Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook login using external bearer token (MVC4 Web Api)

Tags:

authentication

asp.net-mvc

asp.net-web-api

owin

I'm trying to implement facebook login using external bearer token. I created new project in VS 2013 and selected individual user account authentication like in this tulorial http://www.asp.net/web-api/overview/security/external-authentication-services.

I configured facebook authentication:

app.UseFacebookAuthentication(
            appId: "123[...]",
            appSecret: "123[...]");

And all work fine.

My test method:

[OverrideAuthentication]
[HostAuthentication(DefaultAuthenticationTypes.ExternalBearer)]
[Route("ExternalLogin2", Name = "ExternalLogin2")]
public async Task<IHttpActionResult> GetExternalLogin2()
{
    ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
    return Ok();
}

I don't understand how [HostAuthentication(DefaultAuthenticationTypes.ExternalBearer)] works.

I invoke GET request in fiddler:

GET http://localhost:17353/api/Account/ExternalLogin2 HTTP/1.1
Authorization: Bearer [my facebook token]
Content-Length: 28
Host: localhost:17353

But I receive 401 result.

What I must do for authenticating by external bearer token?

like image 992
Neshta Avatar asked Dec 17 '13 07:12

Neshta

1 Answers

I haven't found solution for this problem. But I solved task by another way. I added HTTP header X-Facebook-Token and passed it there. In overrided method GrantResourceOwnerCredentials(context) of OAuthAuthorizationServerProvider I caught the token from context.Request.Headers["X-Facebook-Token"].

string facebookToken = context.Request.Headers["X-Facebook-Token"];
if (facebookToken == null)
{
    context.SetError("invalid_grant", "Facebook token was not found in X-Facebook-Token header.");
    return;
}

dynamic facebookUser;
if (!FacebookUtil.TryGetUser(facebookToken, out facebookUser))
{
    context.SetError("invalid_grant", "Facebook token is incorrect.");
    return;
}

In FacebookUtil.TryGetUser() I used Facebook library http://www.nuget.org/packages/facebook

public static bool TryGetUser(string facebookToken, out dynamic user)
{
    var facebookClient = new FacebookClient(facebookToken)
    {
        AppId = AppSettings.FacebookAppId,
        AppSecret = AppSettings.FacebookAppSecret
    };

    try
    {
        user = facebookClient.Get("me");
        return true;
    }
    catch (Exception)
    {
        user = null;
        return false;
    }
}
like image 86
Neshta Avatar answered Sep 25 '22 15:09

Neshta
Sign in to Comment

Related questions

How is User Identity | Principal set during the application lifecycle
Unobtrusive custom/conditional validation with Fluent Validation
Deploying MVC4 site to Azure results in ExtensionAttribute exception
Google Combo Charts?
Roles.Enabled is true even if roleManger.enabled is set to false
Which assemblies are required for MVC4?
Customers Truncating Querystring, causes FormatException
Controller actions hit multiple times - ASP.NET MVC 4 App running in Azure Emulator
How to use Web Deploy 3.0 with a non-admin account
Object reference not set to an instance of an object. in MVC Layout = null [duplicate]
MVC Razor Dropdownlist with Image and label?
MVC - is there a way to declare multiple properties in a model with the same attributes, different names
Upload file form powershell to asp.net
Set cookie without page refresh
Group list entries with LINQ
Unit testing method converting MVC view to string using View.Render method
Naming Convention for ViewModel Child Objects
Where is the official documentation for programming an Outlook "internet calendar subscription"?
How to setup custom schema for the new Microsoft.Asp.NET Identity (MVC5)
PrepareRequestUserAuthorizationAsync fails

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!