Integrating Facebook Authentication with existing ASP.NET Membership

Question

Coding Platform: ASP.NET 4.0 WebForms with C#

We have a website with the existing login details managed by ASP.NET Membership Provider.
Now client wants to add Facebook Connect to it.

So on registration I am giving a Register using Facebook Button.
How shall I proceed with integrating a successful authentication from facebook to my membership provider?

What I am planning is to create a username with unique identifier as a new user in ASP.NET Membership and link that to another table that contains other open-id users(cos in future we plan to extend to Google, Twitter, Live and all). Is that the best method?

Answer 1

Well, I think that you have two options here.

Option A: Use the Facebook Registration Plugin and then get the user registered as a regular user i.e. no FB user id is stored into the db, you only have one type of user.

Option B: Ask for email permission within your FB connect and get the user email in order to compare against your user table and make a match (your user table id with FB uid) in case it's found into your DB.

HTH!

Answer 2

Wait, there's a facebook developer toolkit on codeplex? Wish I'd known that. :-p

I've noticed that most sites that let you sign in with either Facebook or your Email will only let you do ONE OR THE OTHER. For example, I have a LivingSocial.com account - and although they offer FB I can only log on with my email (as that's how my account was created). I have a BrazenCareerist account, but that let's me log in ONLY with my FB (even though they support email) because the account was created via FB Connect/Open-Graph.

I didn't like that approach as it felt limiting - so I wanted users to be able to sign-in however they wanted. You have 4 flows:

1. User signs up for site with FB and then signs in with FB on return
2. User signs up for FB and then signs in with email on return
3. User signs up with email and then signs in with FB on return
4. User signs up with email and then signs in with email on return

If they sign up with facebook, grab their email address for future use (via the FB API).

Assuming they're signed up already on your site, then when they sign in with FB, there's no need request a password. (check their documentation http://developers.facebook.com/docs/authentication/)

If they sign in with their email address, they'll need to enter a password. They probably created on if they signed UP with their email address; but the trick is that if they signed up with FB they might NOT have a password.

I created a page that, upon FB sign up, asks for a password. It gives a friendly message like "Congrats! You account on [our site] is created. For your privacy, facebook doesn't tell us what your password is. Please create a password for [our site] below. (As long as you sign-in with facebook, you'll never use this)."

Hope that helps.