Last post Feb 12, 2014 05:19 PM by BrockAllen
Feb 12, 2014 03:01 PM|codeaholic|LINK
Are these alternatives? I'm really confused about this. I am currently using an asp.net Membership provider to secure an application. However, we need to add Facebook's security integration in. We basically have a username/token system that links the
guts of the application with the asp.net membership provider system linking them together. The thinking is we would simply link up the facebook username with the existing username/token system.
However, noticed the FormsAuthentication.SetAuthCookie Method mentioned as an alternative in this
http://stackoverflow.com/questions/5929396/facebook-authentication-and-asp-net-membership. However, out app will need to support iframes so I don't want the problems one of the posters mentioned about setting cookies from an iFrame.
Feb 12, 2014 03:07 PM|BrockAllen|LINK
Feb 12, 2014 03:38 PM|codeaholic|LINK
Ok, that is simple and well written to understand and I think I understand the difference. However, item #1 says:
For #1: To verify a user’s identity we need to determine what database to consult. This can be done with a custom database or this can be done with Membership API and the MembershipProvider model.
And, therein lies the problem. Is that really true anymore? With FaceBook and other interfaces entering the picture, #1 is no longer true as a "this" "or this" proposition. It has to be "multiple" databases "AS WELL" as the ASP.NET membership provider.
You have the users identity verified by Facebook (a customer database outside of your control) and you have to "link" that with ASP.NET membership as a "second" verification of the user's identity "as well"
So once the user as been authenticated by FaceBook, how do you force the membership provider to trust the facebook login and have them "automatically" verified so you don't have them logging into Facebook and then turning around and having to log in again
and "reverifying" "via the Membership API and the MembershipProvider model."?
Do you use FormsAuthentication.SetAuthCookie(username as connectivity token, false) ?
Feb 12, 2014 04:50 PM|BrockAllen|LINK
Two steps: 1) provde identity, 2) login to local app.
For #1 you can use a custom DB, membership, or external providers.
For #2 you use a cookie.
Since you're digging into this, I feel compelled to let you know that the forms auth cookie is an old API and is essentially dead. If you're on MVC v5 then you can use OWIN/Katana:
And then the external providers is easier as well:
Feb 12, 2014 05:04 PM|codeaholic|LINK
So Do you use FormsAuthentication.SetAuthCookie(username as connectivity token, false) will work?
MVC is overkill for what we are doing and would amount to writing 10 lines of code for every line of code.
Feb 12, 2014 05:19 PM|BrockAllen|LINK
Use can still use forms auth to keep track of the logged in user. Whatever you pass to SetAuthCookie needs to be a unique identifier for the user.