I am implementing Facebook login on my website. I am creating an asp.net user as well with the Facebook users details. This way I can control login in people to my site using .NET membership regardless of whether they are a Facebook user or not.
The problem I am facing now is security. When a user logs in with Facebook I am calling a webservice with their facebook details, if the user exists on the system (by their facebook userid) then I log them in. However as it stands anyone could call the webservice with someone elses facebook id and it would log them in (if that user existed on the system). Is there something that I can use to link the facebook user with my asp.net user that is only accessible to that user, such as an access token. It also needs to be something which does not change? Does facebook send back such a thing in the response object?
Any help or suggestions are much appreciated.
Thanks
Yes, we can get that profile data from Facebook. Using that requestAccessToken Url you can get that access token.
requestAccessTokenurl="https://graph.facebook.com/oauth/access_token?client_id={0} redirect_uri={1};client_secret={2};code={3}"
Also we can get the Profile Data using this access token
requestProfileUrl="https://graph.facebook.com/me"
please see this link- http://easyoauth.codeplex.com/
you can download the source code also :)
We have implemented for Facebook, Twitter, LinkedIn, Google using this framework. It is very straight forward. I can help you how to do this.
Thanks
Related
I have to ask you fellow experts in here, since i have found zero material on this on the vast internet...
I want to make a facebook integration into my website, where the already registered users can use facebook to login, instead of the default username and password handed to them when i first registered them..
Basically.. i just need to check if the email they login to facebook with, exists in my database.. if it does.. the login is a success..
Hope someone has some wizardly insight into this :)
PS! And sorry for not posting any code samples, or if someone thinks this question is too trivial.. Might be i'm a lousy google'r :)
If you are using the standard MVC web application template that includes Microsoft.AspNet.Identity adding external sign on for your users is relatively easy.
First register with Facebook so that you can allow users of your application to use Facebook authentication.
https://developers.facebook.com/docs/apps/register
Then
In your App_Start\Startup.Auth.cs file you will see the code below in the commented out state.
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
Uncomment the code, and add your keys from Facebook.
Then existing users can navigate to following page to add a Facebook login to their account.
http://[YourURL]/Manage/ManageLogins
Can i log in to my Facebook account (Knowing user id and password), in the server using Facebook php-sdk, and without need to click any URL?
If yes, please explain.
It is against Facebook's Terms of Service to use a user's email address and password to login to their account. You should instead use the Facebook API to achieve this, but it requires manual login by a user.
There are ways of achieving automatic login using credentials, but since it's not allowed, I won't go into detail. Facebook also detects and prevents most of the common method of auto-login.
I am trying to provide get access to LinkedIn data in a Spring-based web application.The idea is to connect to a LinkedIn account, get LinkedIn data(education or employer information for argument sake) & show that data on my application's page. Now I studied a bit on Spring Social OAUTH abstraction for LinkedIn(using spring-social-linkedin) and also read some code samples for accessing data but I am still unable to wrap my head around this flow and how do I write the code for my specific purpose?
Do I create a specific web page where user put's in his LinkedIn login details and the ConnectController (already intialized in IOC container) will then take care of the connection?
If so what will be the action & method values on the Login page?
If no login page is to be created, how will LinkedIn account details be inputted by user and How will ConnectController get the account details to authenticate?
Once authenticated, how to navigate through user's data?
If someone can explain in a step-by-step manner how to approach my requirement here,would really appreciate it.
I have to implement facebook login and also want to get logged in user's information like birthday, firstname, Email address.
I have already done some other stuff like recent activities etc of facebook using javascript SDK of facebook.
i am developing application in ASP.Net (C#).
How can i get user information, Please provide me any idea.
Once the user's logged in and you asked for extended permissions (you can use Javascript to do that) you get an access token and then you can call the Facebook graph API. This is server side.
FB do not offer a C# SDK for their API so you will have to find one (or make you own)
see http://developers.facebook.com/docs/api
I have created a username and password to enter and search people in linkedin. Now, I am devloping a web application using asp.net. I need to open a popup page which is displaying the searched results in linked in as logged in.
When the popup page is displaying, I need to logged in automatically using the username and password.
So, here is my question,
How to logged in automatically when the button clicked in Asp.net application using linked in username and password?.
Thanks
The problem is twofold:
deciding which credentials to use
actually logging in
Logging in is fairly straightforward: post to LinkedIn's login URL in the manner that LinkedIn expects. Unfortunately, LinkedIn still does not have a public API, so this is going to require hackery. Go to a LinkedIn web page that allows login and analyze the page source. There will be a field names for username and password in the login form, and the login form will post to a specific URL. Duplicate the username and password with a web request to the URL of the form. You will receive a cookie as part of the response. Make sure you include that cookie in future requests to LinkedIn and you are then "logged in" for every request.
Of far more importance than the actual logging in, which is a simple programming challenge, is deciding which credentials to use. I'm guessing that you're building an application for others to use, rather than yourself. If so, you'll need to ask them to give you their LinkedIn credentials. Beware: this is something that most people simply will not do. It's a trust issue; if they give you their credentials, you now have access to their profile and can do nefarious things with it. You'll need a good disclaimer explaining how you would never do that, ever, and you'll need the people who read it to believe you. Not as easy as it sounds.
If, however, this is just for you, you're on easy street. Just use your own credentials.