Sequence contains more than one element Microsoft.Owin.Security.AuthenticationManager

Question

While trying to authenticate externally using Google, application gives me following exception:

<Error> <Message>An error has occurred. <ExceptionMessage>Sequence contains more than one element</ExceptionMessage> <ExceptionType>System.InvalidOperationException</ExceptionType> <StackTrace> at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable1 source) at Microsoft.Owin.Security.AuthenticationManager.<AuthenticateAsync>d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at System.Web.Http.HostAuthenticationFilter.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult() at System.Web.Http.Controllers.AuthenticationFilterResult.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()

I have configured my Web Api oAuth as follows:

public void ConfigureOAuth(IAppBuilder app)
{
    app.UseExternalSignInCookie(
        Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);

    OAuthBearerOptions = new OAuthBearerAuthenticationOptions();

    OAuthAuthorizationServerOptions OAuthServerOptions = 
        new OAuthAuthorizationServerOptions()
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString("/token"),
        AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
        Provider = new SimpleAuthorizationServerProvider(),
    };

    app.UseOAuthAuthorizationServer(OAuthServerOptions);

    app.UseOAuthBearerAuthentication(OAuthBearerOptions);

    googleAuthOptions = new GoogleOAuth2AuthenticationOptions()
    {
        ClientId = ClientId,
        ClientSecret = ClientSecret,
        Provider = new GoogleAuthProvider()
    };

    app.UseGoogleAuthentication(googleAuthOptions);
}

Answer 1

Check, please, may be you use app.UseOAuthBearerTokens(OAuthOptions); and app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); together

Answer 2

I solved this by using the following two configuration settings together (I was using refresh tokens):

app.UseOAuthAuthorizationServer(options);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

Answer 3

I also got this error, and it turned out I had the following:

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {AuthenticationType = DefaultAuthenticationTypes.ExternalCookie}

in my SecurityConfig but also this on a Controller:

[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]

(For completeness sake: I used web.api owin only, using owin IIS hosting)

Solution: Removing one of these fixed the issue, so I guess adding a controller attribute like this, is the same as configuring twice. Look for suspicious things like this (they also might be configured in a library that you use!)

Some further background info about where the error occurs:

In my case it was observed that lots of times (but not always ?!) the error occurs. Debugging learned that the offending method lives in Microsoft.Owin.Security.AuthenticationManager:

public async Task<AuthenticateResult> AuthenticateAsync(string authenticationType)
{
  IEnumerable<AuthenticateResult> source = await this.AuthenticateAsync(new string[] { authenticationType });
  return source.SingleOrDefault<AuthenticateResult>(); //<== this line throws because there are two  
}

(authenticationType was "ExternalCookie" in my case)

Answer 4

see WebApi OAuth UseOAuthBearerAuthentication gives "Sequence contains more than one element" error. I myself fixed it by commenting out

app.UseOAuthAuthorizationServer(OAuthOptions);

instead, but i guess they aren't compatible to have both at the same time?