infinite loop going back to authentication page when using OAuth in MVC5

Question

I have written a webpage that takes advantage of Google/Facebook auth using MVC5 and OAuth.

Sometimes, I'm able to auth very well using either Facebook or Google. It works quite well.

However often what happens is:

1. Navigate to the login page.
2. Choose either google or facebook.
3. Provide the account info, getting the necessary redirects.
4. Redirect back to login page, but not logged in.

I'm not receiving (or not looking in the right place) any errors that clue me in - I am using SSL on Azure for hosting.

Does anyone have tips for why it sometimes works, and sometimes does not? This feels like it could be a cookie thing, or maybe a server side configuration problem? I can't figure out why it would sometimes work and sometimes wouldn't work.

I've tried:

• Using a second machine, one that has never logged in before (to rule out cookies), same problem.
• Clearing my cookie cache, same problem.

How I'm configured:

public void ConfigureAuth(IAppBuilder app)
{
    // Enable the application to use a cookie to store information for the signed in user
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login")
    });
    // Use a cookie to temporarily store information about a user logging in with a third party login provider
    app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

    // Uncomment the following lines to enable logging in with third party login providers
    //app.UseMicrosoftAccountAuthentication(
    //    clientId: "",
    //    clientSecret: "");

    //app.UseTwitterAuthentication(
    //   consumerKey: "",
    //   consumerSecret: "");

    app.UseFacebookAuthentication(
       appId: "abc",
       appSecret: "123");

    app.UseGoogleAuthentication();
}

I've followed this tutorial to use OAuth in MVC5: Create an ASP.NET MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on (C#)

Answer 1

To resolve this issue: you can upgrade your application to use ASP.NET Core. If you must continue stay on ASP.NET, perform the following:

Update your application’s Microsoft.Owin.Host.SystemWeb package be at least version and Modify your code to use one of the new cookie manager classes, for example something like the following:

app.UseCookieAuthentication(new CookieAuthenticationOptions 
{ 
    AuthenticationType = "Cookies", 
    CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager() 
});

Reference Link

Answer 2

this is a major issue where randomly your application will start going into an infinite loop and some times redeploying the application makes it work but only temporary. the quick way i found to address this issue is using nuget package kentor.owincookiesaver as commented by @cooper. you should make a call to this class before cookieauthentication call in the owin startup class as shown below

app.UseKentorOwinCookieSaver();

app.UseCookieAuthentication(new CookieAuthenticationOptions());

Apparently there is a bug in owin and katana where your cookie just disappear and this fixes it.