As per the topic above, I would like to know how to implement facebook invitation using OWIN in ASP.NET
Owin will allow you to authenticate the user at the external provider and give you the capability to get an access token in which you can store. As far as the invitation is concerned you most likely need to use the C# facebook api or write your own "Facebook" graph wrappers.
Related
I have followed the following guide to implement oauth for outlook mail api.
https://learn.microsoft.com/en-us/outlook/rest/dotnet-tutorial
It uses Microsoft Authentication Library (MSAL) in combination with owin middle-ware to authenticate users.
I would essentially like to separate the authentication to be something that is done after the main authentication with a local db.. (seperate module for outlook).. The authenticated user can opt to use or not use outlook features in the app.
Would there be an easy way to achieve this other than manually (using http calls) doing authentication?
You can do this fairly easily. You don't need OWIN to use MSAL. For example, you could get the login URL using GetAuthorizationRequestUrlAsync from the ConfidentialClientApplication class and use that to generate a login button or link. Then you'd just need to implement a redirect in your app to exchange the auth code for a token.
My ASP.NET MVC system don't use ASP.NET Identity, so i went with full custom IPrincipal implementation. I have to use Google OAuth to authenticate on Google then do my own business on my external login callback.
The problem is that, after the user insert Google's e-mail and password ans successful login, in my external login callback, my application just won't get the user Claims from HttpContext.OwinContext().Authentication. Claims are empty and I only need user's e-mail.
This is my Startup.Auth.cs
There's no e-mail after login.
Assuming there's no bug in Google's OAuth, what did i do wrong?
One more thing: Sometimes (testing on other computers) the claims are returned to me with user's mail and some other data. But when i try to log with many different mails, they stop working too.
Below is my Google API config, i have enabled Google+ API, but that doesn't seem to make a difference.
EDIT
Sometimes it works on Chrome's anonymous navigation.
Use async await method for google api auth like in google doc
https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth
I study external login strategies and the terminology confuses me. What's the relation between the following.
Owin
OauthWebSecurity
OAuth 2.0
Owin Katana
ASP.NET Identity
Owin
Owin is no more than a specification. It stands for Open Web Interface for .Net.
In very simplistic terms it is based in the idea that using a few language constructs (delegates and a dictionary) you can create a framework for handling web requests that is independent of where it is hosted (you can even run an "owin application" from a console app).
The implementation of Owin's specification is called Katana.
OAuth
OAuth 2.0 is an Authorization protocol. The idea behind OAuth is that you (the resource owner) can delegate access privileges to a third-party. An example is a Web app being able to post on your Facebook wall for you.
Again, in very simplistic terms, this materializes by sending a 302 redirect to the user when she accesses a protected resource. That 302 redirects the user, for example to Facebook's oauth login page (https://www.facebook.com/dialog/oauth?client_id=...&redirect_url=[yourwebapp]&scope=[permissionsrequiredfromuser]).
After you login to facebook, accept the permission request, facebook will send a 302 redirect to the redirect_url you provided with an access_token that you can then use to send requests on behalf of the user that provided the credentials. For example, to get information about the user you'd perform a request to https://graph.facebook.com/me?access_token=[access_token].
There are variations for this workflow. They are all explained in the links at the end of the answer.
ASP.NET Identity
ASP.NET Identity has nothing to do with ASP.NET. Talk about poor naming... It provides functionality to save and retrieve user's data from a data source. It also provides you with the ability to associate claims and roles to the users, other "login providers" (that would be the case when you "login with facebook" and your user_id from facebook gets associated with your local user id, this information is stored in the AspNetUserLogins table).
The way you see it being used in the MVC project template is in the Account controller and the CookieAuthenticationMiddleware.
References
Owin/Katana:
http://odetocode.com/blogs/scott/archive/2013/07/09/getting-started-with-owin-katana-and-vs2013.aspx
http://odetocode.com/blogs/scott/archive/2013/11/11/writing-owin-middleware.aspx
http://odetocode.com/blogs/scott/archive/2013/11/12/simple-logging-middleware-katana-part-4.aspx
http://www.asp.net/aspnet/overview/owin-and-katana/an-overview-of-project-katana
http://www.asp.net/aspnet/overview/owin-and-katana/owin-startup-class-detection
OAuth
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.1
http://blogs.msdn.com/b/webdev/archive/2013/07/03/understanding-owin-forms-authentication-in-mvc-5.aspx
http://www.asp.net/web-api/overview/security/external-authentication-services
ASP.NET identity
http://brockallen.com/2013/10/20/the-good-the-bad-and-the-ugly-of-asp-net-identity/
http://curah.microsoft.com/55636/aspnet-identity
http://typecastexception.com/post/2014/04/20/ASPNET-MVC-and-Identity-20-Understanding-the-Basics.aspx
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server (latest approach - technically you have to realize few methods. there are few examples, as alternative you can review how it is realized in IdentityServer4 for .net core)
Following this guide I have created asp.net mvc5 webapi portal with UseGoogleAuthentication enabled and trying to implement API usage by authenticated users only:
https://db.tt/ncE1TlNi
https://db.tt/8vRq1beS
Template generated by Visual Studio works fine and I can create accounts/authenticate but I didn't find any information on how should I implement same thing from the mobile client and call API as authenticated user (API intended for mobile authenticated users).
Thank you for any guides and suggests.
Read this article to understand OWIN security middleware. In mobile application you can retrieve access token from url fragment after authentication.
I have a web application written in ASP .NET MVC 3. I'm using ACS for authenticating my users and I defined Google, Windows Live, Yahoo! and Facebook as identity providers.
Now I want to expose a REST API for the application (I want to create an app for WP7). Some of the calls require that the user is authenticated so I thought I should pass a token in the authentication header of the request. What is the best approach to do this with ACS? Is the ACS able to provide me these kind of tokens or am I responsible for writing the code that generates these tokens?
Yes. ACS supports this scenario with "Simple Web Tokens" (SWT). See here, or any of the "released" documentation in ACS. ACS v2, currenlty in labs, has expanded support for WS-Fed, WS-trust, etc (this is what you are using today).
Here's a blog post I wrote with more information for the phone.