ConvertFromBase64String throw an error - Version 0.4

[Cyberlane]

The packages I have installed

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Markdown" version="1.14.3" targetFramework="net45" />
  <package id="Microsoft.AspNet.Razor" version="2.0.30506.0" targetFramework="net45" />
  <package id="Nancy" version="1.4.0" targetFramework="net45" />
  <package id="Nancy.Authentication.Forms" version="1.4.0" targetFramework="net45" />
  <package id="Nancy.Hosting.Self" version="1.4.0" targetFramework="net45" />
  <package id="Nancy.Metadata.Modules" version="1.4.0" targetFramework="net45" />
  <package id="Nancy.SimpleAuthentication" version="0.4" targetFramework="net45" />
  <package id="Nancy.Viewengines.Razor" version="1.4.0" targetFramework="net45" />
  <package id="Newtonsoft.Json" version="7.0.1" targetFramework="net45" />
  <package id="RestSharp" version="105.2.3" targetFramework="net45" />
  <package id="SimpleAuthentication.Core" version="0.4" targetFramework="net45" />
</packages>

I login with Google, and it redirects me back just fine (woo)!
Next it hits this bit of code in the CallbackProvider just fine

return nancyModule.LoginWithoutRedirect(authorizationResult.UserId);

but my web browser remains on a blank page of:
/authentication/authenticatecallback?providerkey=google…blahblahblah

I open another tab and try access an admin page (thinking maybe the Redirect just failed), but am faced with an error 500!

Nancy.RequestExecutionException: Oh noes! ---> System.FormatException: Invalid length for a Base-64 char array or string.
   at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
   at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
   at System.Convert.FromBase64String(String s)
   at Nancy.Authentication.Forms.FormsAuthentication.DecryptAndValidateAuthenticationCookie(String cookieValue, FormsAuthenticationConfiguration configuration)
   at Nancy.Authentication.Forms.FormsAuthentication.GetAuthenticatedUserFromCookie(NancyContext context, FormsAuthenticationConfiguration configuration)
   at Nancy.Authentication.Forms.FormsAuthentication.<>c__DisplayClass7.b__6(NancyContext context)
   at Nancy.BeforePipeline.<>c__DisplayClass4.b__3(NancyContext ctx, CancellationToken ct)
   --- End of inner exception stack trace ---
   at Nancy.NancyEngine.InvokeOnErrorHook(NancyContext context, ErrorPipeline pipeline, Exception ex)

The error is coming from the SimpleAuthentication code inside the DecryptAndValidateAuthenticationCookie method, when trying to execute ConvertFromBase64String() on the value stored in the cookie.

This happens 100% of the time for me, I am curious if you have any ideas what it may be?

[PureKrome]

Hi @Cyberlane :) What's interesting here is that Nancy is dying here.

Is there any chance you could use your browser dev tools (like Google Chrome dev tools) or Fiddler to see the traffic and see the cookie that is getting sent across the wire?

[phillip-haydon]

return nancyModule.LoginWithoutRedirect(authorizationResult.UserId);

This doesn't do anything. You still need to return a view or redirect.

Either redirect with the login. Or login without redirect, and return a view, but you will need to manually attach the cookies to the result.

[Cyberlane]

@PureKrome I have both an _nc and an _ncfa cookie stored, is that what you're asking about? Did you need the values, or what were you after?

[PureKrome]

Nope .. i don't really need those values. I'm just clutching at straws a bit here, because it feels like a weird Nancy issue, but I don't want to blame nancy cause that's been pretty rock solid, etc.

Does @phillip-haydon 's reply, help you at all?

[xt0rted]

You're on 1.4.0 of Nancy which has a bug in the cookie code, see Nancy/2093 and Nancy/2094 for more info. In short update to 1.4.2 which also has a memory leak fix.

[Cyberlane]

@xt0rted I upgraded to 1.4.2 and not only does it still behave the same way with an error, but Nancy no longer displays it's friendly error page and instead I receive Google Chrome's error 500 screen.

@PureKrome I can add the manual redirect, but surely adding a redirect will not fix a bug in the cookie storage?

[phillip-haydon]

If you login without redirect then the response never has the author cookie. You can return a view but you need to add the cookies yourself.

[Cyberlane]

Ah... I assumed this was all handled automatically by the code I got off of your blog @phillip-haydon
I will try make the changes this evening, and with luck... it just works and I can close this issue.

[Cyberlane]

Unfortunately LoginAndRedirect gives me the same issue, or am I still meant to be manually handling the cookies inside of the IAuthenticationCallbackProvider Process method?

[PureKrome]

@Cyberlane you shouldn't get getting a 500 error from Google ... are you still getting that?

Also, i was under the impression that Nancy handles all the cookie stuff for you , auto-magically. assuming you have wired up the correct middleware.

[Cyberlane]

@PureKrome the 500 is not on the Google side, it's on my application's side and only after I have successfully logged in.