Login/Register
AuthenticationResult.IsSuccessful started returning false for google
Asked Answered
Solved c#asp.net-mvc-4openiddotnetopenauthgoogle-openid
M

1

2

Today, without any change on my live site, logging in with the Google external login provider stopped working. This only happens to users that have a google login, other providers are fine. This also only happens on the live site, my dev machine running the debug version of the same code is fine.

My code is similar to the example MVC app with: 

public ActionResult ExternalLoginCallback( string returnUrl )
{
    ...
    AuthenticationResult result = OAuthWebSecurity.VerifyAuthentication( Url.Action(   "ExternalLoginCallback", new { ReturnUrl = returnUrl } ) );
    if( !result.IsSuccessful )
    {
       return RedirectToAction( "ExternalLoginFailure" );
    }
}

I looked at result.error which is empty.

Has anything changed that I need to be aware of? I can see a similar question from January the 4th here. I imagine that it is something to do with my implementation rather than a google-wide problem because I am still able to log into SO which uses my google open ID.

I am using Log4Net and receiving the DotNetOpenAuth logs, but there are no errors in there, so it is different from this answer.

I tried upgrading from 4.3.0.13117 to the latest Nuget (4.3.4.13329), but that had no effect. I also can't seem to find a tag for the 4.3.4.13329 source in the repository. I will try downloading and building 4.3.0.13117 to see if I can find the cause. The only problem is that this works fine testing on my local computer and I am not sure I want to put debug DLLs on the live site.

Misbelief answered 26/1, 2014 at 23:50 Comment(0)
M
2

Well, it has been a few weeks, so I thought I would document the steps I took to solve this in case it helps someone else. As background information, I am using Visual Studio 2012.

  1. Found that OpenID 2.0 + OAuth 1.0 was deprecated. See here. The service has not been discontinued, but I was concerned that I was seeing some degradation in service since this is now an obsolete approach.
  2. Upgraded from MVC4 to MVC5. See here.
  3. Used the DotNetOpenAuth.GoogleOAuth2 library. See here.
  4. Converted my site to https. See here and here.

Now that I have done that everything seems to be working fine.

Misbelief answered 24/2, 2014 at 22:20 Comment(5)
Google client in MVC4 is OpenID and not OAuth. Even if OAuth1 is deprecated, OpenID in MVC4 should work fine. Also in MVC5, the google client uses OpenID. I am facing the same issue though not everyday, it starts occurring sometimes. I cannot migrate MVC4 to MVC5 now.Salomone
@user2585299. The problems were also intermittent for me, but on one day hardly any google users were able to log in. If you discover the root cause or a more lightweight solution, then please post here and I will accept it because it would have saved me a lot of time.Misbelief
@Salomone - You might also want to look at the Open ID 2.0 deprecation notice from Google here: developers.google.com/accounts/docs/OpenIDMisbelief
@Salomone - I had to dig back into the past to remember all this, but it was the OpenID 2.0 part of the deprecation notice that worried me more. I have ammended the answer. I do not use the built in client of MVC 5 DotNetOpenAuth, but rather DotNetOpenAuth.GoogleOAuth2 (see step 3). You can use this without upgrading to MVC 5, but you will want to make most of your site HTTPS (see step 4) which may be a bigger change than you want.Misbelief
It was from your post that I actually came to know about OpenID deprecation. I am completely switching to Google+ Sign In. One of the articles I found that could be useful for that is peleyal.blogspot.com/2014/01/…Salomone

© 2022 - 2024 — McMap. All rights reserved.