There are tons of sites, which offer sign on using the social networking site credentials (Facebook, gtalk, twitter and the list continues).It can be termed a “SINGLE SIGNON” and offers a lot of benefits compared to traditional database authentication approach.
However, not storing user credentials in the DB imposes an additional risk. How to track who all logged into the system. Now the question is, which approach to follow.
The best approach is to use inbuilt asp.net users for storing the logging info about user activities and using single signon technique for authentication.
This article will explore the approach and provide the details of implementation using some third party libraries and customizing it to the requirements. The Authentication will be done using the following networking portals
Special thanks to my friend Sumit Khandelwal, for implementation of Facebook part (in fact he did it all!!)
Except Facebook, all other can be authenticates using the “dotnet OpenAuth” library
(Download it from here:)
Why to get authenticated with Social Networking Sites?
This works great and is beneficial both for users and the site owners.
Users: No need to register on every site and remember hell lot of usernames and passwords
Site Owners: No hassle for maintaining user database
There are a lot of options available in the market to get this functionality, however our requirement was to make it so independent that a few entries in config files and it’s ready to go.
Following components work together to achieve the functionality
• User Control
• Http Module
• USerEntity library
User Control contains the code for the authentication and the http module will aid in site navigation and authorization of the user’s request.
Figure demonstrates how the Login control looks on GUI
The Jquery code brings up the appropriate login screen after clicking the links shown here.
To get the Facebook authentication, following are the pre-requisites
1. The portal (called application in Facebook lingo) needs to be registered with Facebook.
2. Step1 will provide APPKey and APPSecret that will be required by the UserControl in authentication.
3. For successful authentication, the user needs to share the information as depicted in the figure Auth-2.0
Similar to Facebook, while authenticating with Google or Yahoo ID the same kind of screens are encountered.
This SESSION ENTITY is used in every request to check if the user is authenticated.
The Web.config file needs to register the LoginModule (http module that we have developed) in http module section as shown in the figure below
Details of above settings are as follows:
• The LoginPage and LoginPageName should be same (customize it as per your portal).
• APPKey and APPSecret, as obtained in step 2), have been named as FacebookApiKey and FacebookApiSecret respectively.
• LandingPage is the Default Page of the application.
• ApplicationRedirectUrl is the Facebook redirect URL(once the Facebook authenticates the user, it will redirect the user to this page)
Although I initially planned to releaset the source code with this article, however the source code is only available by sending a mail to me at pradeeppatel05@gmail.com.
Hope this was helpful,
Till next we connect……
Happy coding
However, not storing user credentials in the DB imposes an additional risk. How to track who all logged into the system. Now the question is, which approach to follow.
The best approach is to use inbuilt asp.net users for storing the logging info about user activities and using single signon technique for authentication.
This article will explore the approach and provide the details of implementation using some third party libraries and customizing it to the requirements. The Authentication will be done using the following networking portals
- Yahoo
- Gmail
Except Facebook, all other can be authenticates using the “dotnet OpenAuth” library
(Download it from here:)
Why to get authenticated with Social Networking Sites?
This works great and is beneficial both for users and the site owners.
Users: No need to register on every site and remember hell lot of usernames and passwords
Site Owners: No hassle for maintaining user database
There are a lot of options available in the market to get this functionality, however our requirement was to make it so independent that a few entries in config files and it’s ready to go.
Following components work together to achieve the functionality
• User Control
• Http Module
• USerEntity library
User Control contains the code for the authentication and the http module will aid in site navigation and authorization of the user’s request.
Figure demonstrates how the Login control looks on GUI
To get the Facebook authentication, following are the pre-requisites
1. The portal (called application in Facebook lingo) needs to be registered with Facebook.
2. Step1 will provide APPKey and APPSecret that will be required by the UserControl in authentication.
3. For successful authentication, the user needs to share the information as depicted in the figure Auth-2.0
Similar to Facebook, while authenticating with Google or Yahoo ID the same kind of screens are encountered.
Once the sites are authorized to share the information, the concerned site will redirect to the application where the userControl traps the response and fills the appropriate USerEntity details and fills the SESSION ENTITY.
This SESSION ENTITY is used in every request to check if the user is authenticated.
The Web.config file needs to register the LoginModule (http module that we have developed) in http module section as shown in the figure below
Additionally, the entries shown in Figure Auth-6.0 need to be present in APPSettings section in Web.config.
• The LoginPage and LoginPageName should be same (customize it as per your portal).
• APPKey and APPSecret, as obtained in step 2), have been named as FacebookApiKey and FacebookApiSecret respectively.
• LandingPage is the Default Page of the application.
• ApplicationRedirectUrl is the Facebook redirect URL(once the Facebook authenticates the user, it will redirect the user to this page)
Although I initially planned to releaset the source code with this article, however the source code is only available by sending a mail to me at pradeeppatel05@gmail.com.
Hope this was helpful,
Till next we connect……
Happy coding
Thanks for great article
ReplyDeleteI have asp.net website using native .net sql membership provider to
authenticate website visitors. As moving this website to smartphone
aplications, current implementation is not enough as it won't be
possible authenticate existing users inside application.
To solve this, I want to move users data to new DB and create separate
oAuth authorization service which could be used by my current website
and other clients (e.g. smartphone applications).
Also I want to add authentication support through Facebook and Gmail
both in website and in smartphone applications.
As you have implemented something similar, could you give me some
steps how this could be achieved the best way?
Also I want to add support for users authentication using Facebook and Google.
Best regards,
Andrius
Initiallly I had implementation for the ASP.net membership provider, so that the user details would have been saved to database.
ReplyDeleteLater I changed the code and currently it relies on token sent by the sites(facebook, gmail etc) and authenticates the user.
The goodd part: it is simple http handler, so your existing auth system can be clubbed with this one(details are attached in a doc with the mail)
At the application request begin, I chek the token for auth, if it's not present, the user is redirected to login page.
One word of caution,the code has not been tested beyond simple Unit testing.
I have sent the Code in reply to the mail that u sent along with the details in a separate doc.
Hope this helps