We started to integrate the new ASP.Net Identity offering from Microsoft for a greenfield engagement that we are doing. ASP.Net Identity uses OWIN middleware components for authentication and enabling the standard Form Authentication was easy. Using this MSDN post and by create a dummy ASP.Net MVC 5 project with Authentication set to “Individual User Account” we were able to enable standard form authentication scenario.
But we faced issue enable Google OpenId as the external identity provider. This excellent MSDN post details the process which we followed religiously and expected it to work. But it did not.
As it turned out after following all the steps as prescribed by the above post, Google authenticated the user and did a redirect back to our site, but our site was unable to process it and we got a error page with error
HTTP Error 404.15 – Not Found The request filtering module is configured to deny a request where the query string is too long.
Basically this was a redirect back to login page with OpenId specific querystring parameter. Doing a little bit of research we realized that the response from the Google Open Id endpoint should be handled by OWIN middleware components with ASP.Net Identity Services (namely Microsoft.Owin.Security.Google package), but it was not 🙁 The next thing was to look at the Network traffic and see if what’s happening with the redirects. The network call stack was
If you look at the highlighted part above, Google Open Id service was making a GET request to /signin-google, followed by internal redirect to login page (HTTP 302 redirect), which cause this weird error. But Why? The dummy MVC 5 application that we created was working perfectly!
Well as it turned out anonymous access was disabled for the complete side and hence the standard redirect to login page was happening. To fix it we had to make the /singin-google endpointlocation anonymously accessible in web.config.
Once this was done everything worked like a charm 🙂