I need to integrate Facebook and LinkedIn authentication in my asp.net application. I am guessing someone already did this but can't find a pointer. Any suggestion?
For Facebook authentication,
Please read Authentication - Facebook Developers.
More easier, using Facebook SDK
For LinkedIn authentication,
Please read LinkedIn Authentication
More easier, C# LinkedIn api entegration working example
Integrate with your website
You can make a own custom membership/role/profile etc and don't use the built in approach.
Another way, after authenticating successful Facebook or LinkedIn, you should create new member depend on authentication content that you was received, and store User ID in database and map it with Facebook, LinkedIn ID.
Sorry by bad English
Related
I have an AAD username and password and I'd like to know if I can programmatically sign into Azure AD, and then navigate to a SharePoint Online site that's protected by AAD.
I've been doing a LOT of research and from what I'm gathering, it's not possible to "bypass" the interactive sign in process that Microsoft has put in place when signing into Azure AD.
From personal experience, I know you can acquire an access token, then query GraphApi to bring back user info, or using CSOM (SharePoint Client Side Object Model), you can get metadata about the SharePoint Online site, but this is not what I'm looking for.
Current Setup
SharePoint Online site - single page behind Azure AD.
AspNetCore 3.0 app - nothing fancy. Just a link that opens a new tab, which calls a controller (insert logic here to solve my problem)
What have I tried
I've tried setting up ROPC userflow on Azure AD B2C - this works well for getting the access token, but how to sign in AAD?
I've been reading about headless authentication, silent authentication, non-interactive authentication (https://github.com/azure-samples/active-directory-dotnetcore-console-up-v2, https://vincentlauzon.com/2017/01/29/authenticating-to-azure-ad-non-interactively/) but this is all well for acquiring the access token, but this doesn't answer the question.
I've tried msal.js when when trying to authenticate, this still shows a popup that requires interaction from a user.
I thought I could try getting the access token and then using an authentication header, add a bearer token to an httpClient, then fetching the SharePoint Online site in the hope that it might bring back cookies, but nope, no joy.
Does anyone know of any method or any ideas that I can try to implement this? I've been banging my head for a week now.
Thanks for the help
Charles
My site uses the oAuth2 authentication to let users register/login via their Linkedin account.
Implementation is done using PHP.
The problem is: the oAuth2 authentication always opens in the webbrowser.
It seems this has to be implemented by LinkedIn.
Is there a way to force LinkedIn oAuth to open the app in stead of the browser if the app is available?
Not sure if you got your answer after all these years, but generally it would open in the browser to get the user's consent, and then redirect to the URL you provided with an authorization code that you can use to call the API.
We are planning to start developing our new site with ASP.Net, MVC and AngularJS. I will also have a WebApi that i would like to use oAuth authentication with, because it is easy to to pass in token, plus may want to allow users to login with Google, Facebook etc in the future.
Questions
If i want to use oAuth on my WebApi (which is a separate application), what authentication method should i be using for my asp.net MVC website? oAuth? Forms? Both? And how do you implement this? On my API i wrote a simple oAuth provider that asks for a username and password and returns a token string.
Should my WebApi have a single sign on login page to interact with the website? Or should the login page be on the website? Should the login page use client side calls or server side calls?
What is actually within the oAuth token and how does it link to my website? Do I have to do something on the server once they login via Facebook/Google? Can I use this token on my server to determine which user is logged in?
Our website has many databases, all the same, but depending which user is logging in, depends on which database they can view data from. Is this easy to cope with using standard method/objects in ASP.Net MVC? Or is this going to force me in writing my own code?
Any advice would be appreciated as well!
If are you planning to use MVC 5 You could use Asp.Net Identity.
Take a look here: http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
I hope this could help you.
Diego
Your best bet :
This topic shows how to secure a web API using OAuth2 to authenticate
against a membership database for both local and social login
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
I'd like to use WePay.com for authentication and authorization using OAuth 2.0 and ASP.NET MVC 4 Web API.
I was reading through their tutorials online here and was thinking do I just go through these steps and store the access token in the database along with their user_id from WePay.
Should I use FormsAuthentication.SetAuthCookie() to create the
secure cookie?
Is this secure?
Or do I authenticate users be some other means (Facebook, Twitter, Basic, etc)?
You could actually use WePay as your Auth mechnaism. Make sure you checkout the C# SDK here: https://github.com/bradoyler/WePayASPNet
Yes, you would just have to call FormsAuthentication.SetAuthCookie('wepayusers email or auth token') after the wepay login callback.
Good luck.
I am looking for a good example for the Facebook C# SDK authorization flow. I am upgrading to version 6 of the SDK and I am having trouble understanding the new flow. I am using the following components:
Asp.net MVC3 Web application
Facebook C# SDK v6
FB Javascript SDK
I am trying to pass the access_token from the FB Javascript SDK to the server for further use.
This flow is outlined in the new documentation at:
http://csharpsdk.org/docs/web/getting-started
I have a the following questions:
Why are they passing the access token in a post vs parsing it out of the cookie.
Don't we need to verify the signed request at the server side before trusting the access token?
First you to have to Follow the conventions that Facebook Javascript SDK is giving to work it with C# SDK.
Answers.
1. Javascript SDK need post back of the page after login in to Facebook. You thoughts are right about getting token from cookie but think what if cookie is disable on browser? Posting access token is the best choice in both cases.
2.Access token already encrypted by Facebook so you dont need to worry about them. If you want more security then you enable encrypted access token in you app settings.
See http://developers.facebook.com/blog/post/572/.
Another thing is that if somehow somebody pass the invalid access token(XSS attack) in post back then also you don't need to worry because access token is validated on Graph API servers, so there less possibilities to effect your Facebook account. You can also enable HTTPS of site to make it more secure.
That's all what I have.
Thanks
Happy Socializing.. ;)
Dharmendra.