Intermittent ASP.NET oAuth issue with Google, AuthenticationManager.GetExternalIdentityAsync is returning null

Question

I am trying to fix an intermittent issue when using Google as an external login provider.

When attempting to login, the user is redirected back to the login page ra

Answer 1

There is a bug in Microsoft's Owin implementation for System.Web. The one that is being used when running Owin applications on IIS. Which is what probably 99% of us do, if we're using the new Owin-based authentication handling with ASP.NET MVC5.

The bug makes cookies set by Owin mysteriously disappear on some occasions.

Put this nuget before https://github.com/KentorIT/owin-cookie-saver before app.UseGoogleAuthentication(...)

Answer 2

I forgot to enable "Google + API" in the google developer console. Google login appears to be fine, but GetExternalLoginInfoAsync returns null.

You can follow this link https://stackoverflow.com/a/27631109/657926

Answer 3

I believe you should't be using app.UseGoogleAuthentication(); as that's a call which will try to use OpenID 2.0, which has been deprecated.
What you should be using instead is OAuth 2.0 for Login (OpenID Connect).
So:

1. register your app in Google Developers Console
2. enable it to access Google+ API (even though you do not intend to use Google+ directly - it's now used as a mean of authentication)
3. enable ASP.NET Identity's Google authentication this way

app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()  
{  
    ClientId = "YOUR_CLIENT_ID",  
    ClientSecret = "YOUR_CLIENT_SECRET",  
});

Answer 4

I have the same problem. I am using Visual Studio 2013 and website is on Azure. The social log in that had been working without issue stopping working and LinkLoginCallback was receiving null in loginInfo. I republished the project without code change or rebuilding and then loginInfo received correct data and all works fine. Does not make sense but there you go.

Answer 5

I got this problem yesterday and I was COMPLETELY STUCK ! And, as you described, I got it just like that with no reason.

I managed to fix it (after hours of comparing 2 projects - 1 test project that worked no problem every time and another that was a more serious project - and they had the exact same code, but different dll versions)

The problem was with the DLLs - the referenced packages from Nuget. Make sure you have the latest packages and also check the runtime section in your web.config.

After I updated all Owin related packages and Microsoft.Owin and added:

<assemblyBinding>
  <dependentAssembly>
    <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
  </dependentAssembly>
  <dependentAssembly>
    <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
  </dependentAssembly>
  <dependentAssembly>
    <assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
  </dependentAssembly>
  <dependentAssembly>
    <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
  </dependentAssembly>
</assemblyBinding>

... it worked again ! They might vary based on your used packages, but that's how it worked for me.

Answer 6

Make sure that 3rd party cookies are enabled. I have found out that if you're not logged into google when you try to 'Register' a user with your application, it redirects to the login page as it looks for this cookie that isn't there, but still manages to do what it needs with the external provider. The next time you try to 'Register', because it's done part of the process it doesn't need to look for the external cookie anymore and so succeeds second time around.