CODEWITHSUNDEEP
.netasp.net-web-apifacebook-authentication
lostaman
lostaman

Reputation: 932

ASP.NET Web API Facebook authentication

I'm developing a system which consists of a few components:

  1. RESTful services - public API that has to be accessible from mobile devices. (ASP.NET Web API)
  2. ASP.NET MVC 4 Web site, that also uses the services.
  3. Mobile app.

Site\app users should be able to login there using their Facebook account. My current understanding of the process is the following:

  1. The site\app makes request to Facebook to get access token. Once user confirms to pass his\her details to my application my site\app receives the authentication token.

  2. The site\app passes the token to my RESTful API

  3. API validates the token by sending a request to facebook with the secret. Then the user can be created\authenticated, api generates access token for the user. I do not see any reason to make requests each time user tries to access API.

I'm thinking about best way to implement this. ASP.NET MVC 4 has OAuth support out-of-the box, but it works only if you do everything inside MVC application. DotNetOpenAuth has built in FacebookClient class, but it assumes the same think. I do not want to expose the secret outside API for security reasons.

As last stand option we can implement this by making direct requests to facebook, but I wonder if there are any better options? Can DotNetOpenAuth be utilised for this two step process?

Upvotes: 2

Views: 367

Answers (1)

Rahul P Nath
Rahul P Nath

Reputation: 354

Asp.Net Web api supports external logins and this is supported via the Owin pipeline. There are providers for all the popular social networks and can be easily setup for your api. In this case the flow of the app would be as below

  1. The site/app request your api for the supported login providers(your api could support multiple social networks and also have a username/password login ot its own).
  2. If user selects to login via facebook then we make a request to the api which would inturn redirect the user to the facebook login.
  3. On succefull login the facebook token would be sent to the api and api will wrap this facebook token with its own token and sent it back to the site/app along with the additional details like email, name etc.
  4. With the email/details got from facebook we register the user with the api.

You can find a sample implementing the same here

Upvotes: 0

Related Questions