Owin 3rd party login with Google or Facebook redirect failed (/Account/ExternalLoginCallback not working) C# MVC

Question

When we test our program in local server the 3rd party login works fine, but that's not the case when we publish it onto the actual server. When we use 3rd party login on actual server, it didn't work.

So far what we know is our server provider is using https while our IIS server setting is using http. Could this be the cause? If not, any idea what's the problem we are encountering?

Here is the URL when we are entering account on Facebook 3rd party login page:

https://www.facebook.com/login.php?skip_api_login=1&api_key=569249369941462&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.8%2Fdialog%2Foauth%3Fredirect_uri%3Dhttp%253A%252F%252Fwww.ipce.com.tw%252Fsignin-facebook%26state%3DwXOgKtgLeatXfqXP-Cv-Rc5EJu7AYiWQyqyN4bqtWfgZr6ncxzc9uerpXv4uSKZoSUQpWwO5AUt2YksiIP3q05GhjVUoT94kMZD5E57a2PgMaJT8oSrXh1K9lrH3g88DF0M2jtGX-DWJl-UJ66g_neu5xx1pGsIc3NBvblBjQfWM_rR6Vt8qB16GTCMqxSsQXhH4UXRDuQY5eBLSUKS7W0SRJMzDNClgMRT-VTZ7Gvv4oYTEAXnFG6qmh41o-xT5%26scope%3Demail%26response_type%3Dcode%26client_id%3D569249369941462%26ret%3Dlogin%26logger_id%3D2a07ffc7-acf8-ad97-0b9f-b45dcff38b39&cancel_url=http%3A%2F%2Fwww.ipce.com.tw%2Fsignin-facebook%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%26state%3DwXOgKtgLeatXfqXP-Cv-Rc5EJu7AYiWQyqyN4bqtWfgZr6ncxzc9uerpXv4uSKZoSUQpWwO5AUt2YksiIP3q05GhjVUoT94kMZD5E57a2PgMaJT8oSrXh1K9lrH3g88DF0M2jtGX-DWJl-UJ66g_neu5xx1pGsIc3NBvblBjQfWM_rR6Vt8qB16GTCMqxSsQXhH4UXRDuQY5eBLSUKS7W0SRJMzDNClgMRT-VTZ7Gvv4oYTEAXnFG6qmh41o-xT5%23_%3D_&display=page&locale=zh_TW&logger_id=2a07ffc7-acf8-ad97-0b9f-b45dcff38b39

and this is the URL after we login, back to our home page but /Account/ExternalLoginCallback is not called

https://www.ipce.com.tw/?code=AQAUdHG-r1AxBOy1xkVm4sklkq-tBKn-9c_PAYqqpZmwiseTcKWAnTRJkoyeoZkiwReg_x7VSnMymQiWgqp0ZdnhlH1ypijH-FSyaca5BDCMJUS04x05CNVjrN5HvuRXdVJkv2OHwzqkTSWvkwC6S58nrRckIjroKjjGDqaWvldOt_0g8nFe_ZvLovj_hbdQs5SPE4M97CpPrm0ExudeEddEo1zn29RIMabS204kF445Hn73X90RTy7WpIqAINpcIIwK4XeAQMcoqoBQinaVRyjrNxjvKoAEXqBPBKKkdJn7u3bx94rFZXqHGGMJ6uth0rBSpDPJgtq0M1XMmYXfESjS&state=wXOgKtgLeatXfqXP-Cv-Rc5EJu7AYiWQyqyN4bqtWfgZr6ncxzc9uerpXv4uSKZoSUQpWwO5AUt2YksiIP3q05GhjVUoT94kMZD5E57a2PgMaJT8oSrXh1K9lrH3g88DF0M2jtGX-DWJl-UJ66g_neu5xx1pGsIc3NBvblBjQfWM_rR6Vt8qB16GTCMqxSsQXhH4UXRDuQY5eBLSUKS7W0SRJMzDNClgMRT-VTZ7Gvv4oYTEAXnFG6qmh41o-xT5#/_=_

I tried forcing http to https, but a server error 500 happened, I can't figure another way to fix the problem.

somebody help me please

Try 1

I set localhost server Route like this:

routes.MapRoute(
     name: "SigninFacebook",
     url: "signin-facebook",
     defaults: new { controller = "Member", action = "ExternalLoginCallback" }
);

It works! but it responded HTTP ERROR 500.

I tried applying the setting to actual server, well, nothing happened. It still redirect to our home page, and ExternalLoginCallback still not called. I doubt our actual server didn't get to signin-facebook Route.

Answer 1

I suppose it happens because you provide redirect_uri=localhost.

This parameter is used to redirect the browser page after successful 3rd party login to provide a auth code from Facebook to your server.

It works in your test environment because your webserver is local so browser can perform redirect to localhost.

But in production environment the real domain name should be used instead of localhost.