/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Add Social Media Authentication to ASP.NET Core

DZone's Guide to

How to Add Social Media Authentication to ASP.NET Core

Today, I'd like to share how you can go about enabling social media authorization for an ASP.NET Core application very easily.

by
·
Dec. 27, 17 · Security Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Mobile is increasingly becoming a part of every consumers’ identity, but the increasing use of this digital channel is escalating the security risks faced by consumers and institutions.

Adding social media authentication is easy with ASP.NET Core. You start by creating another project, like you would with an ASP.NET Core MVC project, and selecting Individual User Accounts as the Authentication mode. This way the project template will add the database entities, controllers, and views to collect and store all the information needed to create a private site where users can register either directly (providing a username and password) or via OAuth providers like Facebook, Twitter, Google, Microsoft, GitHub, and others.

Adding a social login is just a matter of adding the right Nuget package and configuring the authentication provider in the ConfigureService method in the Startup class. For example, to add a Facebook login, add the Nuget package, we'd use the following: Microsoft.AspNetCore.Authentication.Facebook. Then add the following lines of code in the ConfigureService method:

services.AddAuthentication().AddFacebook(facebookOptions =>
{
    facebookOptions.AppId = Configuration["Authentication:Facebook:AppId"];
    facebookOptions.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
});

Now you have to register a new application on the Facebook developer portal in order to get the AppId and AppSecret needed to authenticate your application with Facebook. Go to the URL https://developers.facebook.com/apps/ and click on the Add a New App button and add the basic information for your app. Once that's done, go to the settings and enter the URL for the OAuth redirect page, which is /signin-facebook (but you need to specify the absolute URL, http://localhost:nnn). This route is added by the Nuget package for the Facebook authentication.

The last thing is to retrieve the AppId and AppSecrets needed for the application to work. For this, go to the Dashboard inside the developer portal:

Now that you have these values, you have to store them in the settings of your application. Since this is sensitive data, you don't want to accidentally commit them to a public source repository, so it's better to store them in the User Secrets.

The file is stored in the user profile, which is still easily readable, but, in theory, only by its owner. The, in production, this information can be passed to the app in different ways, like shown when explaining the configuration of app settings inside the WebHost.

{
  "Authentication": {
    "Facebook": {
      "AppId": "myappId",
      "AppSecret": "myappsecret"
    }
  }
}

Now just launch the site and you'll see a new button to sign-in and log-in via Facebook

Explore the authentication advancements that are designed to secure accounts and payments—without overburdening consumers with a friction-laden experience.

Like This Article? Read More From DZone

Authentication Using Google in ASP.NET Core 2.0
Authentication Using Facebook in ASP.NET Core 2.0
Build Secure User Authentication in ASP.NET Core With OIDC and OAuth

Free DZone Refcard

REST API Security
DOWNLOAD
Topics:
security ,authentication ,asp.net core ,web application security ,oauth

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Find out how to Secure your applications with Point and Click protection.
Learn how to Patch faster than attackers can find you
Securing Payments and Earning Trust in a Mobile Financial World
Rapidly detect security vulnerabilities in your web, mobile and desktop applications
Eliminate vulnerabilities from applications before they are placed into production and deployed
Intelligent Finding Analytics: Your Cognitive Computing Application Security Expert
What is the Deserialization vulnerability and what are the challenges in providing a solution
Five Steps to Achieve Risk-based Application Security Management: Updated Second Edition

Security Partner Resources

Find out how to Secure your applications with Point and Click protection.
Learn how to Patch faster than attackers can find you
Securing Payments and Earning Trust in a Mobile Financial World
Rapidly detect security vulnerabilities in your web, mobile and desktop applications

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone