As a bit of context, I'm developing an ASP.NET MVC 5 application that uses OAuth-based authentication via Microsoft's OWIN implementation, for Facebook and Google only at this stage. Currently (as of v3.0.0, git-commit 4932c2f), the FacebookAuthenticationOptions
and GoogleOAuth2AuthenticationOptions
don't provide any property to force Facebook nor Google respectively to reauthenticate users (via appending the appropriate query string parameters) when signing in.
Initially, I set out to override the following classes:
FacebookAuthenticationOptions
GoogleOAuth2AuthenticationOptions
FacebookAuthenticationHandler
(specificallyAuthenticateCoreAsync()
)GoogleOAuth2AuthenticationHandler
(specificallyAuthenticateCoreAsync()
)
yet discovered that the ~AuthenticationHandler
classes are marked as internal
.
So I pulled a copy of the source for the Katana project (http://katanaproject.codeplex.com/) and modified the source accordingly.
After compiling, I found that there are several dependencies that needed updating in order to use these updated assemblies (Microsoft.Owin.Security.Facebook and Microsoft.Owin.Security.Google) in the MVC project:
- Microsoft.Owin
- Microsoft.Owin.Security
- Microsoft.Owin.Security.Cookies
- Microsoft.Owin.Security.OAuth
- Microsoft.Owin.Host.SystemWeb
This was done by replacing the existing project references to the 3.0.0 versions and updating those in web.config. Good news: the project compiles successfully.
In debugging, I received an exception on startup:
An exception of type 'System.IO.FileLoadException' occurred in [MVC web assembly].dll but was not handled in user code
Additional information: Could not load file or assembly 'Microsoft.Owin.Security, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
The underlying exception indicated that Microsoft.AspNet.Identity.Owin was trying to load v2.1.0 of Microsoft.Owin.Security when calling app.UseExternalSignInCookie()
from Startup.ConfigureAuth(IAppBuilder app)
in Startup.Auth.cs.
Unfortunately that assembly (and its other dependency, Microsoft.AspNet.Identity.Owin) aren't part of the Project Katana solution, and I can't find any accessible repository for these assemblies online.
Are the Microsoft.AspNet.Identity assemblies open source, like the Katana project? Is there a way to fool those assemblies to use the referenced v3.0.0 assemblies instead of v2.1.0? The
/bin
folder contains the 3.0.0 versions of the Owin assemblies.
I've upgraded the NuGet packages for Microsoft.AspNet.Identity.Owin, and this is still an issue.
Any ideas on how to resolve this issue?