Last post Aug 12, 2019 03:39 AM by CopBlaster
Aug 08, 2019 09:16 PM|CopBlaster|LINK
What might cause Identity 2.0 user creation to fail in all browsers and login attempts to fail in just Edge and Firefox but not Chrome? I was given a deadline by Facebook to fix this problem but I can't begin to guess what it is because I am using the default
settings for Identity in an ASP.Net website template for Visual Studio 2015 but I am using VS 2019. All I did was un-comment a few lines of code in Startup.Auth.cs and the result is:
If you visit the website and are logged in to Facebook and you have not yet created an account using the external login. The site sends the user to Facebook where the user signs in and grants access. Then when redirected
to the site the user is not logged in and no account is created.
If an account has already been created by that Facebook user the page refreshes without going to Facebook and without logging in the user in Edge and Firefox, but in Chrome the previously existing user is logged in.
This is the second time I have had a problem with Identity ceasing to work without me doing anything to it. I am really tired of getting out of the box Microsoft products that work at first only to just break later.
Aug 09, 2019 01:01 AM|CopBlaster|LINK
This seems to be a permissions issue of some sort but I can't figure it out. I updated the version of the API on Facebook from 3.3 to 4.0 and now nothing works. I have the most recent versions of the owin nuget packages. The user signs in to Facebook just
fine but when they are redirected to my site it says:
[HTTP/1.1 302 Found 85ms]
Response headers (346 B)
Fri, 09 Aug 2019 00:57:56 GMT
Request headers (614 B)
Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/68.0
Aug 09, 2019 08:56 AM|CopBlaster|LINK
This is the best solution I can find. Honestly it is because it the only one that will let me plan my life without having to worry about fixing external logins ever again:
Aug 09, 2019 09:14 AM|PatriceSc|LINK
This is the exact same situation in all browsers or are you still authenticated in Chrome ? You try to logged to the Facebook developer console (or whatever it is called) to see if you have some more information ? You have a page telling which change were
done as it seems they have some kind of deadline for this change.
That said I only tried once and this is the only reason for which I have a FB account so I would have to create a blank new app to just try if it still works with the current ASP.NET FB documentation (maybe using ASP.NET Core even if for just seeing that
something could work ?)
Aug 09, 2019 09:19 AM|Yongqing Yu|LINK
According to your description, the messages shows that you may make a mistake in setting the url.
I suggest you should to check carefully whether the REDIRECT_URI is correct.
Here is an article about how to use Facebook account to register your application for your reference:
Registering your application with Facebook Graph API
Hope this will help you.
Aug 09, 2019 08:00 PM|CopBlaster|LINK
The deadline from Facebook was due to their system noticing that the app was causing problems for their users. Not necessarily a change by Facebook. I just spent a lot of time yesterday looking at various examples that people have posted with similar problems
over recent years and thought it looked like more trouble than it is worth. I don't like the idea of having to do this all over again at some future date just because some other website makes an "upgrade" that also breaks an older way of using the feature.
The right way to do those types of upgrades is to make sure that they are always optional for people that do not have time to upgrade their site to use the new features but still want to use the old ones.
Aug 09, 2019 08:04 PM|CopBlaster|LINK
I had the https://copblaster.com/signin-facebook URL on the list of approved URLs along with Account/Login, Account/RegisterExternalLogin, etc. Did not fix the problem. I did not add ones for localhost since Facebook made it clear that when the app is in
development role you do not need to do that, so I only tested localhost in development mode and the other live.
Aug 09, 2019 08:25 PM|CopBlaster|LINK
Could this be because the redirect uri returns a 404 status code? It does that when loaded in any browser but when you test it on Facebook it says it is valid. It is just the default ASP.Net url which I noticed does not correspond to any real file.
Aug 09, 2019 09:30 PM|CopBlaster|LINK
I got rid of the 404 by uncommenting routes.Ignore("signin-facebook/"); in my RouteConfig.cs file but I still get the same error from Facebook. The page itself (signin-facebook?code=somelongcode) returns a 302 status code. Is that normal?
Aug 09, 2019 10:06 PM|mgebhard|LINK
A 302 status is an HTTP response sent by the server when the requested URL has changed. The server is letting you know to update the URL.
Post your configuration and any relevant code if need debugging support. As far as I know, Facebook uses OAuth with is a standard security flow. If Facebook made any changes to the flow then you'll want to update in your side as well.
Aug 12, 2019 03:39 AM|CopBlaster|LINK
I think I may have found the answer, but I'll have to try to get Facebook to unrestrict my app. I just signed up for a Moz trial and found out that a 302 redirect was added automatically by ASP.Net to all my pages by adding the querystring "?AspxAutoDetectCookieSupport=1".
This impacted every single URL on the site.
I believe that this was because of a NuGet Package that I recently installed. Captcha by Captcha Inc. a.k.a. BotDetect Captcha was installed after Facebook authentication started working again and before it broke. I could be wrong, but I seem to recall seeing:
cookieless="AutoDetect" timeout="20" sessionIDManagerType="BotDetect.Web.CustomSessionIdManager, BotDetect"
That was the first time I had ever seen cookieless="AutoDetect" in my web.config. I have since changed it to "UseCookies" and now my pages return a 200 status code again.