Fundamentally all I need to do is grab a users profile photo after successful login (asp.net 4.8) since it doesn't seem that I can request the photo to come over with the login claims.
This is the callback handler
SecurityTokenValidatedNotification<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification
This is how I get the Identity from that callback and it's all there looking good
var identity = notification.AuthenticationTicket.Identity;
So I'm trying to callback with RestSharp
var client = new RestSharp.RestClient("https://graph.microsoft.com");
var request = new RestSharp.RestRequest($"/v1.0/users/{email}/photo/$value", RestSharp.Method.GET);
var callbackResult = client.Execute(request);
Debugger.Break();
if (callbackResult.StatusCode == HttpStatusCode.OK)
{
Debugger.Break();
}
But it keeps (I suppose OBVIOUSLY) coming back as unauthorized. Is there some token or something I can use now that the user has authenticated to add a header or querystring or something that will just get me the extra data easily?
Firebase has option to set language code or app language for current user in order to get verification, password reset emails in defined language like below. below is from Android SDK implementation
Additionally you can localize the verification email by updating the
language code on the Auth instance before sending the email. For
example:
auth.setLanguageCode("fr"); // To apply the default app language
instead of explicitly setting it. // auth.useAppLanguage();
But i am using rest api within my uwp application and this option is not defined in rest api documentation
Does anybody know how to achieve this?
Anybody else is looking for solution. you need to add header as X-Firebase-Locale: 'fr'. C# code will look like as below. you can find the full implementation here
public async Task SendEmailVerificationAsync(string firebaseToken, string locale = null)
{
var content = $"{{\"requestType\":\"VERIFY_EMAIL\",\"idToken\":\"{firebaseToken}\"}}";
var StringContent = new StringContent(content, Encoding.UTF8, "application/json");
if (locale != null)
StringContent.Headers.Add("X-Firebase-Locale", locale);
var response = await this.client.PostAsync(new Uri(string.Format(GoogleGetConfirmationCodeUrl, this.authConfig.ApiKey)), StringContent).ConfigureAwait(false);
response.EnsureSuccessStatusCode();
}
Please suggest or change some suitlable title for this question as i am not able to find one
I am using Facebook to allow the users to authenticate to my site.
I use Facebook Login Button and somehow i find out the user is authenticated or not.
I am developing my website in ASP.NET 4.0
I check whether the user is authenticate through Javascript.
The problem is how should i tell my server that this user is authenticated and assign some ASP.NET roles. I cannot use Ajax becuase of securoty reasons and might be a attack of Impersonation. This site may have transactions in the future so it need to be less security vunerable.
RIght now what i did is create a session using javascript and redirect to some other page and then assign roles but i am not statisfied with this method
Any help is appreciated.
The easiest way would be to use Page methods and Page methods call your service on server or authenticate directly.
http://www.geekzilla.co.uk/View7B75C93E-C8C9-4576-972B-2C3138DFC671.htm
To fix this, after facebook successfully authenticate the user i postback the website with the some arguments.
FB.api('/me', function (response) {
res_id = (response.id);
__doPostBack('SetSessionVariable', res_id + "$" + response.first_name + "$"+ response.last_name);
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
});
And in code i do :
string eventTarget = (this.Request["__EVENTTARGET"] == null) ? string.Empty : this.Request["__EVENTTARGET"];
string eventArgument = (this.Request["__EVENTARGUMENT"] == null) ? string.Empty : this.Request["__EVENTARGUMENT"];
if (eventTarget == "SetSessionVariable")
{
// Authenticate User
}
I've searched all over and can't find this addressed anywhere.
I have a Flash Media Server script that writes data to an ASP.Net webservice when a user connects. It works great, but I want to lock down security if possible.
The best I could come up with was to add a token to the flashVars of the client flv, then pass it through FMS when making the web service call, but I would prefer another method if possible. Something using SOAP authentication, etc?
Here's the relevant portion of the FMS script
load("webservices/WebServices.asc");
application.onAppStart = function()
{
application.allowDebug = true;
webServiceObj = new WebService('http://webserviceURI.asmx?WSDL');
webServiceObj.onLoad = function(Wsdl){
trace("result string -- " + Wsdl);
}
webServiceObj.onFault = function(fault){
trace("web service fault --" + fault.faultstring);
}
}
application.onConnect = function(client, name, guid, role, sessID)
{
callWebMethod = webServiceObj.MyWebSErviceFunction(parameters...)
callWebMethod.onResult = function(returning){
trace("called back from WebService");
}
}
Just found the answer to this in the Adobe documentation for the WebService class:
Note: The WebService class is not able to retrieve complex data or an array returned by a web service. Also, the WebService class does not support security features.
I'm at step 8 of the authentication overview found here: http://wiki.developers.facebook.com/index.php/How_Connect_Authentication_Works
In particular, the user has logged into facebook via Facebook Connect and their web session has been created. How do I use the facebook developer toolkit v2.0 (from clarity) to retrieve information about the user. For example, I'd like to get the user's first name and last name.
Examples in the documentation are geared towards facebook applications, which this is not.
Update
Facebook recently released the Graph API. Unless you are maintaining an application that is using Facebook Connect, you should check out the latest API: http://developers.facebook.com/docs/
I had a lot of trouble figuring out how to make server side calls once a user logged in with Facebook Connect. The key is that the Facebook Connect javascript sets cookies on the client once there's a successful login. You use the values of these cookies to perform API calls on the server.
The confusing part was looking at the PHP sample they released. Their server side API automatically takes care of reading these cookie values and setting up an API object that's ready to make requests on behalf of the logged in user.
Here's an example using the Facebook Toolkit on the server after the user has logged in with Facebook Connect.
Server code:
API api = new API();
api.ApplicationKey = Utility.ApiKey();
api.SessionKey = Utility.SessionKey();
api.Secret = Utility.SecretKey();
api.uid = Utility.GetUserID();
facebook.Schema.user user = api.users.getInfo();
string fullName = user.first_name + " " + user.last_name;
foreach (facebook.Schema.user friend in api.friends.getUserObjects())
{
// do something with the friend
}
Utility.cs
public static class Utility
{
public static string ApiKey()
{
return ConfigurationManager.AppSettings["Facebook.API_Key"];
}
public static string SecretKey()
{
return ConfigurationManager.AppSettings["Facebook.Secret_Key"];
}
public static string SessionKey()
{
return GetFacebookCookie("session_key");
}
public static int GetUserID()
{
return int.Parse(GetFacebookCookie("user"));
}
private static string GetFacebookCookie(string name)
{
if (HttpContext.Current == null)
throw new ApplicationException("HttpContext cannot be null.");
string fullName = ApiKey() + "_" + name;
if (HttpContext.Current.Request.Cookies[fullName] == null)
throw new ApplicationException("Could not find facebook cookie named " + fullName);
return HttpContext.Current.Request.Cookies[fullName].Value;
}
}
I followed up on this concept and wrote a full fledged article that solves this problem in ASP.NET. Please see the following.
How to Retrieve User Data from Facebook Connect in ASP.NET - Devtacular
Thanks to Calebt for a good start on that helper class.
Enjoy.
Facebook Connect actually isn't too difficult, there's just a lack of documentation.
Put the necessary javascript from here: http://tinyurl.com/5527og
Validate the cookies match the signature provided by facebook to prevent hacking, see: http://tinyurl.com/57ry3s for an explanation on how to get started
Create an api object (Facebook.API.FacebookAPI)
On the api object, set the application key and secret Facebook provides you when you create your app.
Set api.SessionKey and api.UserId from the cookies created for you from facebook connect.
Once that is done, you can start making calls to facebook:
Facebook.Entity.User user = api.GetUserInfo(); //will get you started with the authenticated person
This is missing from the answers listed so far:
After login is successful, Facebook recommends that you validate the cookies are in fact legit and placed on the client machine by them.
Here is two methods that can be used together to solve this. You might want to add the IsValidFacebookSignature method to calebt's Utility class. Notice I have changed his GetFacebookCookie method slightly as well.
private bool IsValidFacebookSignature()
{
//keys must remain in alphabetical order
string[] keyArray = { "expires", "session_key", "ss", "user" };
string signature = "";
foreach (string key in keyArray)
signature += string.Format("{0}={1}", key, GetFacebookCookie(key));
signature += SecretKey; //your secret key issued by FB
MD5 md5 = MD5.Create();
byte[] hash = md5.ComputeHash(Encoding.UTF8.GetBytes(signature.Trim()));
StringBuilder sb = new StringBuilder();
foreach (byte hashByte in hash)
sb.Append(hashByte.ToString("x2", CultureInfo.InvariantCulture));
return (GetFacebookCookie("") == sb.ToString());
}
private string GetFacebookCookie(string cookieName)
{
//APIKey issued by FB
string fullCookie = string.IsNullOrEmpty(cookieName) ? ApiKey : ApiKey + "_" + cookieName;
return Request.Cookies[fullCookie].Value;
}
The SecretKey and ApiKey are values provided to you by Facebook. In this case these values need to be set, preferably coming from the .config file.
I followed up from Bill's great article, and made this little component. It takes care of identifying and validating the user from the Facebook Connect cookies.
Facebook Connect Authentication for ASP.NET
I hope that helps somebody!
Cheers,
Adam
You may also use SocialAuth.NET
It provides authentication, profiles and contacts with facebook, google, MSN and Yahoo with little development effort.
My two cents: a very simple project utilizing the "login with Facebook" feature - facebooklogin.codeplex.com
Not a library, but shows how it all works.