Question
I'm using OWIN's external authentication providers in my ASP.Net MVC 5 / WebApi 2 project and I've hit a strange problem.
The login workflow is exactly like here on SO. User hits the login page, picks a provider and gets logged in. My problem is that the first click on a provider redirects back to the same login page:
https://stackoverflow.com/questions/23359713
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianhttp://localhost:57291/Account/Login?ReturnUrl=%2fAccount%2fExternalLogin
This would make sense if the ExternalLogin action would be lacking the AllowAnonymous attribute.
When the user clicks a second time everything works.
I've also tried that with different browsers and the problem is consistent across Chrome, IE11 and Firefox.
Login.cshtml:
@using (Html.BeginForm("ExternalLogin", "Account", new { ReturnUrl = ViewBag.ReturnUrl }))
{
<fieldset>
<legend>@Strings.ExternalAuthenticationProvidersDescription</legend>
<p>
@foreach (var p in Model.ExternalAuthenticationProviders)
{
<button type="submit" name="provider" value="@p.AuthenticationType" title="Log in using your @p.Caption account">@p.Caption</button>
}
</p>
</fieldset>
}
AccountController.cs
public class AccountController : Controller
{
...
[AllowAnonymous]
[HttpPost]
public ActionResult ExternalLogin(string provider, string returnUrl)
{
return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new
{
loginProvider = provider,
ReturnUrl = returnUrl
}));
}
...
}
ChallengeResult.cs:
public class ChallengeResult : HttpUnauthorizedResult
{
public ChallengeResult(string provider, string redirectUrl)
{
LoginProvider = provider;
RedirectUrl = redirectUrl;
}
public string LoginProvider { get; set; }
public string RedirectUrl { get; set; }
public override void ExecuteResult(ControllerContext context)
{
context.HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties
{
RedirectUri = RedirectUrl
}, LoginProvider);
}
}
FilterConfig.cs
public class FilterConfig
{
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
// make all api controllers secure by default
filters.Add(new AuthorizeAttribute());
}
}
Solution
Turns out the issue was that my project initially started out as an MVC 4 application which had this in web.config causing the issue:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
I think both OWIN and Forms authentication was active at the same time.
OTHER TIPS
As Forms Authentication was added i was being redirected to Login Page. So, removing this code helped
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="2880" />
</authentication>
but i had to add this line as well
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<modules>
<remove name="FormsAuthentication" /> <-- added this line to remove it completely -->
</modules>
</system.webServer>
hope this helps someone.
I have the same issue that occurs when i update the ASPNet.Web.Pages.Web.Data 3.1.1 nuget to any later versions. With 3.1.1 it is works! I found the solution here.
