I have android game done in unity. I have server rest API made in .Net, which is using Microsoft SQL Database.
I would like to do some registration - creating new account and Authentication like modern games are using. They during the login screen determine if user existed or not and if user existed the user data are served to the client. If user do not exist the new account is created.
I dont want use password and username. Also want be able to access my game account in any device which is owned by my. (using same google account)
I would like to have authentication like modern android games. E.g Clash Royale, Clash of Clans, Modern Strike, Fire Age, Candy Crash Saga etc.
my questions are: What are best practices for android game registration/authentication ?
Where is starting point I should start learn ? Any links would help.
I know how to create client, web api, also work with database, understanding hashing. What I am missing is best practice, how to do it properly. Or how to merge stuff i know to do it properly.
Also I did my homework: Searched that there is something like OAuth2, which used to login using 3rd party identity, which might be my google account ? But not sure if thats the way.
Egid
In registration on server make a unique guid for each user and send it to client. Client should save the id to use it for next logins. Now you can sync user game account with google account by saving the id of user in google savedgame. When user wants to login from another device he can sync with google and client get the saved id from google savedgame and use it to login.
Users never see the guid and it only save and restore from google account
Related
I am implementing the Facebook Login widget inside my ASP.NET 4.5 C# web application. When I clicked the login button I eventually get the accessToken. My question is regarding making the user persistant in my application.
There is data that is associated with the specific facebook user. when the user log off and log in back (assuming that the cookie might be deleted), I want to be able to recognize him again to display the relevant information.
I know that I need to use the database, but what is the best practice to do so. Should I use the user ID or email address as a unique user identification string?
I am using MySQL as the backend.
I have been working on a similar application which uses either Facebook (OAuth), Google (OpenId) or a manual registration login approach.
My prefered solution was to ask the user for their email address, you will need to request extended permissions on the email field from Facebook as it is not offered up by default.
http://developers.facebook.com/docs/authentication/permissions
My table structure looks like this.
User
Id (int)
Email (nvarchar(256))
FacebookToken (nvarchar(256))
GoogleToken (nvarchar(256))
The advantage to this method is you are able to link up your users to the right account if you decide later to add another authentication / identification service or roll your own. It won;t matter if they login to FB, Google or Twitter - you always know whcih account to attach them to.
It is also useful to have an email address for each of your users regardless.
Regards
Steve
I am writing a small client to sync the outlook calendar on a machine with a user's google calendar. I am using .Net (C#).
I just read about accessing the Google Calendar API using the Google APIs Client Library for .NET and tried some basic stuff.
Now regarding the Authorization, as far as I understood, the new "OAuth 2.0" Authorization requires a "user consent", which means the user is directed to a google page where they must explicitly allow my application access to their calendar.
As if this user interaction is not enough, I as a programmer have to handle "access tokens" or "refresh tokens" and all that stuff.
Now my question is:
Is there really no easier way to have an installed application communicate with the google API to access a user's calendar?
I would like my user to enter his username/password in a "Settings" dialog. His credentials would be stored locally (encrypted of course) and then be used later on every access via google API. I know this can be dangerous and all that however I would like that decision to lie with me.
So, is that possible?
No that is not possible. The entire point of OAuth is the user never gives a 3rd party (you) their username and password. The only thing you get is a token that allows you to connect that the user can revoke at any time. (Also if the user changes his password, you can still use the same saved token and do not need to make the user update their settings).
If you decide to "work around" this by saving the username and pasword and performing the "authorization" yourself you will be in violation with the TOS of the API and will have your application banned by Google (or any OAuth provider if you try it with someone else) for not following the rules.
I can't believe I'm asking this, since it apparently should be very simple.
I'm building a website, where I'd like my own user database to be able to "connect"/merge with a facebook profile.
That means, both users with and without facebook is allowed.
But I cannot for the life of me, figure out, how I join existing users in my database with facebook profile?
I've seen the flowchart on developers.facebook which is exactly what I need, but I can't figure out what to do to merge. What do I need to do in my database? and how do I capture the information I need from the registration plugin to merge?
I've read a lot here:
http://developers.facebook.com/docs/plugins/registration/
But I can't see the connection.
When people register via Facebook they are doing 2 things - they are connecting to your Facebook App (the one you created to get an App Id and App Secret) and they are registering on your site.
If they have registered on your site but not connected via Facebook, Facebook doesn't have any way of knowing that so it falls on you to figure it out. They'll go through the registration process as if they were a new user, but when you get the data you should check and see if you have a user that matches already. How you do that is up to you. Maybe they were already logged in normally and so you have their user id or something internal like that. Maybe they weren't and you have to see if the email address used is already in the database. How you then create their account or add any extra data you just gained from Facebook is up to you.
To get the data you'll have to process the signed_request POST variable which will have all the data on it. This is when you look at the email address or whatever fields you want to use to determine if the user already exists or not.
You should also be creating the new user in your database at this time. How you do that is again up to you.
Remember, Facebook is making the collecting of data easier as it imports things like name, email, birthday, etc for you so users don't have to type it all in. It's still up to you to create the user and do whatever you do on your end.
Connecting through Facebook will connect them with your app but you'll still need to create an account for them.
I'm creating a desktop application in C#.
one of the things that this application should do is to publish things to the status of the user in facebook (like: "dave just won 3 gold medals" ). this should happen whether the user is logged in now to facebook or not. I want the user to give me all the needed permissions once and then everything would happen automatically (I would save whatever is needed on my DB).
I tried using facebook developer toolkit 2.0 for .net but didn't see anything there that could help me.
ANY help would be appreciated.
For you question:
you need to use the Facebook Connect API
there is a Feature called offline_access - its an extended permission.
In FB Connect you need to toggle the correct popup :
The workflow will be like that:
User uses FB Connect to confirm the fact he wants to connect your app to his facebook account.
You trigger the popup.
You can then call all calls on his permission even if he is offline (or not using facebook connect)
For the sake of understanding: FB Connect is meant that way that you can easily log the user into his app and do everything on his behalf. offline_access is actually meant for cronjob work.
Iv'e got some answers here. I think it answers other questions I saw in the web lately:
My answer is related to desktop applications that works outside of facebook (facebook connect).
+ I'm using the facebook developer toolkit 2.1:
Here is how to get the special permission, needed to for offline access. and how to get the session key:
facebook.Components.FacebookService FS = new facebook.Components.FacebookService();
FS.GetExtendedPermission(facebook.Types.Enums.Extended_Permissions.offline_access);
The second line will force you to login and afterwards would ask for the permission after the user choose to grant the permission, you are given in the post URL - the fb_si_session_key. BUT the toolkit developers didn't do enough to bring it to you :-(
So you have few options. the simple one is to do:
FS.Logoff();
FS.ConnectToFacebook();
What will happen is that you'll see the login screen for a second and before youll be able to click anything it would vanish. but this time you'll have the right session key. you can get it like that:
string myPermanentSessionKey = FS.API.SessionKey;
If you dont want to show that annoying screen again you have few options, all of them are related to changing the source files of the toolkit. I'm not gonna get into it here, but just tell you a simple option: in the facebookconnect() function I changed it to receive a parameter (isShow) when I send true to it, it behaves normal, when I send false to it - it skips on the formLogin.ShowDialog();
It's working.
I'm trying to put together a (real-life) game for my college campus and it'd be really easy if they just go to a website and click a button that says "Sign Me Up!" in which that button would send the username that person is signed in as (Since user names on our school laptops are always firstname.lastname). If there's no way I can grab the person's username, is there a way I can prevent people from submitting multiple forms with more then just a cookie?
are you looking this...
HttpContext.Current.User.Identity.Name
Are you going to be able to host this site on your College's network? if you are, and you've enabled Windows Authentication rather than Forms Authentication then querying the Current user's Identity will "just work".
If you're going to have to host the site elsewhere, or on a different area of the college network (say a different domain), then using windows authentication won't provide the solution for you.
You'll need to create a simple registration page (you could easily use the standard registration wizard and login controls, talking to the default ASP.NET Membership database - see Introduction to Membership for more details).
In terms of limiting sign-ups to one per user, if you collect (say) a college or similar email address you can check those for uniqueness as well, and ensure that people are only signing up once (admittedly potentially per email address they have).