CODEWITHSUNDEEP
apiasp.net-mvc-4oauth-2.0ravendbmembership-provider
esbenr
esbenr

Reputation: 1524

Authentication with Asp.Net, RavenDB and OAuth support

Building a website that also will require an API and therefore (possibly) OAuth support for login I'm in doubt how to approach he user and authentication-part.

So I've got an ASP.NET MC4 application with RavenDB.

What is the best approach?

I'm not really sure where to start, any suggestions on how to do this is appreciated.

Upvotes: 9

Views: 1135

Answers (2)

Pure.Krome
Pure.Krome

Reputation: 86957

enter image description here

** Clicky-click for da GitHub project **

IMO, forget storing usernames and passwords. That's crazy talk! Let people login with their Facebook, Google or Twitter credentials. That's the 80%'s for the common websites.

Authentication and storing the credentials are two different tasks IMO. For example, I don't care where you authenticate against .. and once you do .. I don't care how you store that data :)

Personally, I would store it in a RavenDb .. but that's my personal choice.

As such -> keeping these two tasks SEPARATE is (IMO) crucial.

enter image description here

So lets look at some codez ....

public ActionResult AuthenticateCallback(string providerKey)
{
    // SNIP SNIP SNIP SNIP

    var model = new AuthenticateCallbackViewModel();
    try
    {
        // SNIP SNIP SNIP SNIP

        // Complete the authentication process by retrieving the UserInformation from the provider.
        model.AuthenticatedClient = _authenticationService.CheckCallback(providerKey, Request.Params, state.ToString());


        // Create a new user account or update an existing account.
        // Whatever you end up doing, this is the part u want to
        // pass this data to your repository (eg. RavenDb, Sql Server, etc)
        // I'll use RavenDb in this example...
        // And yes .. this is a contrite example. U might want to check for
        // existing email or id or whatever u need to do, etc.
        var myUser = Mapper.Map(model.AuthenticatedClient);
        session.Store(myUser);
        session.SaveChanges();

        // SNIP SNIP SNIP SNIP
    }
    catch (Exception exception)
    {
        model.Exception = exception;
    }

    return View(model);
}

So lets look at what I've done. I've snipped out any verbose stuff (value checks, etc) which are just noise in this SO answer.

First, I handle the Authenticate callback. Eg. I've just gone to Facebook and it's said 'yes! you ARE you' .. and it's coming back to my website, with some data i've asked it to give me.

Next... we are given some data from Facebook .. but this might not be in the format we want to put it into, in RavenDb. So i convert it from the old format to a new shiney User class which is what you'll stick in your Db.

Third - I store this in the Db. This is where you would do any custom DB logic

that's it.

M O D U L A R I Z E T H A T S H I T

The.End.

Now excuse me .. there's a few hours left before The Apocalypse. I must prepare myself.

Upvotes: 10

jgauffin
jgauffin

Reputation: 101150

Well. The membership providers are bloated. If you don't plan on using the features in them but just OAuth I would not use them. The SimpleMembership and the oath provider supplied in MVC4 is unfortunately even a larger mess.

So your options are:

  1. Use the SimpleMembership
  2. The built in OAuth support
  3. Use a custom membership provider
  4. Use a custom oauth provider

If you plan to stick to #3 I would recommend using mine (in Griffin.MvcContrib). It's not trivial to build a membership provider.

As for oauth you have a solution like: https://github.com/rafek/SimpleSocialAuth

Upvotes: 0

Related Questions