NullReferenceException in OpenAuthSecurityManager.cs

[syndicatedshannon]

With IIS Integrated Security mode active, the default and recommended setting, HttpContext.User is null until identity is established. This causes exception in OpenAuthSecurityManager.GetUsername(HttpContext).

http://stackoverflow.com/questions/20308517/nullreferenceexception-in-dotnetopenauth

[syndicatedshannon]

My apologies, it seems that OpenAuthSecurityManager actually resides in DotNetOpenAuth.AspNet

It is a nearly two-year old fork from here. It is confusing because the NuGet package
https://www.nuget.org/packages/DotNetOpenAuth.AspNet
shows it was just updated by a week ago, has the same project owner (AArnott), and its Project Site link also points to DotNetOpenAuth (here).

There is no issue tracker enabled for that GitHub project (DotNetOpenAuth.AspNet), and perhaps I should not be using it directly, but note that current Microsoft documentation seems to consume that library (that may be deprecated), including:

Microsoft.AspNet.Membership.OpenAuth (.NET 4.5 http://msdn.microsoft.com/en-us/library/microsoft.aspnet.membership.openauth )

DotNetOpenAuth.AspNet.OpenAuthSecurityManager.VerifyAuthentication(String returnUrl) +239
Microsoft.AspNet.Membership.OpenAuth.OpenAuthManager.VerifyAuthentication(HttpContextBase context, String returnUrl) +116
Microsoft.AspNet.Membership.OpenAuth.OpenAuth.VerifyAuthentication(String returnUrl) +82

Microsoft.Web.WebPages.OAuth ( http://msdn.microsoft.com/en-us/library/microsoft.web.webpages.oauth )

DotNetOpenAuth.AspNet.Clients.OAuth2Client.VerifyAuthentication(HttpContextBase context, Uri returnPageUrl) +126
DotNetOpenAuth.AspNet.OpenAuthSecurityManager.VerifyAuthentication(String returnUrl) +248
Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.VerifyAuthenticationCore(HttpContextBase context, String returnUrl) +114
Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.VerifyAuthentication(String returnUrl) +88

These Microsoft documents also point to DotNetOpenAuth as the authority for these functions.

Also, the template MVC4 "Internet Application" uses this library, and consequently so does all the OAuth for Asp.Net MVC4 guidance on the web.

[syndicatedshannon]

Would appreciate any guidance on an alternate library for Asp.Net MVC OAuth.

[AArnott]

MS is not developing the DotNetOpenAuth.AspNet project any more. :(

I suggest you use DotNetOpenAuth by itself (which has OAuth support and has been used from MVC apps successfully for years).

[syndicatedshannon]

Thank you for the reply. I'll move on. Just a comment, it looks like the same code is used here:
http://stackoverflow.com/questions/19564479/mvc-5-owin-facebook-auth-results-in-null-reference-exception
If that's a direct replacement and workable from VS2012, could you perhaps identify the library?

[syndicatedshannon]

p.s. I should say especially thanks for the reply late on a Sunday holiday evening.

I was a little frustrated because I wasn't able to identify until now that it had been abandoned. I just spent about 2 days on this. I'm also alarmed to see the same defect, one that shouldn't be designed in from scratch today when Integrated Mode is the default, show up in a new product. I don't cite you for that obviously.

[DavidChristiansen]

Given that this is causing issues for users of our library, can we take on maintenance of this library from Microsoft @AArnott. If so, let make that happen.