I have updated the following Nuget packages from v3.0.1 to v3.1.0:
- Microsoft.Owin
- Microsoft.Owin.Host.SystemWeb
- Microsoft.Owin.Security
- Microsoft.Owin.Security.Cookies
- Microsoft.Owin.Security.Google
- Microsoft.Owin.Security.MicrosoftAccount
And after these updates the following issue is displayed when I try to authenticate using a Microsoft Account:
Correlation ID: 1a411cc0-446c-42bb-8659-cdd7dd9e6199
AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope wl.emails is not valid.
Important notes:
- This issue is only happening when I try to use a Microsoft Account for authenticating. There is no issue when I use a Google account for authenticating it
- When I do the downgrade for the v3.0.1 the Microsoft Account authentication back to work again
Does anyone know if something has changed in Microsoft authentication on Microsoft.Owin.Security.MicrosoftAccount v3.1.0 that I have to change in my source code?
Here are the Startup.Auth.cs and AccountController.cs from the System:
Startup.Auth.cs
using Microsoft.Owin;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Google;
using Microsoft.Owin.Security.MicrosoftAccount;
using Owin;
namespace IRIS
{
public partial class Startup
{
private void ConfigureAuth(IAppBuilder app)
{
var cookieAuthenticationOptions = new CookieAuthenticationOptions { ExpireTimeSpan = System.TimeSpan.FromMinutes(120), LoginPath = new PathString("/Account/Login") };
app.UseCookieAuthentication(cookieAuthenticationOptions);
app.SetDefaultSignInAsAuthenticationType(cookieAuthenticationOptions.AuthenticationType);
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions { ClientId = "<MyGoogleClientId>", ClientSecret = "<MyGoogleClientSecret>" });
app.UseMicrosoftAccountAuthentication(new MicrosoftAccountAuthenticationOptions { ClientId = "<MyMicrosoftClientId>", ClientSecret = "<MyClientSecret>", Scope = { "wl.emails" } });
}
}
}AccountController.cs
using System.Web;
using System.Web.Mvc;
namespace IRIS.Controllers
{
public class AccountController : Controller
{
[AllowAnonymous]
[OutputCache(NoStore = true, Location = System.Web.UI.OutputCacheLocation.None)] //Evita o seguinte erro de login: http://stackoverflow.com/questions/24376800/the-back-button-and-the-anti-forgery-token
public ActionResult Login(string returnUrl)
{
ViewBag.ReturnUrl = returnUrl;
return View();
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult ExternalLogin(string provider, string returnUrl)
{
return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));
}
[AllowAnonymous]
public ActionResult ExternalLoginCallback(string error, string returnUrl)
{
string[] outputParameters = new string[4];
if (error != "access_denied")
{
Models.Data.DbException dbException = Models.Data.Firebird.ExecuteProcedure("I_ACCOUNT_LOGIN", new string[] { System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Email).Value }, outputParameters);
if (dbException.ErrorCode == null)
if (outputParameters[0] == "0")
{
Models.Utils.Cookies.Account.Save(outputParameters[1], outputParameters[2], outputParameters[3], System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Email).Value);
Models.Utils.Cookies.App.Save((new string[12] { "skin-black", "skin-black-light", "skin-blue", "skin-blue-light", "skin-green", "skin-green-light", "skin-purple", "skin-purple-light", "skin-red", "skin-red-light", "skin-yellow", "skin-yellow-light", })[new System.Random().Next(0, 12)], (new string[3] { "", "fixed", "layout-boxed" })[new System.Random().Next(0, 3)], (new string[2] { "sidebar-open", "sidebar-collapse" })[new System.Random().Next(0, 2)], (new string[2] { "true", "false" })[new System.Random().Next(0, 2)]);
}
else
{
Models.Utils.Cookies.Account.Save(outputParameters[0], System.Security.Claims.ClaimsPrincipal.Current.FindFirst(System.Security.Claims.ClaimTypes.Email).Value);
Models.Utils.Cookies.App.Delete();
}
else
{
Models.Utils.Cookies.Account.Delete();
Models.Utils.Cookies.App.Save(dbException.ErrorCode.ToString(), dbException.Message);
}
}
return outputParameters[0] != null && outputParameters[0] == "0" ? RedirectToLocal(returnUrl) : RedirectToAction("Logout", "Account", new { ReturnUrl = returnUrl });
}
[AllowAnonymous]
public ActionResult Logout(string returnUrl)
{
HttpContext.GetOwinContext().Authentication.SignOut();
return returnUrl == null ? RedirectToAction("Index", "Home") : RedirectToLocal(returnUrl);
}
#region Helpers
private ActionResult RedirectToLocal(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
return RedirectToAction("Index", "Home");
}
internal class ChallengeResult : HttpUnauthorizedResult
{
public ChallengeResult(string provider, string redirectUri)
{
LoginProvider = provider;
RedirectUri = redirectUri;
}
public string LoginProvider { get; set; }
public string RedirectUri { get; set; }
public override void ExecuteResult(ControllerContext context)
{
var properties = new Microsoft.Owin.Security.AuthenticationProperties { RedirectUri = RedirectUri };
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);
}
}
#endregion
}
}