Trouble with Windows Live sign in, and a dodgy char in a cookie

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
8/17/2012 3:24:09 PM
Crispin
Gravatar
Total Posts 537
View Posts
feet planted firmly on the ground

Trouble with Windows Live sign in, and a dodgy char in a cookie

I've been noticing things get cranky with Windows Live sign in to mojoPortal sites recently. But perhaps I've got something set up wrong.

I have a personal site where i just tried to sign in with WL, and on the Microsoft screen I just got "you are already signed in" or similar, and the "Continue" button would not do anything. I've seen this on various sites now. This time I clicked "Back" a couple of times to return to my site, which crashed with "We're sorry but a server error...", and now clicking "Sign in" in my mojo site (in the same browser session) crashes the site every time, with these errors in the log (seen by logging in using email/pwd in another browser):

2012-08-17 15:01:42,373 ERROR 86.31.74.216 - en-GB - /Secure/Login.aspx?returnurl=%2f - mojoPortal.Web.Global -  Referrer(http://flowerbunch.org/) useragent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)
System.ArgumentException: Specified value has invalid Control characters.
Parameter name: value
at System.Net.WebHeaderCollection.CheckBadChars(String name, Boolean isHeaderValue)
at System.Net.WebHeaderCollection.Add(String name, String value)
at DotNetOpenAuth.Messaging.HttpRequestInfo.GetHeaderCollection(NameValueCollection pairs)
at DotNetOpenAuth.Messaging.HttpRequestInfo..ctor(HttpRequest request)
at DotNetOpenAuth.Messaging.Channel.GetRequestFromContext()
at DotNetOpenAuth.OpenId.RelyingParty.OpenIdTextBox.set_RealmUrl(String value)
at mojoPortal.Web.OpenIdLoginControl.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at System.Web.UI.ControlCollection.Add(Control child)
at mojoPortal.Web.UI.Pages.LoginPage.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Clearing my browser cache and cookies (or trying to) has not resolved this, so I can now only log into the site in Chrome.

Later... looking at the http request in Fiddler when I hit the "sign in" link, I suspect the problem may be these lines in the cookies section:

ret1=http://flowerbunch.org/windows-backup-failing...-here's-a-solution

returnurl1=http://flowerbunch.org/windows-backup-failing...-here's-a-solution

(which corresponds to this page from my blog http://flowerbunch.org/windows-backup-failing%e2%80%a6-here%e2%80%99s-a-solution )

So I think there are two things going on here. An unescaped character in the cookie causing mojoPortal to croak, plus the disfunctional WL sign in.

8/17/2012 3:44:55 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Trouble with Windows Live sign in, and a dodgy char in a cookie

If you look at the error details, it actually coming from DotNetOpenAuth which is used for openid, it isn't related to windows live auth.

My advice is to disable the open id auth in site settings. This error could be something fixed in a newer version of DotNetOpenAuth and I can look into updating it, but really very few people know what openid is. I highly recommend use Janrain Engage instead, it supports openid under the hood and keeps up with changes in the implementation but for users it is much more user friendly, they don't have to know anything about openid or that their common accounts such as google and yahoo support it, they just need to know they can login without new passwords. In fact, Windows Live is a bit nebulous at the moment becuase they are transitioning it to the Azure marketplace (Just as Bing search did recently) but there isn't any documentaiton I know about changes to the api or how to update to the new azure version. You can also enable Windows live via Janrain Engage so I would recommend disable the built in Windows Live auth and just make it part of the one Janrain widget.

Janrain keeps up with all the implementation details for openid, oauth, windows live etc on their end so we don't have to worry about the changes and keep up with them ourselves, in addition to providing a much nicer user experience for single sign on.

I will see if there is a newer DotNetOpenAuth dll I can upgrade to though.

Best,

Joe

8/17/2012 4:07:40 PM
Crispin
Gravatar
Total Posts 537
View Posts
feet planted firmly on the ground

Re: Trouble with Windows Live sign in, and a dodgy char in a cookie

Thanks Joe, disabling OpenID on the site has let me sign in again in IE9. And thanks for tip re Janrain - I hadn't investigated this before, and will have a play with the free basic version.

You must sign in to post in the forums. This thread is closed to new posts.