I'm not quite sure I understand how to integrate Facebook into my website.
What I would like to do is allow users to sign in using their Facebook credentials.
The login is easy enough - but what I don't understand is the lifetime of the login. What I'm seeing is when I login through the popup, I get logged into Facebook as well. This isn't what I would expect.
Also, when I log out of Facebook, the Facebook cookie is deleted from my website as well.
Is this the expected behavior? It seems weird that if at some point in browsing my website the user logs out of Facebook they are logged out of my site as well.
I'm working with c# and asp.net if that matters.
As I understand, you just want to use Facebook as an easy way to log in. You're not pulling information from Facebook during the session with your app?
If that's the case, I'd keep my own authentication system but make it possible to use Facebook for logging in by claiming a user's user ID on Facebook. That way, as soon as they authenticate using Facebook you can get the user object by Facebook ID from your local data store, and use that to log in the user.
Your own (Forms) authentication system will then put your own cookies on the client for authentication, so as soon they log out of Facebook they'll remain logged in at your site.
Whenever you log in to Facebook as part of the Graph API flow, you remain logged in. And as soon as you log out, you're also logged out of your site. That is expected.
Related
I'm building a web app (c#, asp.net-core-mvc) for internal use in my company. Authentication is required through user Microsoft Accounts (either through Windows Authentication or Azure, both options are working).
The issue I'm having is that I have been asked to require password confirmation when executing certain actions.
I have looked in all the documentation I could find but have not been able to find anything about this use-case.
The one thing I have found out is that it's apparently impossible with Windows Authentication since you can't log someone out.
I have been able to prompt the login page by using return Challenge();, but it loops back on the login page when you login (or shows 401 error page if you cancel), and doesn't return anything I have been able to exploit.
With Azure it also loops right back to the login page.
It would in theory be possible through Azure authentication by logging the user out and then back in, but I haven't been able to send the user back to the right page with the right information after logging back in.
So if anyone has a solution I'm ready to try anything that uses Microsoft accounts (custom user accounts isn't really an option since it's an intranet application).
When the App Service has "Action to take when request is not authenticated" set to "Log in with X", any webpage hit gets sent to X for user login. Once the user logs in, the user is redirected to the page where they started.
For example, when the Social login service is Active Directory B2C, and the user starts from http://example.com/admin/monitor the user is sent to https://login.microsoftonline.com/...?...&state=redir%3D%252Fadmin%252Fmonitor
In this particular instance, I do not want all webpages to require authentication. How can I send a user to .auth/login/aad and specify the redirect_uri so that it comes back to the right page? If I do not specify anything, I end up at
and the website is only the originating website.
I am looking for something like https://example.com/.auth/login/aad?return_url=blahblah - I sure hope it exists!
Incidentally, there is a "redirect_uri" in aad that goes to /.auth/login/aad/callback. It looks like redirect_uri=https%3A%2F%2Fkamelos-app.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback. This is different than what I am talking about. After it goes to AAD, it goes to the Azure Mobile App and posts state=redir%3D%252Fadmin%252Fmonitor along with the token.
Update. I believe I am looking for "post_login_redirect_url"
You are looking for post_login_redirect_url I do not think there's a way to assign it from within a portal.
What you have to do instead is to navigate your users to
/.auth/login/<provider>?post_login_redirect_url=YOUR_URL
Your application can trigger the same redirect itself by navigating
the user to the /.auth/login/ endpoint of your site, where
is one of aad, facebook, google, microsoftaccount, and
twitter
from: https://azure.microsoft.com/en-us/blog/announcing-app-service-authentication-authorization/
If writing additional code is not an option you can configure an advanced authentication with AAD (not sure about Google, facebook, etc)
And when you do that you can add post_login_redirect_url to a return url.
In my application users can login using the social networks such as facebook, twitter, linkedin so can any one tell me how to check whether user is already logged in with the facebook/twitter/linkedin in Phone with browser or other internal Apps, My application should also be able to know that the user has logged in so that it should not ask again for the login screen, Even if the user logged in using web browser/Facebook internal App my application should be able to access those credentials and it should allow users to login with out asking for the credentials again.
How to do this.
Thank you for all hints and your help in advance!
Have you ever gone any authentication methods? This link helps you to undergo Facebook login authentication, where it asks for the permission for the first time and if user accepts, it stores all those credentials about the particular user.
Next time the person logs in, they don't want to login again. You just call the login method in startup and it automatically makes the login successful. You can also get the user informations, such as email address and basic informations and store it in your application(Isolated Storage) if the user gives access to your application and you can use it next time when the user enter into the application.
Like you can also perform authentication in Microsoft Account, Facebook, Twitter & Google w/ Mobile Services in the below link
http://code.msdn.microsoft.com/windowsapps/WP-Authenticate-Account-c7e0ef84
I am using twitterizer for posting tweets to a user's twitter account. It works fine but it is fully based on tokens (as you all know). This doesn't work in my case because Twitterizer redirects the user to the twitter page where the user logs and then using callbackurl the control is returned to our application.
My requirements are slightly different. I am storing user's twitter's account credentials in my database and then using those credentials I want to post the tweet.
Is this possible? So, in summary I don't want user to leave my site. They can configure their username and password in my application form and then I want to pick up those credentials and post a tweet.
Not sure about Twitterizer, but I believe you can register your app at twitter.com, do a one-time auth through OAuth, get and store the auth token, and use it permanently.
I can't speak from experience or authoritatively, but I believe storing their credentials in your DB is probably against Twitter's TOS.
See the OAuth FAQ for Twitter.
How long does an access token last?
We do not currently expire access tokens. Your access token will be invalid if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended.
AFAIK, twitter has stopped allowing that kind of functionality now. The only way to connect is by making use of twitter OAuth.
I'd like to do the following:
Allow users to register in my asp.net site using their facebook credentials.
Retrieve facebook client information. Like (Name, surname, email address etc). So I can import this information into my application.
Allow users to log into my site using facebook credentials.
I've been searching and have come across these options:
Facebook.net SDK
dotnetoauth
Facebook Connect
Graph API
I'm confused as to which would be the best way to go about this.
I think that this resource offers a good tutorial on how to integrate with Facebook's user infrastructure:
http://devtacular.com/articles/bkonrad/how-to-retrieve-user-data-from-facebook-connect-in-aspnet/
There is also this code example / framework which takes you though much of the process:
http://fbconnectauth.codeplex.com/
And this walkthrough which is a little more up-to-date:
http://area72.ro/general-it/how-to-login-via-facebook-in-asp-net.html
The easiest way to implement your solution would be to use the javascript SDK for this.
You add a Facebook Login button which the user clicks on and authorizes your website giving you access to his information. This basically skips the need for registration for facebook users since the registration is the actual login process.
When the user has authorized your website (thus logged in and registered) you have access to his information which you can use to store in your users database using his faceboook id as a key. You can access the user's information sending an http request to the graph api https://graph.facebook.com/facebook_id which will return a json object with the users information.
Other then the facebook login you will want a standard login, registration form for users without facebook.
http://developers.facebook.com/docs/guides/web/