Integration of Facebook and asp.net membership

前端 未结 2 1304
星月不相逢
星月不相逢 2021-02-04 22:18

I want to allow users to sign up to my website using Facebook. I already use the JS SDK on the client side for authentication and authorization and the C# sdk on the server side

相关标签:
2条回答
  • 2021-02-04 23:11

    1 option: You should generate a password and send it by email to the user, for example:

    Welcome to my superwebsite.com, login: foo@foo.com password:dhyfd46

    Then if you see that the password is the original (generated) ask the user to change it for another one.

    2nd option: you will never use a password, for you an account is a tuple (facebookID,email) (you will get it from the facebook Api) and if it will match this (the user will click om 'login with facebook', you will be able to create the user session

    After the Edit:

    Why not using the tuple (userId,facebookId) and if you have the fb Id you know the userId?

    0 讨论(0)
  • 2021-02-04 23:20

    Facebook uses OAuth 2.0. The only way you can authenticate a user is by sending the user to a Facebook login page, and redirecting back using their OAuth implementation. This essentually provides you with a user specific time limited access_token.

    It isn't really a good fit for MembershipProviders, although it is possible to request offline_access permission which allows you perform authorized requests on behalf of the user at any time. The user has to agree to this. Facebook T&Cs are that you can't deny the user access to your site for not agreeing to extended permissions, so this again breaks the model.

    I'm not saying it's not possible, it just doesn't seem worth the effort. You would be better off just using the forms authentication parts without membership. Setting up auth cookie & validating auth cookie based on facebook access_token.

    For authentication with Facebook look at open source .NET OAuth libraries. I also wrote an article of Facebook integration which shows some integration techniques (and opinions) here.

    Update based on you amended question:

    Use Forms authentication cookie to store the unique identifier of your choosing (Facebook username for instance). You can also store the current access_token in the cookie.

    if (OAuth.ValidateUser(username, user_access_token))
    {  
      // store the user access token to make it available on each request
      string userData = user_access_token;
    
      FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
        1,                                     // ticket version
        username,                              // authenticated username
        DateTime.Now,                          // issueDate
        DateTime.Now.AddMinutes(30),           // expiryDate
        isPersistent,                          // true to persist across browser sessions
        userData,                              // can be used to store additional user data
        FormsAuthentication.FormsCookiePath);  // the path for the cookie
    
      // Encrypt the ticket using the machine key
      string encryptedTicket = FormsAuthentication.Encrypt(ticket);
    
      // Add the cookie to the request to save it
      Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket));
    
      // Your redirect logic
      Response.Redirect(FormsAuthentication.GetRedirectUrl(username, isPersistent));
    }
    

    Then override authenticate request to read the cookie and retrieve the user details.

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        HttpCookie authCookie = Request.Cookie[FormsAuthentication.FormsCookieName];
        if(authCookie != null)
        {
            //Extract the forms authentication cookie
            FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
    
            // If caching roles in userData field then extract
            string user_access_token = authTicket.UserData;
    
            // Create the IIdentity instance, maybe use a custom one
            // possibly retrieve extra data from database or whatever here
            IIdentity id = new FacebookIdentity( authTicket, user_access_token );
    
            // Create the IPrinciple instance
            IPrincipal principal = new GenericPrincipal(id, new string[]{});
    
            // Set the context user 
            Context.User = principal;
        }
    }
    

    Then in your code on each request:

    var username = Context.User.Identity.Username;
    // implement as an extension method on IIdentity which types to
    // FacebookIdentity to get user_access_token
    var user_access_token = Context.User.Identity.Access_Token;
    
    0 讨论(0)
提交回复
热议问题