All geek questions in one place

Facebook Authentication and Asp.Net Membership

I am trying to integrate facebook authentication with asp.net.

Therefore, if the user decides to register on the site, they can do this using their facebook credentials.

Now I am at the point where I have the facebook access token and user data, and I don’t know how I should go from here.

The site uses asp.net membership authorization.

This is what I believe should happen if a new user decides to register: (But not sure if this is the way)

0) The user visits the site and decides to register using his facebook credentials.
1) The user provides their credentials, and I get the access token and their user information.
2) I store this information in my database and create an asp.net membership user with the data I received. (At this point I would have to generate a password).
3) Register the user on the site so that he can move freely.

I would appreciate some advice if I am on the right track and how should I generate a password. (I think that, perhaps combining email and facebook with userId, extracts the hash and saves.)

thanks

UPDATE 1
I found this SO question where they suggest using:

http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.setauthcookie(v=VS.90).aspx

+6
source share
2 answers

I think you are coming, it is a sound; what you are actually doing is replacing the username and password authentication with the resulting facebook id and passing that id as a valid id in your application.

You say that you will need to create a password in your application, of which I am absolutely sure. It is true that you will need to create your user with a password in relation to the ASP.NET membership provider, but you can choose to fill in a random string if you want users to log in using facebook connections.

The decision about which facebook attribute to bind also deserves attention. The natural choice is, of course, the facebook identifier, since this does not correspond to the user, but if you decide to allow other verification mechanisms later - google open id for one - you can also use saving email from facebook, etc.

It might also be a good idea to automatically generate a username in your application that is not defined on facebook. If you select the facebook identifier as the login, you will have a strong dependence on facebook, which makes it difficult to introduce new identity providers. If you choose a random id and an association table that links facebook id to your id, you will also get some flexibility later. Choosing a more restrictive email address may be a better choice if you want to have meaningful results from ASP.NET login controls such as LoginStatus, etc.

+4
source

I did not read the answer below / above, so this may have been considered, but it should be warned that I am having a serious problem with the fact that the cookie is not set from the iframe in IE. It was a bloody nightmare. I'm not sure if this is fixed if it is fixed, but just be aware of my experience and check carefully in all browsers.

Also check out the .NET open auth project. I have not used it personally, but it supposedly supports OAuth, as well as OpenId and ICards, which may be useful later for additional integration points.

+2
source

Source: https://habr.com/ru/post/887567/

More articles:


All Articles