Thursday, August 28, 2014

External Social Login/Authentication with Microsoft ASP.NET Identity Does Not Work

Well, it's painful as hell, when you spend many days developing custom implementation of ASP.NET Identity with a main goal to enable social/external authentication (as in Facebook, Google, Twitter, etc.) and at the end everything works but the social authentication itself.

The main reason of it not working is that inside ExternalLogin (or similarly named) action method of an Account controller the external login info object is always null:

      var info = await AuthenticationManager.GetExternalLoginInfoAsync();
      if (info == null)
         return RedirectToAction("Login");

Google search returns a lot of discussions on Stack Overflow and it takes a lot of time to go through them but eventually you'll find out (and will be very disappointed) that if you did everything right with your Identity implementation and did not make any stupid mishaps than it's totally not your fault and there is almost nothing in answers on Stack Overflow for you to figure out the problem.

Apparently it's an OWIN bug that is still not fixed (I tested with both Identity 2.0.x and 2.1 and it's still there and happening) as it was figured by smart people (https://stackoverflow.com/questions/20737578/asp-net-sessionid-owin-cookies-do-not-send-to-browser) and without going into obscure details there is a simple fix for it.

In a Login (or named similarly) action method (GET version) of your Account controller add the very first line of code as below:

      Session["dummy"] = "dummy";

The most disappointing part of this problem is that it will not necessarily surface while you are testing. First everything might work just fine and than suddenly out of thin air without any obvious reason it will stop working completely. If it's the case (you had it working and than it stopped) than this is your solution: just add that dummy code line as above and it will do the magic.

Let's see how long it will take Microsoft to fix this bug. Happy coding and thanks all the smart people for sharing their findings.

1 comment:

  1. Thanks friend, In my case I added the dummy session initialization in the following method to get it resolved. I still had issue having added the code under Login GET though. I 'm using twitter to authenticate and login

    public ActionResult ExternalLogin(string provider, string returnUrl)
    Session["WorkaroundTwitter"] = "0";
    //more code here