I'm trying to get a working example of authenticating an MVC application in .NET against Salesforce using their OAuth authentication workflow. I've been referencing this walkthrough which is fairly simple. It is very similar to getting Google authentication to work. It boils down to setting up the .NET MVC project with the individual account authentication template and spin up a new connected application in Salesforce. Then, add the Owin.Security.Providers library for Salesforce, adjust the Startup.Auth.cs a bit and include the ClientId and ClientSecret from the Salesforce app, and the Authorization and Token endpoints. The callback URL it suggests is http://localhost:[port]/signin-salesforce which is pretty similar to the callback URL used for Google authentication.
While I am redirected to Salesforce and can login, the handshake that returns me back to my MVC application seems to encounter an issue that I cannot nail down. I get redirected back to the Login page and .NET doesn't seem to be aware of my login info, although I definitely have an active session with Salesforce (the Salesforce dashboard will automatically log me in). In the code, things start to go sideways here:
// GET: /Account/ExternalLoginCallback
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
//more code we never reach
loginInfo is always null. So, to figure out what sort of request is being sent to .NET, I turned to Fiddler and encountered a request against localhost:[port]/signin-salesforce with a bunch of parameters that get a curious response:
HTTP/1.1 302 Found
Set-Cookie: .AspNet.Correlation.Salesforce=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Date: Fri, 20 May 2016 21:46:09 GMT
Note the Location header, which tells .NET to redirect to /Account/ExternalLoginCallback with an error parameter of "access_denied". Enabling some tracing in Owin reveals that something is returning a 400 either in .NET or to .NET, but I don't know what.
So, that's where I'm at. A null logininfo object in my controller and evidence that something is going wrong in some web requests. I've perused several other related questions, but almost none focus on SalesForce and they provide answers that aren't really applicable (for instance, I have no Google+ API to enable). Any ideas on how to rectify this?