Using OAuth in .net without Membership

Posted by on Oct 30, 2013 in, MVC

If you search for anything to do with OAuth (Open Authorization), you’ll find lots of very comprehensive examples of how to get started using OAuth in .net 4.5 and VS2013 from the in built templates. You’ll also find a few .net 4.0 examples which also show you how to get started with OAuth, but pretty much everything described is tightly couples with membership. If, like me, you’re working on a project that uses its own authentication and authorization implementation, or you simply don’t want to take a dependency on a database of any kind, then the information is harder to get hold of. What is OAuth? At its simplest, OAuth allows you to log in to one site (site A) using your credentials from another site (site B) without ever providing your details to site A. This is beneficial for a number of reasons: Fewer credentials to remember for the user The hosting site doesn’t need to concern itself with handling this kind of sensitive data Rich profile information can be obtained (if permitted), enhancing the user experience Allows the user control over which sites can authenticate them and they can revoke this control at any time Many of the largest websites on the internet either offer OAuth login functionality (including the likes of StackOverflow, Vimeo, Digg, Disqus, Tripadvisor etc), or act as a provider (e.g. Facebook, Microsoft, Google, Yahoo, LinkedIn etc). It’s pretty safe to say, if you’ve logged in to any other site using your Facebook account, you’ve used OAuth. Lets get started In the following example I’ll be using VS2013, but VS2012 should also work just fine.   Create a new solution in Visual Studio:   File->New->VisualC#->Web->ASP.NET Web Application   Be sure to select Empty Web Application for the template and notice that Authentication is set to no authentication   Once the project has been created, open up NuGet (right-click on References and select ‘manage NuGet packages’) and search for the Microsoft WebPages OAuth Library (see screenshot).   This will install the library and a host of dependencies – fortunately none of these are membership dependencies. Once complete, if you look in your references folder you should find a number of OAuth references Register with Facebook   I’d recommend following the steps under the section ‘Registering with an external provider’ shown here: to set up and configure your Facebook application. Once complete you should have an App ID and a Secret key which we’ll need shortly. Set up OAuth Before your application starts it will be necessary to register the provider(s) you wish to offer. To accomplish this, create a new static class in the APP_START folder called OAuthProviders.cs and within a single static method called Configure. This is your first interaction with the OAuth libraries and where you will supply your credentials for Facebook: C# using Microsoft.Web.WebPages.OAuth; namespace OAuthSample.App_Start { public static class OAuthProviders...

Read More »