I am using DotNetOpenAuth.AspNet for Facebook authentication. And everything works well.
However, I have to change app permissions so when a user logins I should request status_update permission. I've changed Permissions in Facebook app configuration, but I didn't get updated Login Window in my application.
Also I tried to handle OAuthWebSecurity.RegisterFacebookClient method call with passing extra data scope attribute, but without any access.
Does someone know how to request additional Facebook permissions using DotNetOpenAuth.AspNet?
EDIT:
When I try to do post I got this error:
(OAuthException - #200) (#200) The user hasn't authorized the application to perform this action
And this is what I get when I try to login to my app:
There is no status_update permission.
Thanks.
At this point you can't. Deep in the innards of DotNetOpenAuth.AspNet there is a class called FacebookClient. Within class is a method which is called "GetServiceLoginUrl".
This method in version 4.3.0 hardcodes the scope to "email".
If you go to the Nuget prerelease repository however, and get the prelease version 4.3.1 from there, the FacebookClient class comes with an additional parameter in the constructor - scope. You can add the permissions in there, and it will add them to the request url.
The pre-release package source is http://teamcity.dotnetopenauth.net:82/guestAuth/app/nuget/v1/FeedService.svc/
new FacebookClient(appId, secret, new[] {"email","manage_pages"});
and you should be good to go.
Related
I am developing a web app with mix authentication (Owin Token Based and Windows authentication). I have implemented Owin token based authentication and want to implement windows authentication for the users which are marked as active directory users.
In Owin middleware, I want to get requesting user's windows username. I am getting object in OwinContext.Request.User.Identity. However, OwinContext.Request.User.Identity.Name is always blank string.
I found that I should add below lines in startup.cs:
var listener = (HttpListener)app.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
However, I am getting key not found exception. "System.Net.HttpListener" is not present in Properties array. I have installed Microsoft.Owin.SelfHost, Microsoft.Owin.Host.HttpListener. However, I am still getting the error.
Any help is greatly appreciated.
Thanks,
GB
For me issue was that project was started as shared lib, not a web app.
Solution was to add a line into .cspro file after <ProjectGuid> line.
<ProjectTypeGuids>{349C5851-65DF-11DA-9384-00065B846F21};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
Then you dont need to add HttpListener explicitly, just reload project and follow this instructions starting from Properties edition part.
Enabling Windows Authentication in Katana
You can access principal the same ways:
Get the user in an OWIN middleware:
public async Task Invoke(IDictionary<string, object> env)
{
OwinContext context = new OwinContext(env);
WindowsPrincipal user = context.Request.User as WindowsPrincipal;
//...
}
Get the user in a Web API Controller:
// In a web api controller function
WindowsPrincipal user = RequestContext.Principal as WindowsPrincipal;
UPD: List of Visual Studio Projects GUIDs
I want to integrate Google's Oauth2 in my symfony-1.4 CRM. I have successfully implemented this, I have extended sfGuardAuth in my own module, and now mysfGuardAuth is being used for siging and signout. Is there where I handle Google's Oauth2 with 2 extra actions:
executeCkeckGoogleAccess();
executeOauth();
The problem is to checkout if Google's token is still a valid one, I have to redirect in each action of everymodule to the action checkGoogleAccess in mysfGuardAuth module.
What I want is to check this in an implicit way in the same place where symfony, or sfGuard or whatever checks for the right perms or credentials before executing or not executing the requested action.
I only want to write the code once.
Thank you.
After some research this is how sfGuard checks everything.
When you make a request to a module action, before the action is executed, a new sfContext is dispached.
The sfContext gets the user that extends sfGuardUser and has some methods that are executed. There is where perms, session status and everithing else is checked
The user must be configured in apps/yourApp/lib
By default is apps/yourApp/lib/myUser which extends sfGuardUser. The most apropiate way to achieve this is to create a new user class like: apps/yourApp/lib/yourAppUser which extends aswell sfGuardUser, and there extend the methods initialize and/or shutdown with the functionality you want.
By this way I have achieved to get Google's Oauth2 working in my app.
I hope this is usefull for more people.
UPDATE
All described above is true, but if you want to check something always before an action execution you must use filters instead of whats described before.
Filters are executed before each action, so there you can checkout whatever you need having access to the current context, and set up new attributes for the user. In my case I wanna check if the requested action needs a google token, if true, then Another filter will check if the user has alraedy a valid token, in that case, nothing happens, otherwise, the user is redirected to the module/action which handles google token requests.
Comunication between diferent filters, actions and requests are handled via user attributes.
the user is an object of the clas myOwnUser which extends sfGuardSecurityUser, there the function signOut is extended in order to delete all attributes saved in "myOwnNamespace"
I'm looking at the source code for Microsoft.OWIN.Security.Google and am a bit confused and overwhelmed at how many classes there are to do such a simple thing (redirect, get a cookie, check it).
Can anyone explain how the various components fit together
Middleware
Extensions
etc
... so that I can write a custom provider
After some google-ing and trying different ideas in debugger I ended up with "copy-paste-edit" :)
here is a brief resume of classes
Extensions - nothing special, a helper:
// instead of using
app.Use(typeof(CustomAuthenticationMiddleware), app, options);
// you can use
app.UseCustomAuthentication(options);
Middlware - methods are used to attach authentication to owin pipeline
AuthenticationProvider - As I understand, this could be overriden outside, to be able to change some logic without rewriting whole thing. Has 2 methods:
Authenticated - is called when handler finishes all authentication in AuthenticationHandler.AuthenticateCoreAsync()
ReturnEndpoint which is called in AuthenticationHandler.InvokeAsync, just before external authetication.
But it appeared absolutely useless, when I tried to customize existing providers (google, facebook,...)
Handler - here is all the OAUTH2 functionality.
ApplyResponseChallengeAsync() - generates AuthorizationEndpoint URL and redirects useragent to authorization server
InvokeAsync() - handles the get to RedirectEndpoint (/signin-google or whatever was set up on authorization server) and returns the user to the starting controller(or callback). It is doing a redirect with all needed cookies set up
AuthenticateCoreAsync() - does all server side calls to authorization server. Creates all Identity.Claims necessary to create appropriate cookies before
I need to change the behaviour of the login-page of OpenStack. I am working on an alternatively way to authenticate an user. I use no more name and password. It works on command line but I have to use it also in the graphically part (horizon).
I should change the action performed when I click the LogIn button, but I can not find where is the implementation of that action: which is the function called by Horizon to authenticate an user?
My aim is to call my new keystone functions to get the token, but I can not find which horizon's function calls keystone.
[UPDATED QUESTION]
the *../horizon/views/auth_forms.py* defines how the login page is defined. Where does its class Login is called? I need to modify the code that starts the login page creation
Horizon instantiates an entire class set for keystone interaction.
checkout horizon/openstack_dashboard/api/keystone.py
it mostly uses the python-keystoneclient api set.
You may want to also check out http://docs.openstack.org/developer/horizon/topics/customizing.html
I tried to modify some files like: horizon/openstack_auth/view.py where Login is called.
I'm coding an ASP.NET website that works with facebook.
To make my own life easier, I've decided to work with the facebook C# SDK.
At this point, I've already obtained a valid access token, thus I've authorised correctly.
(I have done this through server-side C# code, not via the JavaScript SDK)
I now want to store this access token in the current FacebookWebContext, so that I can use it through the whole website.
However, when I try to write the value in FacebookWebContext.Current.AccessToken, I get the following error:
Property or indexer FacebookWebContext.Current.AccessToken cannot be assigned to -- it is read only
Now, I could try to create a new FacebookWebContext, and set this one as the current one, but the constructor doesn't accept an access token.
How do I put my access token in the current facebook web context?
It should already have the value when you do : FacebookWebContext.Current.AccessToken
Is it empty?