6

I'm using Strava as my external login provider (I assume this is not related to Strava, could be google or facebook also) After running for a few hours / days or even weeks GetExternalLoginInfoAsync return null. I've read a bunch of other questions with the same problem, but did not find a solution. I post my entire ConfigureAuth method, just in case I did something wrong with the order.

If you have a strava account you could probably experience the problem here: fartslek.no/Account/Login

    public void ConfigureAuth(IAppBuilder app)
    {
        // Configure the db context, user manager and signin manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            },
            CookieManager = new SystemWebCookieManager()
        });            
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

        app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);


        app.UseStravaAuthentication( new StravaAuthenticationOptions{
              ClientId="XXX",
              ClientSecret= "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",

        });
    }

I'm using this https://github.com/Johnny2Shoes/Owin.Security.Strava to get StravaAuth.

When it stop working a azure reset is not enough, but if I do a new deploy everything works for a while.

I'm using Owin 3.0.1 and Mvc 5.2.3

Larsi
  • 4,654
  • 7
  • 46
  • 75
  • I'm wondering if the code caches bad auth data on disk somewhere. When you redeploy your site all files on the disk get deleted and replaced with the new ones, which would explain why the authentication starts working afterwards, while simply resetting the site doesn't do anything – Zain Rizvi Apr 06 '16 at 18:31
  • Interesting theory. Any ideas what to check? – Larsi Apr 06 '16 at 20:44
  • @ZainRizvi Thanks for looking into this. It's a plain mvc site with the default implementation of authentication, the only modification I've done is to add Strava as an external authentication provider. I would be really happy if you could help me figure out what the problem is. Again, thanks for your time – Larsi Apr 07 '16 at 06:25
  • Since your issue is specifically about setting up login auth, your login auth provider (Strava) would be the first suspect. Have you tried using another provider for auth? For example, here are some steps to let you use ASP.NET Core libraries to for Facebook auth: http://zainrizvi.io/2016/03/24/create-site-with-facebook-login-using-asp.net-core/. It should be simple to figure out Google auth using those instructions as well. – Zain Rizvi Apr 07 '16 at 22:07
  • 1
    I've got the exact same problem, though I'm using facebook as my login provider. In my case, I just need to recycle the application pool, and everything works again (for a while). I'm trying to figure out what's happening, but I'd guess is something with cache/cookies. – Alisson Reinaldo Silva Apr 27 '16 at 23:55
  • Hi guys, are you using a custom session provider? – chemitaxis Feb 09 '17 at 21:32

1 Answers1

12

I had the same problem. After googling a little, I've discovered this is a known bug in Owin, because of the way they handle cookies.

This issue was submitted to Katana Team, but it looks they won't fix it at all. There are many workarounds for this, but this was the simplest I could find:

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult ExternalLogin(string provider, string returnUrl)
    {
        ControllerContext.HttpContext.Session.RemoveAll();

        // Request a redirect to the external login provider
        return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));
    }

See this question for more details about this bug, and let me know if this works well for you.

Community
  • 1
  • 1
Alisson Reinaldo Silva
  • 10,009
  • 5
  • 65
  • 83
  • 1
    Thanks, I just put it in Production - I'll let you know if it works in a few weeks – Larsi May 02 '16 at 14:07
  • @spudnick haha. Thanks for the reminder. It been working great for the last 3 month. No problems at all! – Larsi Sep 19 '16 at 08:51
  • :) Thanks Larsi! Good to know. I'm also pulling my hair out with seemingly random GetExternalLoginInfoAsync()-returning-null issues. Hopefully this session-clearing business will do the trick. Cheers. And hat-tip to Alisson for the fix! – oflahero Sep 19 '16 at 09:02
  • Works perfectly now. Initially I was unable to login multiple users at the same time, for some reason the second user was always getting null from the call to GetExternalLoginInfoAsync() . With this fix, everything is running smoothly. – bre_dev Mar 08 '17 at 19:06
  • Hello, this did the trick for a long time, but doesn't work anymore for few days, and AuthenticateAsync returns null now – Renaud Oct 09 '20 at 23:52
  • is there any solution for for this ? i have mvc5 application and i randomly get null response for externallogin information. if i add above line ( ControllerContext.HttpContext.Session.RemoveAll() ) i always get null result for externallogin information. – Cozdemir Jan 22 '21 at 16:54