External Authentication with Identity 2.0 does not work out of the box! RRS feed

  • Question

  • User-881099725 posted

    I have been struggling with this for quite a while and I am no newbie. I use Visual Studio 2003 Professional to create ASP.NET MVC 5 web applications. In the application setup I enabled the Identity 2.0 functionality. I am able to perform all operations with a LOCAL account. Now, my site does not have an SSL certificate so my return URLs are not https.

    My domain is configured so that I can enter mydomain.com/ or www.mydomain.com/ in the URL. I am not (obviously) created the apps using "mydomain.com" textually. In this post all ocurrences of mydomain.com should be read as my own domain where I have my web application and that I have configured in the apps.

    I need functionality to accept logins from Google, Facebook, Twitter, Microsoft and LinkedIn. I proceeded to register as a developer in all those sites. I created the apps and configured them to use http://www.mydomain.com/Account/ExternalLoginCallback as callback. In addition to that I enabled all those external providers in Start.Auth.cs with their respective client IDs and client Secrets.

    But the boiler plate Account Controller methods do not seem to work for external authentication. When I try to login with an external provider I am first redirected to the App Authorization dialog, enter my credentials for the external provider, then I see the App confirmation, and after than it redirects back to my site but I am NEVER logged in.

    • With Twitter I get a blank page with /Account/ExternalLoginCallback
    • With LinkedIn I get a page saying "Cannot display page" with URL /Account/ExternalLogin in it
    • With Facebook I get a blank page with an URL of  ~/Account/ExternalLoginCallback?error=access-denied
    • With Microsoft I get a page saying "We are unable to complete your request, Microsoft account is experiencing technical problems" and no further information
    • With Google, after entering my credentials I get a Google 400 page with Error: redirect_uri_mismatch and the details say the redirect_uri is http://mydomain.com/Account/ExternalLoginCallback

    I wonder what should be the correct URL to put in the "Redirect URI" of the apps configured at the respective developers sites? should it be /Account/ExternalLoginCallback (does not work), /Account/signin-providername or what? 

    The ExternalLoginCallback action on the Account Controller looks like this:

            public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
                log.Debug(string.Format("ExternalLoginCallback -> {0}", returnUrl));
                ExternalLoginInfo loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
                log.Debug(string.Format("username: {0} email {1} identity {2} login {3}", loginInfo.DefaultUserName, loginInfo.Email, loginInfo.ExternalIdentity, loginInfo.Login));
                if (loginInfo == null)
                    return RedirectToAction("Login");
                // Sign in the user with this external login provider if the user already has a login
                var user = await UserManager.FindAsync(loginInfo.Login);
                if (user != null)
                    // DEGT Store (LInkedIn) access tokens
                    var claimsIdentity = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
                    if (claimsIdentity != null)
                        var currentClaims = await UserManager.GetClaimsAsync(user.Id);
                        //var accessToken = claimsIdentity.FindAll(loginProvider)
                    await SignInAsync(user, isPersistent: false);
                    return RedirectToLocal(returnUrl);
                    // If the user does not have an account, then prompt the user to create an account
                    // unless local registrations are disabled
                    if (!My.Default.AllowRegistration)
                        return RedirectToAction("Index", MyController.Name);  // TODO pop up some message or take to special page
                        ViewBag.ReturnUrl = returnUrl;
                        ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
                        return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email });

    Thursday, December 18, 2014 12:47 PM

All replies

  • User-881099725 posted

    One would think that in these forums one would find authoritative answers but perhaps I am mistaken. 

    Monday, December 22, 2014 11:27 AM
  • Tuesday, December 23, 2014 12:22 AM
  • User-881099725 posted

    I have gone through all those steps before but it does not work: I always get a redirect URI mismatch error even though I specified http://www.adomain.com/signin-google as the article mentions, I get a redirect URI error mentioning something else like http://www.adomain.com/Account/ExternalLoginCallback which I never specified as a redirect URI.

    400. That’s an error.
    Error: redirect_uri_mismatch
    The redirect URI in the request: http://localhost:44304/coralyx/Account/ExternalLoginCallback did not match a registered redirect URI.

    For example that one above I got when I configured the app redirect URI to http://www.localhost:44304/coralys/signin-google and yet the error from Google shows something else and in any case it just does not work.

    Wednesday, December 24, 2014 11:33 AM
  • User1104055534 posted

    For this issue, I suggest you could contact support team by creating a support ticket. Thank you.

    Thursday, December 25, 2014 9:44 PM
  • User-96419628 posted

    In brief, some things you might want to try:

    Twitter -

      (App) Permissions:


          Read, Write and Access direct messages - selected

    LinkedIn - Try the following Authorized OAuth 2.0 URL:  http://{YourBaseUrl}/signin-linkedin


    Client OAuth Settings

      Client OAuth Login: Yes

      Web OAuth Login: Yes

      Valid OAuth Redirect URL to the base-URL for your site.

    Microsoft -

    Set the redirect URL to:  http://{YourBaseUrl}/signin-microsoft


    Set the redirect URL to:  http://{YourBaseUrl}/signin-google

    Enable 'Google+' API, and ensure your using v3 of the NuGet package, otherwise you might be able to hack around by adding scopes, e.g.:

    var googleOAuth2AuthOptions =
    new GoogleOAuth2AuthenticationOptions
    ClientId = @"*",
    ClientSecret = @"*",



    Tuesday, June 28, 2016 4:36 PM