public ActionResult AuthenticateCallback(string providerKey)
        {
            if (string.IsNullOrEmpty(providerKey))
            {
                throw new ArgumentNullException("providerKey");
            }

            var model = new AuthenticateCallbackViewModel();
            try
            {
                // Retrieve the state for the XSS check.
                // It's possible that a person might hit this resource directly, before any session value
                // has been set. As such, we should just fake some state up, which will not match the
                // CSRF check.
                var state = (Guid) (Session[SessionStateKey] ?? Guid.NewGuid());

                // Complete the authentication process by retrieving the UserInformation from the provider.
                model.AuthenticatedClient = _authenticationService.GetAuthenticatedClient(providerKey, Request.Params,
                                                                                          state.ToString());

                // Clean up after ourselves like a nice little boy/girl/monster we are.
                Session.Remove(SessionStateKey);
            }
            catch (Exception exception)
            {
                model.Exception = exception;
            }

            return View(model);
        }
        public ActionResult AuthenticateCallback(string providerKey)
        {
            if (string.IsNullOrEmpty(providerKey))
            {
                throw new ArgumentNullException("providerKey");
            }

            var model = new AuthenticateCallbackViewModel();
            try
            {
                // Determine which settings we need, based on the Provider.
                // NOTE: We don't want to use the default callback route, so we're specifying our own route, here.
                var settings = _authenticationService.GetAuthenticateServiceSettings(providerKey, Request.Url,
                                                                                     "home/authenticatecallback");

                // Make sure we use our 'previous' State value.
                var existingCookie = Request.Cookies[_antiForgery.DefaultCookieName];
                var token = existingCookie != null ? existingCookie.Value : null;
                settings.State = token;

                // Lets clean up.
                Request.Cookies.Remove(_antiForgery.DefaultCookieName);

                // Validate Cookie
                var extraData = _antiForgery.ValidateToken(token, Request.QueryString["state"]);

                // Grab the authenticated client information.
                model.AuthenticatedClient = _authenticationService.GetAuthenticatedClient(settings, Request.QueryString);

                if (!string.IsNullOrEmpty(extraData))
                {
                    model.Referrer = new Uri(extraData);
                }
            }
            catch (Exception exception)
            {
                model.Exception = exception;
            }

            return View(model);
        }