0

I'm working on a simple implementation of THIS DotNetOpenAuth tutorial.

On a regular browser such as Chrome, Firefox and IE it works fine. But when I call this "google_login.aspx" page from the PhoneGap childBrowser plugin It fails.

Failure happens in the form of a 400 -Bad Request - Invalid URL after the user has put his credentials into Google.

When Google tries to redirect back to my site, Google trying to use a bad url which looks like this:

https://myurl.com/(F(8g0QkKd61D6yBbN2pkuZwAXOTGChqwruytA0LCC_nZko2mXgddbDhT3nXCj3XWVwOSkyfNGENHtctVXbnAyFQcj344Cai3rrkKKO_SNM_laGIqIPN2pkSBJQQYc98T0qv_gZbm3R8Qufry7u-HLAAT_RfVpMtpbCM6sw-FLPuxxHUETRHjd8lA9DR7LKIfkMYYinZU_qLduO02f012wZ2feVi8XW479WOvrWCr_rHFAxPNEQFurrJO1rxGs1LUFzTZ4pNlgpm4LwHrv7lTtK5-adDKbQJXzFrjEAG22pNxGfKpesHNsV-m88zp20w70FtF56wppLfzadNgq7cPDlb3hIwbsA-JGI1he8low8_KWDNZev5RqtX8cPtQKpFIL0))/Default.aspx

Instead of this:

https://myurl.com/Default.aspx

This only happens on the PhoneGap childBrowser plugin, other browsers take me to the right place.

After getting the 400 bad request error I can manually browse to my homepage and it shows that I am in fact signed in, and that the simple redirect back from Google is what failed.

Anyone know how of a fix or possible workaround to my problem?

Solution:

I had to specify the returnToURL parameter in the OpenIdRelyingParty.CreateRequest : enter image description here

capdragon
  • 13,443
  • 22
  • 96
  • 145

2 Answers2

1

This looks like it may be ASP.NET's cookieless session support feature. If your failing scenario is one where session cookies are rejected, and if enabled in the web.config file, I believe ASP.NET will essentially store the cookie in your URLs instead, creating a kind of virtual path. Obviously something is going wrong with this though. I suggest you isolate the problem by:

  1. Turn on DotNetOpenAuth logging
  2. Collect a Fiddler2 trace of the entire login attempt

...to figure out where this stray path is coming from.

Andrew Arnott
  • 74,820
  • 24
  • 127
  • 163
  • Good suggestion... I'll post back with results. (+1) – capdragon Jun 08 '12 at 15:51
  • No errors but specifying the `returnToURL` parameter in the `OpenIdRelyingParty.CreateRequest` worked. – capdragon Jun 13 '12 at 19:16
  • 1
    You'll get this problem with the iOS web browser control (which is used by PhoneGap)... IIS/Casini think that it can't handle cookies, and do the url thing instead, but you can force cookie use in the web.config file. – joshuahealy Jun 15 '12 at 11:58
1

To solve this problem:

  1. Add the App_Browsers ASP.NET folder to your project if it doesn't already exist (right-click on the project, click Add -> Add ASP.NET Folder -> App.Browsers
  2. Add a file called generic.browser to the App.Browsers folder

  3. Replace any automatically generated code in the generic.browser file with:

    <browsers>
    <browser refID="Default">
        <capabilities>
            <capability name="cookies" value="true" />
        </capabilities>
    </browser>
</browsers>

The problem occurs with reasonable frequency on iOS devices such as iPad and iOS when running Forms Authentication. The user will receive the error: Bad Request - Invalid URL. HTTP Error 400. The request URL is invalid.

Chris
  • 3,231
  • 1
  • 29
  • 35
  • I had tried this, and did not work. What did work was explicitly specifying the `returnToURL` parameter in `OpenIdRelyingParty.CreateRequest` – capdragon Aug 14 '12 at 12:49