ASP.NET Owin OAuth (Google / Facebook) is redirecting to default login.aspx insead of remote log in page
Question
I'm setting up OAuth using the Owin libraries including Google and Facebook.
The Owin startup class is registering fine by the looks of it. What I'm finding is that rather than being redirected to the appropriate sign in page at Facebook or Google, I'm being redirected to a default 'login.aspx' page. There is no login.aspx page in my solution.
The flow is triggered in a view like so:
@{
// Get list of configured external authentication middleware
var loginProviders = Context.GetOwinContext().Authentication.GetExternalAuthenticationTypes();
if (!loginProviders.Any())
{
<div>
<p>There are no external authentication services configured</p>
</div>
}
else
{
using (Html.BeginForm("ExternalLogin", "OAuth"))
{
@Html.AntiForgeryToken()
<div>
<p>
@foreach (AuthenticationDescription p in loginProviders)
{
<button type="submit" class="btn btn-default" id="@p.AuthenticationType" name="provider" value="@p.AuthenticationType" title="Log in using your @p.Caption account">@p.AuthenticationType</button>
}
</p>
</div>
}
}
}
This triggers the challenge result, however the challenge result simply causes a redirect to login.aspx (which again does not exist)
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ExternalLogin(string provider)
{
string redirectUri = Url.Action("ExternalLoginCallback");
// Request a redirect to the external login provider
return new ChallengeResult(provider, redirectUri);
}
What could I be missing?
I've included the Startup.cs class for good measure:
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = Config.OAuthFacebookAppId,
AppSecret = Config.OAuthFacebookAppSecret,
Scope = { "email" }, // "email", also "publish_actions" can be included if post to facebook authorization is required
Provider = new FacebookAuthenticationProvider
{
OnAuthenticated = context =>
{
context.Identity.AddClaim(new System.Security.Claims.Claim("FacebookAccessToken", context.AccessToken));
return Task.FromResult(true);
}
}
});
app.UseGoogleAuthentication(
clientId: Config.OAuthGoogleClientId,
clientSecret: Config.OAuthGoogleClientSecret
);
}
2 answers
solution1
3 2017-11-24 11:51:10
The key modification was to add the code:
// Stop execution of the current page/method - the 401 forces OWIN to kick-in and do its thing
Response.StatusCode = 401;
Response.End();
AuthenticationProperties.RedirectUri is not passed to Google in Challenge()
Other issues were that the Google+ API was not enabled
OWIN's GetExternalLoginInfoAsync Always Returns null
... and for Facebook, an upgrade of the Owin libs to 3.1.0 was required
MVC5 Null Reference with facebook login
So full ExternalLogin method:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public void ExternalLogin(string provider)
{
string redirectUri = Url.Action("ExternalLoginCallback");
var properties = new AuthenticationProperties() { RedirectUri = redirectUri };
HttpContext.GetOwinContext().Authentication.Challenge(properties, provider);
// Stop execution of the current page/method - the 401 forces OWIN to kick-in and do its thing
Response.StatusCode = 401;
Response.End();
}
solution2
0 2021-05-17 08:48:43
The root cause of this issue (redirecting to login.aspx) is that during the process of migrating to OWIN authentication, FormsAuthentication has not actually been fully switched off so it is the result of a conflict between the two.
To fully de-activate forms authentication module and resolve this issue, you can add the following to modules section of the web.config file:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.