发表新帖
发表新帖

ASP.NET Web API 2: How do I log in with external authentication services?

前端 未结
关注
3 1426
萌比男神i
萌比男神i 2020-11-27 09:33

According to this post http://www.asp.net/web-api/overview/security/external-authentication-services... I\'m able to log in with a local authentication service (wi

相关标签:
3条回答
  • 离开以前
    2020-11-27 09:59

    I found another post showing pretty details how this external authentication works. The client is WPF and server uses ASP.NET Identity.

    0 讨论(0)
  • 清歌不尽
    2020-11-27 10:16

    I had the same problem today and found the following solution:

    At first get all available providers

    GET /api/Account/ExternalLogins?returnUrl=%2F&generateState=true

    The response message is a list in json format

    [{"name":"Facebook",
  "url":"/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A15359%2F&state=QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1",
  "state":"QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1"}]

    Now send a GET request to the url of the provider you want to use. You will be redirected to the login page of the external provider. Fill in your credentials and the you will be redirected back to your site. Now parse the access_token from the url.

    http://localhost:15359/#access_token=[..]&token_type=bearer&expires_in=[..]&state=QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1

    If the user already has a local account, the .AspNet.Cookies cookie is set and you are done. If not, only the .AspNet.ExternalCookie cookie is set and you have to register a local account.

    There is an api to find out if the user is registered:

    GET /api/Account/UserInfo

    The response is

    {"userName":"xxx","hasRegistered":false,"loginProvider":"Facebook"}

    To create a local account for the user, call

    POST /api/Account/RegisterExternal
Authorization: Bearer VPcd1RQ4X... (access_token from url)
Content-Type: application/json
{"UserName":"myusername"}

    Now send the same request with the provider url as before

    GET /api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A15359%2F&state=QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1

    But this time the user already has an account and gets authenticated. You can verify this by calling /api/Account/UserInfo again.

    Now extract the access_token from the url. You have to add the Authorization: Bearer [access_token] header to every request you make.

    0 讨论(0)
  • 臣服心动
    2020-11-27 10:21

    For those trying to use Web Api 2 External Login with Facebook in Android App this post is explaining only the first part of what we have to do. Here is a very explanatory link of the whole picture:

    [Authenticated access to WebAPI via Facebook token from Android App

    0 讨论(0)
 看不清?
提交回复
热议问题