I need a user to login to a website using out of the box authentication to Facebook. I now need to link to the users drive in Google (and other services). I want to use ASP.Net Identity OAuth Identity providers to handle the token exchange, BUT I don't want it to touch an existing UserCredential or use it for SignIn
of the UserPrincipal
My goal is to prevent
AuthenticateCoreAsync
from returning a AuthenticationTicket
that results in modifications to the current logged in user identityQuestion
What effect does setting a custom grantIdentity have on IOwinContext.Authentication.SignIn()
?
Does SignInAsAuthenticationType solve my need?
If not, when would this be used?
Theoretical code using Google provider
// The cookie needs to be First in the chain.
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "CustomExternal",
AuthenticationMode = AuthenticationMode.Passive,
CookieName = "MyAwesomeCookie",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
//Additional custom cookie options....
});
//Note that SignInAsAuthenticationType == AuthenticationType
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions
{
AuthenticationType = "GoogleBackOffice",
ClientId = "abcdef...",
ClientSecret = "zyxwv....",
SignInAsAuthenticationType = "CustomExternal"
});
Claims are name/value pairs that contain information about a user. So an example of a good scope would be "read_only". Whilst an example of a claim would be "email": "[email protected]".
By default, a user's claims are stored in the authentication cookie. If the authentication cookie is too large, it can cause the app to fail because: The browser detects that the cookie header is too long.
The Visual Studio 2015 MVC Individual User Accounts template does something like this. You create your first account (with a local username and password or a remote provider), and then you can link other identities to that one. It does this linking by maintaining two cookies during the login, one for the app and one for the external identity.
If you look in the ManageController under LinkLoginCallback, you should be able to tweak the logic at that point to store the external identity tokens, but not grant it login access to your application.
In other words, logic like this should be managed at the authorization layer in your controller logic, not at the authentication layer in the auth middleware.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With