Search code examples
c#asp.netazurefacebook

Using Facebook as an external authentication provider for ASP.NET fails when running in Azure

I'm building a ASP.NET Core Web App (Razor Pages) application and I am trying to add external authentican providers. I have succesfully added the Microsoft provider, and am working on the Facebook provider, following these suggested steps.

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/facebook-logins?view=aspnetcore-8.0

My code:

builder.Services.AddAuthentication()
    .AddMicrosoftAccount(options =>
    {
        options.ClientId = ...;
        options.ClientSecret =  ...;
    })
    .AddFacebook(options =>
    {
        options.AppId = ...;
        options.AppSecret = ...;
    });

When running on my local dev client, everything seems to work fine: My test user can add Facebook as an external login, and use it to log in to the application.

However, it fails when the same application is running on Azure. Upon completing the Facebook side of the authentication process, it redirects to the (correct) return page, which fails with a 500 error.

https://abcxyz.azurewebsites.net/signin-facebook?code=AQBe...74Glf8#_=_

Sadly, I'm not getting very tasty info from the Azure Application Logs, just what appears to be an IIS-generated error page:

HTTP Error 500.0 - Internal Server Error The page cannot be displayed because an internal server error has occurred. ... The Requested URL https://AbcXyz:80/signin-facebook?code=AQBe...74Glf8 ... Information:This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error urred, causing the 500 error.

I'm at a loss as to identifying what is the cause of the failure, so I'm left at guessing that my client is able to performs some sort of undisclosed back-channel operation towards Facebook that my Azure App Service instance is blocked from.

Is there some details I've missed in my application's Facebook configuration? Anything I need to enable in Azure?

Solution

  • I got it solved!

    It turns out that I had made a mistake when saving the AppSecret to Azure Key Vault, including a buch of extra characters! Specifically, I had accidentally copied the whole line from my secrets.json file and pasted that in as the secret value.

    I didn't notice it in review because the secret is masked and I just assumed it was correct.

    Using the correct AppSecret without all the junk characters allowed it to work as intended!