Google UserId and Password validation from asp.net - asp.net

I have to authenticate a user based on his google account.
I don't have any user authentication database from asp.net.
Is there any service available from Google which accepts google email id and Password in turn, it will check the given user is valid or not.
I tried OAUTH2 but no where it is accepting emailid and password from client side.
Am i missing anything ? and How can i fix this ??

Try below links :-
1) http://loginwithgoogle.codeplex.com/
2) http://dotnetopenauth.net/ This is implemented in ASP.NET and It includes samples for Google logins, and it's very easy.

Related

Firebase authentication Twitter and Google

I am using the Firebase authentication functionality. I am using Facebook, Google, Twitter and email and password as providers. The default functionality is to use a single email by authentication.
If I authenticate with an account with Facebook, Twitter or Google and then try to enter but using email and password to do it, it shows me a warning where it says that I already use another authentication method and it allows me to do it with the previous one.
If I authenticate with email and password and then try to authenticate with Google, Twitter or Facebook these authentication methods overlap, that is, take both and in the Firebase console I can see that they are both.
Now, if I authenticate with email and password, Facebook (I think) or Twitter and then try to authenticate with Google, it deletes the previous authentication methods. That is, if with the first authentication methods I had id1 after authenticating with Google, the entry with id1 is deleted and one is created with id2.
This generates a problem in my application because it is a way to lose the user's registry previously created with id1.
I'm not sure if this is the expected behavior but I do not think so. Obviously whenever I refer to doing a 'new authentication' with another method I make sure to use the same email.
It sounds like you are looking for account-linking. This is possible in Firebase-authentication. Users are identified by their Firebase Userid and you can link multiple authentication providers to a userid.
Try to check this documentation. I think this is what you are looking for: https://firebase.google.com/docs/auth/web/account-linking
I hope it helps.
The Google provider overwriting the existing providers is due to Google emails being verified as Google owns these email addresses.
To work around this, you will need to verify the email after the user signs up by sending an email verification. This guarantees that Google sign-in will not unlink the providers as the email is considered to be verified. So if a user signs up with Facebook (using a Google email), verify the email so next time the user signs in with the same Google email, the Facebook provider would remain on the user.

Evernote SCIM API - Password reset

I can update the user attributes like userName, familyName, givenName, formatted, active and displayName using API [Method=PUT , URL=https:///scim/v2/] and I tried to do the same with the password attribute , It responds with status [200 - OK] , but the user's password is not updated.
Is there any other API is available for password reset?
Try doing GET request on /v2/ServiceProviderConfig and looking for the returned data. changePassword.supported should be false, which will confirm that changing password is not supported.
Now, SCIM is supposed to be only available when Single Sign On (SSO) is enabled on a business account (see this Help Center article). This means that users sign in using the SSO provider and are not supposed to have any Evernote-specific passwords. It's SSO provider that needs to take care about password management.

How to create user subscriber in aweber?

Anyone can help ,
I have created an api key and and secret key but I am getting an issue regarding to the login section means the api redirect to the https://auth.aweber.com/1.0/oauth/authorize_app/ url and here need a username and password but I am inserting my username and password but its not open and send me a message like
Notice: Invalid credentials - please retry
Make sure that you're using valid AWeber credentials when filling out that form. The username/password are not the API developer account from https://labs.aweber.com, but an actual AWeber account (i.e. what you would use to login to https://aweber.com).

Merging OAuth account with existing account based on email address

I'm developing an MVC4/Razor site for which the client requested the ability for users to be able to sign in with Facebook/Google accounts. Fortunately, this is fairly straightforward using Forms authentication.
However, I'm faced with the issue of: what if the user's email address which is returned by the provider matches an existing username?
For example, tim#rocketeerconsulting.com previously exists as a native account. For whatever reason, the user wants to use Facebook to login. Facebook returns that tim#rocketeerconsulting is the user's email address. If the user attempts to create an account using that information, MVC4 will state that the account already exists.
There are a few concerns:
Should users be allowed to merge accounts if an email address provided by an OAuth provider matches an existing account?
This presents a potential security risk. Can I rely on the OAuth provider to confirm that the address is valid? If not, a malicious user can create a Facebook account and then gain access to another user's account.
How should such a thing be implemented, if at all?
I recognize there is a similar question here, but my question pertains specifically to the context of Forms auth in MVC4.
You are right: it's easy to impersonate this way
Indeed, to add more to the problem, not all the OAuth providers give you the user email address (LinedId).
Every OAuth provider use an email address for initial validation, however, the user can have more than one, indeed some encurages you have them as backup.
So the email is not a good 'key' to identify the user.
Probably your solution will be to have a table with your own internal id and the relate this to the OAuth provider unique user identification: some use the email address, others screen name or similar.
This will allow the user to have more than one OAuth validator on your site.
I implemented this with: Linkedin, Twitter, Amazon, Google+, Microsoft and Facebook. Additionaly, our users can use their domain account to login, but this is another story...

Facebook 'secret' value, or Authenticating an app after facebook login / registration

I have an existing Spring application which I wish to also allow users to register / sign in through facebook.
The facebook sign-in is working fine, and is currently executed from the client using the Actionscript-Facebook API ( which is essentially a wrapper for the Facebook JS API).
However I'm unsure as to what is an appropriate approach for me to take in using the client-side authenticated session to authenticate against my own app server / session (ie., the Spring session).
In my own application, the user registers/authenticates with an email address & password.
My first thoughts in a facebook authenticated solution is to use the facebook email and secret values returned from the login call. These would be stored in my database when the user performs registration via facebook, (or specifically, a hash of secret) and using these to authenticate during login in the same manner as a regular login.
However, I'm unsure of what the secret value actually is, and whether it's a appropriate to use in this scenario. (The Facebook API seems unclear in what the return values of the login call actually mean)
Is this value bound to the user, or the session?
Does this value change, should the user change their password on Facebook?
Is this an appropriate value to store a hash of?
Finally, is there a more appropriate way of achieving this task?

Resources