Clever Geek Handbook

Can I create a non-membership ASP.NET user?

I'm implementing OAuth (my first time) and I've spent some time now working out how to implement it with ASP.NET MVC (I don't want to use OpenID)

I have installed (for now):

  • getting OAuth accessToken
  • get the id of Facebook users (or google, etc.).
  • checking db table for this id - (table created specifically for OAuth registration)
  • If ID is found I want to use FormsAuth.SetAuthCookie () and
  • assign them a role to access the site's membership area - but at the moment, membership registration has failed, so there is no such role that might not be available to access site sites, that's my problem.

I have been playing around with the idea of ​​creating an asp user programmatically with Username = Fb.ID and Password = Random (stored in the OAuth db table mentioned above) and write them down programmatically, but

A : seems to take a very long time

B : it seems wrong to store this password like this

Should I create a user and write them to the program?

Is there a best practice when dealing with asp.net and OAuth membership?

+3


source to share


2 answers


Once you go back to FB or OpenId, you need to store the cookie like this:

    HttpCookie httpCookie = FormsAuthentication.GetAuthCookie(openId, remember);
    httpCookie.Expires = DateTime.Now.AddMonths(1);
    HttpContext.Current.Response.SetCookie(httpCookie);


And then you can set the role in Global.asax

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
    var context = HttpContext.Current;
    if (context.User != null && context.User.Identity.IsAuthenticated)
    {
        var user = new Dao<User>().GetByOpenId(context.User.Identity.Name);
        context.User = new GenericPrincipal(context.User.Identity, 
            new[] { Enum.GetName(typeof(UserRole), user.Role) });
    }
}
+3


source


When implementing user authentication via LiveId (which is very similar to OAuth login in terms of your concerns), I prefer to create a user using a membership provider with an empty or generic strong> (configured in AppSettings). I can use FormsAuthentication.Authenticate method and set auth cookie.

With this approach, I can use a RoleProvider to store additional roles and a ProfileProvider to store additional profile data that I don't get through the LiveId.



If you offer an alternative login method, for example for administrators, make sure that only users in that administrator role can log on through the alternative login method.

+1


source






More articles:


All Articles