How to create openid provider - asp.net

I want to create my own OpenId Provider instead of using Google, Yahoo etc
I have just followed the below link for creating OpenID Client
https://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Creating-an-openid-relying-party-%28programatically%29
when I am entered https://www.google.com/accounts/o8/id in the openId textbox, it just took the Authentication from the Google and return token with information like EmailID, UserName etc, Instead of this I want provide Authentication from my own Provider
Please help me to create OpenId Enabled Website.
Thanks

DotNetOpenAuth provides classes and structures which enable you to easily
create OAuth Consumer or Provider and manipulate Tokens. However each both
Consumer and Provider have to decide on how to handle and store the
Tokens.
Please follow the links
1.
Dotnetopenauth single sign on with custom identity provider
2.
http://hoonzis.blogspot.com/2011/08/using-dotnetopenauth-to-create-oauth.html
Second link explains in details. it also has a link to download source
code so you can refer to that. I want you to create your own sample based
on #2 as he is using LINQ TO SQL.

Related

Firebase auth with "username" as provider

i have an angular app which uses Firebase authentication - email provider. Works just the way, application wants it.
Now, i have a new customer who wants to use the application. The only issue is that he is not keen on having email addresses / mobile numbers as login identity. He wants to create his own usernames for their users to login. the username will be a string something like:
md, accounts, branchmanager, customer_with_weird_requirements etc
for attacking this situation, i have two approaches in mind.
changing the provider to customauth provider, bring in jwt and have a back-end endpoint
making the user only enter the username and suffix a common domain url like #abc.com and mock an emailauth provider
the following are the problem i have using the approaches
the app is fully powered by firestore and its web sdks. i need to start a new cloud function for creating the endpoint. well, not difficult but for just one module, we have a architectural change which i am not a fan
not the ideal way to handle auth module. also, reset password will not work as the rest link will be sent to the user#abc.com which doesn't exist in the first place.
Is there any way to use the providers available in firebase auth, with maybe basic tweaking, which doesn't make your email/mobile no mandatory?
What you want is beyond what the built-in providers of Firebase Authentication can be configured to handle. You'll have to create you own provider to support you needs.
Keep in mind that Firebase has some great examples of how to build a custom provider, like this username/password provider.

Firebase security when not using Authentication

I am building apps using Firebase (Storage, Functions, Hosting, Real-Time Database and Firestore). In the apps, the user authenticates using a third-party library (like Google connect but not Google).
I don't know how to protect my database because I am not using Firebase Authentication. How can I use this third party authentication to protect data for example? Maybe I need to create a user manually and attach information to him so that this info will be available in the Security Rules editor?
Thanks
I don't think you can secure your database or storage without a form of authentication.
Now firebase provides multiple methods of authentication (email , google, custom , anonymous .....).
What you might want:
You might want to add custom login to your users in which they get registered with extra data that you provide. And they will still get a user id that you will use to check in the rules to allow read and writes along with some custom data you provided while registration (so you can check these data from the rules).

Azure Mobile Services authentication client flow hook

I'm using .NET backend on Azure Mobile Service. It's easy to set up authentication with social identity provider, so that the client can use e.g. Facebook iOS SDK to login, as illustrated in the official tutorial
In custom authentication, as I need to maintain my own Account table according to the official tutorial, I have full control over the registration & login.
I'd like to have a centralized User table to store information about all users, no matter which channel they used to authenticate.
My question is, is there a way for the .NET backend to be notified when a user register or login with a Facebook token? So that a new row can be added to the centralized User table even when the user is using Facebook to authenticate?
Thank you!
Yes - the User.GetIdentities() method contains the token and mechanism that was used to authenticate the user. You can use this to update your table. For an overview of how to use this token, see this blog post by the team: https://azure.microsoft.com/en-us/blog/custom-login-scopes-single-sign-on-new-asp-net-web-api-updates-to-the-azure-mobile-services-net-backend/

Purpose of ProviderUserName column in DotNetOpenAuth sample

I've started an ASP.NET web site in Visual Studio using a Microsoft pre-defined template. This is to help me learn about OpenID within ASP.NET.
Inside the included SQL database within the sample site, there is a table called UsersOpenAuthAccounts that contains a column called ProviderUserName.
Can anyone tell me the purpose of this column? In my tests, this seems to store the username that I would log into an OpenID site with (e.g. my Google username - my email address). However, I also see that the ProviderUserId column holds the IAuthenticationResponse.ClaimedIdentifier value, e.g.
https://www.google.com/accounts/o8/id?id=AIt................g3c
...which would be used to identify the user against the OpenID provider for future requests.
Therefore, is there any point in including the ProviderUserName column? It's not actually used anywhere else within Microsoft's sample site.
ProviderUserName is... a bad idea (IMO).
The OpenID Claimed Identifier is the right string to check for return users. It reduces security to use anything else, including email address. If you're only interested in OpenID logins then you may want to just throw out the ASP.NET provided code and use DotNetOpenAuth's OpenIdRelyingParty directly and deal with the users table yourself. It will be about as simple as your current code, but without the unnecessary columns.
What the ASP.NET team's additional column and façade classes give you is the ability to mix OpenID logins with OAuth logins, which allow you to accept Twitter and Facebook accounts at your site as well. OAuth wasn't designed to be an authentication protocol, so those who use it have to make up their own idea of a username. In order for that to be globally unique, it must be prefixed by the provider who is issuing that username. So you have ProviderName ("twitter" or "google") and a ProviderUsername which is the username (or user id perhaps) of the account from the OAuth service provider.

Custom Membership provider with oAuth

It's my first contact with MVC so please be understanding for me. First of all:
1) If I will implement custom Membership provider with sql database, with my methods to activate user via e-mail, putting user into database etc. (and just one table - tableUsers), this solution about oAuth and Facebook login will works properly? Honestly, it's not clear for me at all.
2) What solution is better. My custom membership provider, or using default?
I want to sending my custom activation e-mail, then activate account. Later, I want to add new columns into userProfile table - "ID type" and "isActivated". I will storage additional info about user in separate table (telephone, webiste, about me, hobby etc) - I will get this data by IDuser from userProfile. What is more, I want to use loggin method via Facebook or Twitter. I found solution on asp.net website, how to do it with Oauth.
What solution I have to choose?
Regards
What solution is better. My custom membership provider, or using default?
As you want to store extra user information in the database, you will need to create your own custom Membership Provider as the default one lacks this flexibility. Also with the default membership Provider , you will not be able to verify your user with an activation email. You will have to customize it.
How to do it with Oauth.?
The default Membership Provider provided with MVC4 in VS 2012 has the ability to do login using Facebook and Twitter and you can add even more like LinkedIn. But, as you will need to create Custom Membership provider for storing additional information, you can use DotNetOpenAuth library for this. It is the same used by the default Membership Provider. You can add it through Nuget.

Resources