i have site setup 4 3rd-party login services, microsoft, vs, github, , linkedin. seems work great, can log in/out, add/remove external accounts no problem.
randomly however, seems stop working. when try login using of 3rd-party services, kicks me login page.
looking @ externallogincallback appears authenticateresult.identity null , can't external login info. looking @ on client-side looks never got external signin cookie.
i still can't consistently reproduce error, it's hard determine might happening. great.
update 1: able identify steps reproduce:
- login account more 1 associated login
- remove 1 of logins
- in new browser or private session, try log in of 3rd-party accounts , returned login without external cookie.
after hitting error won't hand out cookie new sessions until iis restarted.
update 2: looks has setting session variable.
on removelogin action adding value session. i'm not sure why when stopped doing that, stopped having problem. time figure out why... update 3: looks problem has been reported katana team
update 4: looks else ran problem. stackoverflow post. didn't give of code needed solve it, i'll include here answer.
startup.auth.cs
public void configureauth(iappbuilder app) { // configure db context, user manager , signin manager use single instance per request app.createperowincontext(appcontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationrolemanager>(applicationrolemanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); // enable application use cookie store information signed in user // , use cookie temporarily store information user logging in third party login provider // configure sign in cookie app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, authenticationmode = authenticationmode.active, loginpath = new pathstring("/login"), logoutpath = new pathstring("/logout"), provider = new cookieauthenticationprovider { // enables application validate security stamp when user logs in. // security feature used when change password or add external login account. onvalidateidentity = securitystampvalidator.onvalidateidentity<applicationusermanager, user, int>( validateinterval: timespan.fromminutes(30), regenerateidentitycallback: (manager, user) => user.generateuseridentityasync(manager), getuseridcallback: (id) => (int32.parse(id.getuserid())) ) } }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); // enables application temporarily store user information when verifying second factor in two-factor authentication process. app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); // enables application remember second login verification factor such phone or email. // once check option, second step of verification during login process remembered on device logged in from. // similar rememberme option when log in. app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); // uncomment following lines enable logging in third party login providers app.usemicrosoftaccountauthentication(new microsoftaccountauthenticationoptions{ clientid = configurationmanager.appsettings["msa:id"], clientsecret = configurationmanager.appsettings["msa:secret"], caption = "microsoft" }); app.usevisualstudioauthentication(new visualstudioauthenticationoptions(){ appid = configurationmanager.appsettings["vso:id"], appsecret = configurationmanager.appsettings["vso:secret"], provider = new visualstudioauthenticationprovider(){ onauthenticated = (context) =>{ context.identity.addclaim(new claim("urn:vso:access_token", context.accesstoken, xmlschemastring, "visualstudio")); context.identity.addclaim(new claim("urn:vso:refresh_token", context.refreshtoken, xmlschemastring, "visualstudio")); return task.fromresult(0); } }, caption = "visual studio" }); app.usegithubauthentication(new githubauthenticationoptions{ clientid = configurationmanager.appsettings["gh:id"], clientsecret = configurationmanager.appsettings["gh:secret"], caption = "github" }); app.uselinkedinauthentication(new linkedinauthenticationoptions { clientid = configurationmanager.appsettings["li:id"], clientsecret = configurationmanager.appsettings["li:secret"], caption = "linkedin" }); }
owin , asp.net handle cookies/session differently. if authorize owin before initialize session, after session initialized not able login.
workaround: add following global.asax
// fix owin session bug protected void application_acquirerequeststate() { session["workaround"] = 0; } } long term: way owin , asp.net handle sessions/cookies merged in vnext, use work around until then...
