DotNetOpenAuth + classic ASP + oAuth - asp-classic

I am trying to get dotNetOpenAuth to work with facebook and twitter. There are some great examples provided but I am stuck using classic asp. I have the sample that uses classic asp and openID working fine.
Is it possible to use oAuth & dotNetOpenAuth & classic asp? If so, is there an example somewhere that I can reference?
thanks.

There is no built-in support for OAuth on Classic ASP in DotNetOpenAuth, although you can certainly add it yourself by simply writing a .NET COM server .dll that acts as the go-between between classic ASP and DotNetOpenAuth (which is how DotNetOpenAuth itself makes it work for OpenID).
You should realize that Facebook uses OAuth 2.0 while Twitter uses OAuth 1.0. OAuth 2.0 clients are very easy to write, even without a library at all, so you can probably get away without this work. But Twitter does require some serious code on the client (aka consumer) side so if you want that, you'll likely need to shim a .NET library such as DotNetOpenAuth to help you.

Related

MFA Provider for ASP .NET Web Forms with Forms Authentication

I'm looking for a good MFA provider to be incorporated to a legacy Web Forms application that uses Forms Authentication for security. It seems most of the MFA providers I see (such as Authy) are built around ASP .NET Identity. I'm trying to look for a solution that doesn't scratch the legacy application much... migrating the legacy application to ASP .NET Identity will be a nightmare. I've tried looking into Authy, Auth0, PingID and Okta and they all seem to be overkill for our use case. I'm trying to find an MFA provider that can work alongside Forms Authentication.
I use https://www.twilio.com/ for my MFA. I am only using the SMS functionality though, so essentially you need to hook up their sms code with your form authentication process. The only difference is that you don't have the identity component (which I highly suggest that you implement). Check out the C# code here for more info on the SMS API procedure: https://www.twilio.com/docs/sms/quickstart/csharp-dotnet-framework.
I understand that the following is for MVC, but you can convert the code to Web Forms as well: https://www.twilio.com/docs/sms/tutorials/two-factor-authentication-csharp-mvc.
The above example also uses the identity framework, but just take a look at the implementation of using SMS and you can migrate the concept into your web form.

oAuth 2.0 service provider for .NET 2.0 web API

We have a classic ASP.NET web application and a SOAP based API built on it. We are planning to implement oAuth2 authorization into it to implement a service provider that can create tokens, persist them and do evaluation.
I found few examples using DotNetOpenAuth , Azure access control service but all of them are based on MVC. Any pointers on how we can implement on oAuth2 on classic ASP.NET web API?
There are quite a few examples of using DotNetOpenAuth with asp.net applications. For instance:
http://www.nuget.org/packages/DotNetOpenAuth.AspNet
http://blogs.msdn.com/b/webdev/archive/2012/09/12/integrate-openauth-openid-with-your-existing-asp-net-application-using-universal-providers.aspx
Edit
So unfortunately I don't know a direct example with asp.net.
The OAuth1 sample might help in giving the basic idea of how to integrate DotNetOpenAuth as a service provider into an ASP.NET application -
https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples/OAuthServiceProvider
And I think that using that as a base, and combining with working with the OAuth2.AuthorizationServer (as the oauth2 samples show, like https://github.com/DotNetOpenAuth/DotNetOpenAuth/tree/master/samples/OAuth2ProtectedWebApi), is a good reference point.

Does it make sense to implement Facebook auth as an ASP.NET Forms auth custom membership provider?

I'm currently developing a web application that will use Facebook as a authentication service. Does it make sense to implement it as an ASP.NET Forms Authentication custom membership provider? While I made my research, I didn't come across any concrete significant advantage of using the Forms Authentication. However, it instinctively seems to me as a good thing to do, because aside from creating a completely custom implementation of authentication using Facebook, I didn't find any extensibility point inside ASP.NET where I could plug in the Facebook auth behavior.
Can you then tell me whether the Forms Authentication is a good idea or not. And if not, is there any other way than completely custom code (I'd like to avoid managing the session cookies, loading the current user, etc. manually).
I'm using ASP.NET MVC 3, Entity Framework and I'd like to avoid the Facebook C# SDK (the extensive use of dynamic types is a bit of a turnoff for me :-) ).
Thanks for any advice.
A simple answer is to use .NET 4.5 oAuth templates, they are incredibly easy to link Facebook up to forms authentication.
http://www.asp.net/vnext/overview/videos/oauth-in-the-default-aspnet-45-templates
However you may struggle to find a decent server if you are planning on releasing immediately. In a couple of months plenty of servers will support .NET 4.5.
The OAuth templates work for both v4.0 and v4.5 so you can publish them onto a server today itself :)

OpenId DotnetOpenAuth Classic ASP Support

My website is in classic ASP. Want to implement openId relying party so using the DotNetOpenAuth.dll
Tried the asp.net WebForm and MVC sample. Both straight froward and works great.
After a bit of struggle i run the classic ASP Sample provided by DotNetOpenAuth.
With WebForms & MVC i tried test with google, google profiles, yahoo/flickr, wordpress, blogspot, myopenid, etc works well
When tried with classic asp Only google, profiles, yahoo/flickr works well. For others like myopenid, blogspot, & wordpess it says openid not found. but it work well with webforms & MVC.
My question is that, for calssic ASP Is there anything like it support only direct openid provider like yahoo/google or am i missing anything.
I am using the sample from dotnetopenauth. Nothing special.
Regards,
Pradeep.
There is some information in this thread that may be useful....
http://groups.google.com/group/dotnetopenid/browse_thread/thread/abcf1439d8b87c44/60b195b36b0207f4
Underneath it's the exact same engine powering OpenID for both classic ASP and ASP.NET. Aside from possible configuration differences, which I'm not aware of any. You may attach a managed debugger to the IIS process and download the DNOA source code matching your version to step through and find out what's going wrong.

Windows Identity Foundation(WIF) - Does it work with legacy ASP?

I've seen a bunch of examples getting ASP.NET to work with WIF, but what about some of the old legacy ASP applications? We've got some sitting around our Intranet and I'm curious if the old code will work with WIF's authentication/authorization schemes. We won't be re-writing them for a good while.
You don't need to write an entire intermediate applciation. You can wrap all access to WIF on a .NET class that is exposed as a COM object. (This is using standard .NET interop capabilities)
It shouldn't be a big effort. Of course this assumes you have .NET 3.5 installed in the same boxes you have the ASP application.
I don't think so. From MSDN:
Windows Identity Foundation enables
.NET developers to...
You might be able to use WIF with ASP, but only if you go through a .NET intermediate app, which is probably way more trouble than it's worth.

Resources