Kebin Maharjan - 206 - Nov 15, 2014

Hi Demis,
I’ve been playing around with as you suggested for mvc based application. Here’s something I came across, and wanted to know your thoughts.

I’m using RavenDb but this should not matter I believe.
- Starting with Empty db
- Login using facebook
- Creates UserAuths (empty password ofcourse)
- Creates UserAuthDetails(facebook as a provider)
- Log out
- Try login to CredentialAuthProvider (using the email address used via facebook login)
- Throws error: Value cannot be null. Parameter name: s.

Surely that happens because there’s no password set in AuthUsers. Ideally it should tell users “invalid login”. What would be the best approach for this? Override TryAuthenticate and check for this? It will be nice to have this thrown by CredentialsAuthProvider.


You’d need to register with a Username/Password first so there is a password registered with that account. Once authenticated you can use the other OAuth providers which also get registered to that account.

Kebin Maharjan:

So as a user lets say I signed up using Facebook, lets say…someone later tries to login using the same email with password by accident, shouldn’t he get invalid user/pass error?

Right they shouldn’t be allowed to register or log in. I’ll take a look at adding a better error msg.

Kebin Maharjan:

Yup! Currently they can’t register. It errors with - email already exists, which is perfect. Just need to error - invalid email/password for when trying to login.

ok this should now be fixed with this commit:

That’s just finished deploying to MyGet: has also been redeployed which shows the updated behavior.

Kebin Maharjan:

Awesome, Thanks!