Solved

Forms Authenticaition and Connect using Facebook or Twitter

Posted on 2010-11-09
4
663 Views
Last Modified: 2012-05-10
Hey all,

We are developing a website that has standard forms authentication access to the underlying member system - nothing out of ordinary here!

How do we now integrate connecting using Facebook and/or Twitter?
Does anyone have experience with this and can point us in right direction.

We are just not sure what you do after you authenticate with Facebook/Twitter REST API - how do you assign forms authentication ticket?
Do you have to store the Facebook and Twitter details against the user account?

Would love to hear any commentary on this - much appreciated!

Thanks for your time.

Cheers.
Steve
0
Comment
Question by:smacca
  • 2
  • 2
4 Comments
 
LVL 5

Expert Comment

by:VincentSG
ID: 34099904
Hi!

I assume you know how to authenticate with Facebook and Twitter using their respective API.

After you have authenticated the user, you can set your own cookie using

FormsAuthentication.RedirectFromLoginPage(facebookUserId, IsPersistent); // redirect to default logged in page

or

FormsAuthentication.SetAuthCookie(facebookUserId, false); // If you do not need to redirect to another page

More information can be seen here:
1) http://msdn.microsoft.com/en-us/library/ka5ffkce(v=VS.90).aspx
2) http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.setauthcookie(v=VS.90).aspx
3) http://msdn.microsoft.com/en-us/library/ff647070.aspx
0
 

Author Comment

by:smacca
ID: 34100649
Hi,

Thanks for the great examples and comments.

You have given fantastic direction but we are unsure of how the Facebook username associates with the underlying authentication module.
Normally, we would:

  1. Pass username to .net forms authentication (as with your example)
  2. Use the Application Authentication events to check the user details and assign roles to the Principal.

However, when you use Facebook and/or Twitter authentication, these details have no relation to our underlying system (e.g. roles - admin, user, guest).
So, do we:

  1. Have user login to the members area.
  2. Have them authenticate with Facebook/Twitter and then STORE their details against their member information (account).
  3. Then, when they return and sign-in with Facebook/Twitter we simply LOOKUP member account information using the Facebook/Twitter ID.
  4. Then, get their native username and authenticate as you would normally (as well as reassigning userid to the native one for identity, principal and context)


Hope this makes sense as I would really love to get on top of this algorithm.

Thanks kindly for your time.

Steve

 
0
 
LVL 5

Accepted Solution

by:
VincentSG earned 500 total points
ID: 34101425
Hi Steve,

If you want to authenticate the users with Facebook / Twitter directly (as in do not need to register with your site) , I would suggest:

1) Redirect to Facebook / Twitter login using their respective API. Once login is successful, then they will return a token, which I think is a GUID or user name, anyway you can treat it as a string.

2) Check the token with your database. If found, then proceed as usual. You should already have this user's profile in your database - whether he is a member or administrator.

3) Else you can go through the "Registration", for example, creating the entry in your own database and if necessary, ask the user a few questions to determine the type of user he is, for example, ask him to enter a code to prove he is admin or ask him to pay to access the premium section. This part is really your application design.


I hope this helps. Let me know if you need further explanation.


Best regards,
Vincent
0
 

Author Closing Comment

by:smacca
ID: 34105295
Great feedback. Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While working on Silverlight and WCF application, I faced one issue where fault exception occurred at WCF operation contract is not getting propagated to Silverlight client. So after searching net I came to know that it was behavior by default for s…
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now