Twitter login with MVC and OAuthWebSecurity

Question

I have an MVC 5 web application, in the Global.cs I've got the following line:

OAuthWebSecurity.RegisterTwitterClient("123", "456");

My controller has the [Authorize] attribute:

public class HomeController : Controller
{
    [Authorize]
    [HttpGet]
    public ActionResult Index()
    {
        return View();
    }
}

When I load the page I'm being taken to /Account/Login?ReturnUrl=%2f this suggests to me that my application is rejecting the unauthorised request and is attempting to redirect to a default controller/action.

How can I configure the application to redirect to the Twitter app login page instead?

[see this](http://stackoverflow.com/a/977112/3436942) – jbutler483 Dec 11 '14 at 16:44 — jbutler483, Dec 11 '14 at 16:44

HenrikJohnson · Accepted Answer · 2014-12-23T11:48:07.113

I think if you changed your AccountController.Login method from the default implementation.

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
  ViewBag.ReturnUrl = returnUrl;
  return View();
}

To something like this:

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
  return new ChallengeResult("Twitter",
                             Url.Action("ExternalLoginCallback", "Account",
                                        new { ReturnUrl = returnUrl }));
}

The ChallengeResult class is generated by the MVC template and looks like this for me.

private class ChallengeResult : HttpUnauthorizedResult
{
  public ChallengeResult(string provider, string redirectUri) : this(provider, redirectUri, null)
  {
  }

  public ChallengeResult(string provider, string redirectUri, string userId)
  {
    LoginProvider = provider;
    RedirectUri = redirectUri;
    UserId = userId;
  }

  public string LoginProvider { get; set; }
  public string RedirectUri { get; set; }
  public string UserId { get; set; }

  public override void ExecuteResult(ControllerContext context)
  {
    var properties = new AuthenticationProperties() { RedirectUri = RedirectUri };
    if (UserId != null)
    {
      properties.Dictionary[XsrfKey] = UserId;
    }
    context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);
  }
}

The effect of this though will be to automatically immediately redirect to Twitter when a user tries to log in and you will not be able to support any other login providers.

You will also probably need to make some changes to your account page to remove the ability to specify a local password for the user (Since it wouldn't make any sense to have that if you don't allow your users to use it).

Can you go into a little more detail about what ChallengeResult is? — Liath, Dec 23 '14 at 10:03
Sorry, I thought this was part of the framework. Didn't realize until now this is just part of the MVC template. I added some more edits to clarify this above. — HenrikJohnson, Dec 23 '14 at 11:48

score 0 · Answer 2 · answered Dec 23 '14 at 06:32

0

While you are loading /Account/Login?ReturnUrl=%2f it is looking for AllowAnonymous Login method. In your code you have mentioned Authorize. It means it looking for Authorized person.

[Authorize]
[HttpGet]
public ActionResult Index()
{
    return View();
}

It should be

[HttpGet]
[AllowAnonymous]
public ActionResult Login()
{
    return View();
}

answered Dec 23 '14 at 06:32

Ajay

6,418
18
79
130

Hi @ajay I think you're missing the point, I want that person to be authorised via Twitter not via a login method – Liath Dec 23 '14 at 06:56

Twitter login with MVC and OAuthWebSecurity

2 Answers2