6

I've been trying to implement external logins with OWIN in an MVC5 app using a google account.

If I'm already logged into google, clicking the google button in my app is fine and it takes me to my registration page after allowing me access to the logininfo.

If I'm not already logged into google when I click my applications google button, I get prompted to login with Google as expected but the call back receiver doesn't seem to see that I've logged in as logininfo is always null in this scenario in the callback as below...

    [AllowAnonymous]
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();

         if (loginInfo == null)
        {
            return RedirectToAction("Login");
        }

        // Code omitted for brevity.
        }
    }

Does anyone have a workaround or explanation? It's almost like the external cookie isn't made available to OWIN until the request after logging into google.

Hoots
  • 1,876
  • 14
  • 23
  • possible duplicate of [OWIN returns Null allways in MVC5 Application for Google or facebook](http://stackoverflow.com/questions/19775321/owin-returns-null-allways-in-mvc5-application-for-google-or-facebook) – Chris Moschini Apr 28 '15 at 13:32

1 Answers1

8

After days of investigation, I have eventually come across the answer. The problem seems to be that after logging into google, it redirects back to the site and doesn't have permission to signin-google so is redirected back to the login page. Not sure why this works if already signed into google though. I discovered this after finding the article...

http://blog.technovert.com/2014/01/google-openid-integration-issues-asp-net-identity/

I added the following to my config file.

<location path="signin-google">
 <system.web>
   <authorization>
     <allow users="*" />
   </authorization>
 </system.web>
</location>

It now works...

Hoots
  • 1,876
  • 14
  • 23
  • If already signed into Google, it's possible that you avoid the external login callback altogether and simply are redirected to the app. The callback is the redirect from invoking the authentication API. –  Feb 27 '15 at 17:42
  • 1
    This actually is irrelevant; OWIN handles this URL for you outside of what the answer here is attempting to configure. See my answer on the question this is a dupe of: http://stackoverflow.com/a/29921451/176877 – Chris Moschini Apr 28 '15 at 13:50
  • This is most likely due to window authentication being enable, which it shouldn't be for a MVC application using google auth. – Erik Philips Mar 26 '16 at 17:14