS server which does a url rewrite and forwards the request to my web server, although I don't know if this is related to the problem.

Does anyone have any idea of what might be wrong or ever had a similar issue? Any help would be appreciated.

EDIT:

I've looked into OpenAuthSecurityManager.cs 's source code and although I can't debug it I see the problem might be related to an incorrect HttpContext inside the RequestAuthentication method, due to my reverse proxy settings on IIS?

Answer 1

I ended up with a request to change the IT infrastructure. OpenAuthSecurityManager.cs was probably getting a wrong HttpContext instance because of the way the requests were being handled by the previous infrastructure (requests arrived at our DNS server and were forwarded to the web service, on a different server inside our network, with UrlRerwrite rules).

It's working now.