background preloader

Asp.net authentication

Facebook Twitter

A primer on external login providers (social logins) with OWIN/Katana authentication middleware. Like MVC 4, in MVC 5 and Visual Studio 2013 we have the ability to use external login providers (aka social logins) in our ASP.NET applications.

A primer on external login providers (social logins) with OWIN/Katana authentication middleware

The big change related to this from the prior version is that we no longer are using DotNetOpenAuth and instead are now using OWIN authentication middleware to handle the the various protocols to these external providers. Unfortunately the templates in Visual Studio 2013 related to these external providers are quite complex and can be overwhelming (I know, because it took many *days* of debugging and using reflector to really understand how it all worked). Anyway, that’s the point of this post – an attempt to explain in the least amount of code how this external authentication middleware works in Katana.

I already made a couple of other posts related to this (cookie middleware and active vs. passive middleware), so those are assumed knowledge. The above code gets the OwinContext from the request. Like this: Like Loading... AngularJS Authentication with Auth0 & ASP .Net OWIN - Bit of Technology. This is guest post written originally to Auth0.

AngularJS Authentication with Auth0 & ASP .Net OWIN - Bit of Technology

Recently I’ve blogged about using tokens to authenticate users in single page applications, I’ve used ASP.NET Web API, Owin middleware and ASP.NET Identity to store local accounts in database, I didn’t tap into social identity logins such as (Google, Microsoft Accounts, Facebook, etc..) because each provider will not supply the same information (profile schema) about the logged in user, there might be properties missing or with different names, so handling this manually and storing those different schemes will not be a straight forward process. I was introduced to Auth0 by Matias Woloski, basically Auth0 is a feature rich identity management system which supports local database accounts, integration with more than 30 social identity providers, and enterprise identity providers such as (AD, Office 365, Google Apps, etc…).

You can check the full list here. Section 1: Building the Back-end API. ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app - Bit of Technology. Ok so it is time to enable ASP.NET Web API 2 external logins such as Facebook & Google then consume this in our AngularJS application.

ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app - Bit of Technology

In this post we’ll add support to login using Facebook and Google+ external providers, then we’ll associate those authenticated social accounts with local accounts. Once we complete the implementation in this post we’ll have an AngularJS application that uses OAuth bearer tokens to access any secured back-end API end point. This application will allow users to login using the resource owner password flow (Username/Password) along with refresh tokens, and support for using external login providers.

So to follow along with this post I highly recommend to read previous parts: You can check the demo application, play with the back-end API for learning purposes ( and check the source code on Github. Sequence of events which will take place during external login: Sounds complicated, right? Step 1: Add new methods to repository class Why did we add two end points? Using JSON Web Tokens with Katana and WebAPI. A common question I’ve been getting is how to use tokens with ASP.NET, specifically JSON Web Tokens (JWT) with ASP.NET WebAPI where the OAuth server and the resource server are the same.

Using JSON Web Tokens with Katana and WebAPI

In other words, you have a single web site that wants to both issue tokens to authenticated clients and verify the same tokens on incoming requests. Setup To pull this off with Microsoft’s OWIN based components you’ll need the Microsoft.Owin.Security.Jwt package from NuGet, which brings in a few dependencies, including System.IdentityModel.Tokens.Jwt. The app building setup code is simple (it is the details that are a bit trickier). We need: OAuth middleware to issue a tokenAuthentication middleware to validate a token and set the user identity for a request. OWIN startup code can register both of these middleware pieces using app builder extension methods. OAuthOptions The devil in the details starts with MyOAuthOptions, which is a wrapper for the OAuth server options.

JwtFormat OAuthProvider. ASP.NET Identity with the Entity Framework. In a previous post (Core Identity), we saw how the .Core identity assembly provides interfaces for describing the data access needs of a membership and identity system.

ASP.NET Identity with the Entity Framework

Core also provides a UserManager class with the domain logic for identity management. The .EntityFramework identity assembly provides concrete implementations for the core interfaces. Here are 5 things to know about how it all works together. In A New MVC 5 Application If you use File –> New Project to create an MVC 5 application with the “Individual User Accounts” security option, the new project template will spit out all the code needed for users to register, login, and logoff, with all information stored into a SQL Server database. Remember the UserManager is the domain logic, and the UserManager needs (at a minimum) an IUserPasswordStore to persist users and passwords.

In short, an identity specific DbContext plugs into the concrete user store, which then plugs into the user manager. In A New Web API or SPA Application.