0

I need some help in handling Google Authentication errors.

I followed this tutorial for integrating Google authentication in my ASP.NET MVC 5 web application. I limited the application type to internal use, so only colleagues can log in with their work account (we have our company e-mail in GMail) and all is working well, as long as I log in with my work account.

When I try to log in with a different (non-company) account, I get an Authorization error, as expected. My problem is that the error is a page from Google and there is no callback to my application.

I've searched the internet for quite some time, but I can't seem to find how to set up my application that I get a callback on an authorization error. I'm beginning to wonder if it's even possible...

Can someone help me resolve this? I'm not sure if it's relevant, but here is the ConfigureAuth class in my Startup.Auth.cs.

public void ConfigureAuth(IAppBuilder app)
{
    app.CreatePerOwinContext(ApplicationDbContext.Create);
    app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
    app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"),
        Provider = new CookieAuthenticationProvider
        {
            OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                validateInterval: TimeSpan.FromMinutes(30),
                regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
        }
    });
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
    app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
    app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);

    GoogleOAuth2AuthenticationOptions _options = new GoogleOAuth2AuthenticationOptions()
    {
        ClientId = "clientId.apps.googleusercontent.com",
        ClientSecret = "clientSecret"
    };

    _options.Scope.Add("profile");
    _options.Scope.Add("email");
    _options.CallbackPath = new PathString("/Account/LoginResult");
    _options.Provider = new GoogleOAuth2AuthenticationProvider()
    {
        OnAuthenticated = async context =>
        {
            string claimType;
            bool bAddClaim = false;
            foreach (var claim in context.User)
            {
                claimType = string.Empty;
                bAddClaim = false;
                switch (claim.Key)
                {
                    case "picture":
                        claimType = "Picture";
                        bAddClaim = true;
                        break;
                }
                if (bAddClaim)
                {
                    string claimValue = claim.Value.ToString();
                    if (!context.Identity.HasClaim(claimType, claimValue))
                        context.Identity.AddClaim(new System.Security.Claims.Claim(claimType, claimValue, "XmlSchemaString", "Google"));
                }
            }
        }
    };

    app.UseGoogleAuthentication(_options);
}

I don't know what other code is relevant, so please ask if you're missing something.

Thanks in advance!

smvdbrink
  • 3
  • 4
  • Dont know if youve seen this thread https://stackoverflow.com/questions/24691992/why-mvc-5-owin-oauth-is-not-hitting-account-externallogincallback-action says something about setting up callback url in google developers dashboard – SWilko Aug 30 '19 at 08:58
  • Yes, i've seen it, but the callback url is only used on a successful login. When there is an error, there is no callback at all – smvdbrink Aug 30 '19 at 09:20

0 Answers0