MVC 5 Owin Facebook Auth results in Null Reference Exception

Question

I\'m trying to setup integrated OWIN Facebook authentication in a new MVC 5 project in Visual Studio 2013. I have configured apps and keys as per this tutorial:

http

Answer 1

I faced the same problem, when I checked libraries, I was using Microsoft ASP.NET Identity Owin 1.0.0 I updated it to Microsoft ASP.NET Identity Owin 2.0.1 using command PM> Install-Package Microsoft.AspNet.Identity.Owin -Version 2.0.1 This fixed the issue.

Answer 2

I was getting the same.

I noticed that my providers were configured before UseExternalSignInCookie was called, so I simply made sure UseExternalSignInCookie is called before my providers are configured and everything worked:

// This has to go first
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

// This must come later
app.UseGoogleAuthentication(
            "[ClientId]",
            "[ClientSecret]");

Answer 3

I thought I'd throw on some notes for Visual Studio 2015 templates / the latest boiler plate code for WebAPI 2. I was getting this problem with google authentication but figure its similar to facebook and the other social logins. I had the latest Owin and my other nuget packages were up-to-date. Turns out with the latest out-of-the-box web api 2 templates, I just needed to specifically request the "email" be included back from google. Without this line, the api/Account/Register call would error.

And of course make sure your app is registered with google and your site is allowed to call it. (Lots of good examples showing those steps.) https://console.developers.google.com/apis

Here's my adjustment in the App_Start\Startup.Auth.cs file:

var googleOptions = new GoogleOAuth2AuthenticationOptions()
{
    ClientId = "xxx",
    ClientSecret = "xxx"
};
googleOptions.Scope.Add("email"); //!! Add this !!
app.UseGoogleAuthentication(googleOptions);

Until I added the .Add("email"), line, the api/Account/RegisterExternal WebAPI 2 call (AccountController.cs) would return null from this section of RegisterExternal:

var info = await Authentication.GetExternalLoginInfoAsync();
if (info == null) //This would be true, and it would error.
{
      return InternalServerError();
}

Since this is one of the few articles that come up for this error, I figured I'd tag my notes on my solution for posterity. (especially the postman test process!)

So to make it all work in testing: 1) Call the api/Account/ExternalLogins URL like this:

http://localhost:59137/api/Account/ExternalLogins?returnUrl=%2F&generateState=true

You should get a response like this:

<ArrayOfExternalLoginViewModel xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/TCG_DL_API.Models">
<ExternalLoginViewModel>
<Name>Google</Name>
<State>1phegLF241xeSfd8gZAsCXiBAp3l5bMygg2VSeRXAHk1</State>
<Url>
/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A59137%2F&state=1phegLF241xeSfd8gZAsCXiBAp3l5bMygg2VSeRXAHk1
</Url>
</ExternalLoginViewModel>
</ArrayOfExternalLoginViewModel>

2) Then get the Url from the response, and call it. You should get the google login prompt/page. (Or I assume the facebook or twitter one, if that's what you set up.)

3) Login, and you'll get redirected back to your redirect page. It'll have a URL like something like this:

http://localhost:59137/#access_token=d5asC1arCUXaLEMgBS8PT_uwZcTJqC1UZbXblNZ3hMOh3TSKtEXYeKtyKBTv3WmLcaLGGomSvpRSFMfXPxpPvNRgjUVWAiqxtKfv3qWHNqfIMeu5j0eZrJDRAMTrYFgflSbEopAe909a31I4mQnJuvaiITHYPrLmqkm6J88HAVx8F981_q_tflu4A72k3KaB-m2wd0-p1jdQnNMlixM2Wfloh_niUTBIOYUPc1SkKWcZxuI6dzN2Z0PmWHDwzJI8nM8vOuzybJIsxLOyTY1VfzSQ5Qzcll3HhifLPkyZxvXDQ5LHqW1v0_AztsUWkEhW_AJzmw2IaOcTtHCmkmWm1K444okNtOsYfs6HFui0NeY&token_type=bearer&expires_in=1209600&state=3FSOd3_n_sEL4QtiELWPG5B2_H3wRjVb75uDjQS16gk1

grab the token (bold above) and use it as the bearer token.

4) Now since you aren't registered (but you do have a bearer token), you can call the POST api/Account/RegisterExternal

5) The response will be OK, and if you look in your AspnetUser tables, you'll see that you have a new AspnetUsers record and a new AspNetUserLogins record for google as the provider.

I hope this helps with anyone trying to get this stuff to work!

Answer 4

I came across this post a few days ago but unfortunately none of the above solutions worked for me. so here is how I managed to fix it and get the email from Facebook.

• Update following NuGet Pacakges
  • Microsoft.Owin to version 3.1.0-rc1
  • Microsoft.Owin.Security to version 3.1.0-rc1
  • Microsoft.Owin.Security.Cookies to version 3.1.0-rc1
  • Microsoft.Owin.Security.OAuth to version 3.1.0-rc1
  • Microsoft.Owin.Security.Facebook to version 3.1.0-rc1

Then add the following code to the Identity Startup class

var facebookOptions = new FacebookAuthenticationOptions()
        {
            AppId = "your app id",
            AppSecret = "your app secret",
            BackchannelHttpHandler = new FacebookBackChannelHandler(),
            UserInformationEndpoint = "https://graph.facebook.com/v2.8/me?fields=id,name,email,first_name,last_name",
            Scope = { "email" }
        };

        app.UseFacebookAuthentication(facebookOptions);

This is the definition class for FacebookBackChannelHandler():

using System;
using System.Net.Http;

public class FacebookBackChannelHandler : HttpClientHandler
{
    protected override async System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(
        HttpRequestMessage request,
        System.Threading.CancellationToken cancellationToken)
    {
        // Replace the RequestUri so it's not malformed
        if (!request.RequestUri.AbsolutePath.Contains("/oauth"))
        {
            request.RequestUri = new Uri(request.RequestUri.AbsoluteUri.Replace("?access_token", "&access_token"));
        }

        return await base.SendAsync(request, cancellationToken);
    }
}

Answer 5

I had exactly the same problem by following the same tutorial. I solved it by doing the following two steps: 1> Visual Studio Menu->Tools->Library Package Manager->Manage NuGet Packages for Solution..., then install package: Microsoft.Owin.Host.SystemWeb 2> In the same window, click Update (left bar) and then update all the packages.

Hope this answer will help other people who have the same problem.

Answer 6

I started getting this in the latest VS 2013.3 template and realized the authentication wasn't playing nice with FormsAuthentication that I unnecessarily ported from one of my other projects. Here's what I did to fix it:

added <system.web><authentication mode="None" />...

added <system.webServer><modules><remove name="FormsAuthentication" /></modules>...