1

I need to integrate external login support (Facebook, possibly others) into a web project. The default MVC4 template for this works fine, I can interact with Facebook.

The problem is with the extra DB baggage the SimpleMembership drags on. There's already a custom membership provider and schema in place and I don't want to see those ugly webpages_Membership etc. tables. The external auth module should adapt to my environment and not the other way around.

I searched all day trying to find ways to customize what comes out of the box but it doesn't seem possible.

Do I need to roll my own flavour of OAuthWebSecurity to get anywhere with this?

The project is currently in the VS2012 realm, but will soon move to VS2013. Is there anything to gain OAuth wise that my situation would benefit from with the migration? I tried to look for some insight on that as well, but everywhere I read "Ohh look how everything is easy with this magic box that we're not going to disclose any further".

Improve this question

1 Answer 1

Reset to default
2

Frankly I have no idea what the default MVC4 project offers when it comes to Oauth2 authentication but the flow is really basic. Let me start by explaining it, assuming that you match users by emails (which is quite useful):

  1. Your site redirects to Facebook asking for authentication with selected profiles
  2. Facebook authenticates your user and redirects back to your application with a unique code
  3. Your server uses the code to obtain so called access token (a long string)
  4. Using the access token you can call various web apis, including a method that returns user email, name and given name
  5. Using returned information, you search for an user in your database with the same email
  6. You issue the forms cookie manually, with the username of the found user

The flow is really clear and it is possible to implement it manually using manual redirects and an HttpClient to call the profile web api. However, you don't really have to.

There are two possible approaches.

First, you somehow manage to tame the provided mvc-oauth flow so that you hook at step 4. of the above flow. Instead of letting the flow to automatically pick a user from builtin DB tables, you do it manually.

Second, you switch to DotnetOpenAuth library which provides a clear API and doesn't depend on any builtin infrastructure elements. They have clear, ready to use examples, you download their examples and immediately have a working application that does facebook authentication and reads facebooks apis.

I recommend the second approach, you can come back when you have specific DotnetOpenAuth questions. The library is used commonly and questions regarding such basic case as facebook integration should be answered by someone (including myself if I spot your question).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.