Search code examples
asp.net-mvcoauth-2.0google-oauthaccess-denied

Authentication using Google OAuth2 from MVC5 Website Failing (GetExternalLoginInfo always null)

I’m following these instructions to create a simple MVC5 website that allows external authentication using Google and Facebook via OAuth2:

http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

I'm using Visual Studio 2015 Professional, targeting .Net 4.5.2, and all my nuget packages are up to date with the latest stable builds (as of 08/18). Additionally, my project’s been set up to use https/SSL throughout.

I’ve got to the section ‘Creating a Google app for OAuth 2 and connecting the app to the project’ and have created a sample Web Application project in the Google developer console, with the Google+ API enabled - my list of enabled APIs are:

  • BigQuery API
  • Cloud Debugger API
  • Debuglet Controller API
  • Google Cloud Logging API
  • Google Cloud SQL
  • Google Cloud Storage
  • Google Cloud Storage JSON API
  • Google+ API

... basically the default ones with Google+ added.

I’ve added the Authorized redirect URI (https://localhost:44300/signin-google) Authorized Javascript origins (per previous with /signin-google removed) and to the Google project. I’ve also set a product name in the OAuth Consent Screen (but nothing else apart from my email).

I’ve not touched the generated code in the solution, other than to do the following:

  • In Startup.Auth.cs, uncomment the app.UseGoogleAuthentication section and add the client ID and secret from the Google project (Credentials section)

    app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
    ClientId = "xxxxx.apps.googleusercontent.com",
    ClientSecret = "xxxxx"
});

  • Added Session["Workaround"] = "workaround"; to AccountController in the Post version of ExternalLogin

So I run the application and attempt to login via Google (using the button that appears on-screen). I get taken to enter my Google credentials, which I do successfully. However, on returning to my application what I’m seeing is:

  1. The querystring returned from Google has error=access_denied attached to it (confirmed via Fiddler)
  2. (Consequently?) the call to AuthenticationManager.GetExternalLoginInfoAsync(); in AccountManager always returns null, and I’m redirected to the login page again
  3. I therefore never get the chance to associated the Google login with my application
  4. I’ve also noticed in the Google developer console that there are zero default quota requests, and zero sign-in quota requests in the Google+ API usage section (even though I’ve been hammering this over the last couple of days).

I don’t know what to try next. I've taken a tour of the web looking at this and almost everything I’ve read has said that enabling the Google+ API, and/or setting a placeholder in the session should solve this, but neither option has worked for me.

Any ideas welcome.

Thanks

fiveeuros

Solution

  • So - I should have mentioned that I'm doing this at work, and sitting behind my corporate firewall.

    Because this is what's causing the issue.

    Further examination of the Fiddler logs showed a whole bunch of 407 Proxy Authentication Required responses.

    So I deployed the app to Azure without making any code changes (I did change the google credentials to add the Azure URIs), and it worked straight up.

    There are a bunch of other things to workaround with the proxy (remote debugging the Azure app, or connecting to the Azure database from my local SQL Server), but they're for me and the firewall team to work out. What I'm doing is really at conceptual stage so I can live with it as it is for now.

    //fiveeuros