Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Add Social Media Authentication to ASP.NET Core

DZone's Guide to

How to Add Social Media Authentication to ASP.NET Core

Today, I'd like to share how you can go about enabling social media authorization for an ASP.NET Core application very easily.

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

Adding social media authentication is easy with ASP.NET Core. You start by creating another project, like you would with an ASP.NET Core MVC project, and selecting Individual User Accounts as the Authentication mode. This way the project template will add the database entities, controllers, and views to collect and store all the information needed to create a private site where users can register either directly (providing a username and password) or via OAuth providers like Facebook, Twitter, Google, Microsoft, GitHub, and others.

Adding a social login is just a matter of adding the right Nuget package and configuring the authentication provider in the ConfigureService method in the Startup class. For example, to add a Facebook login, add the Nuget package, we'd use the following: Microsoft.AspNetCore.Authentication.Facebook. Then add the following lines of code in the ConfigureService method:

services.AddAuthentication().AddFacebook(facebookOptions =>
{
    facebookOptions.AppId = Configuration["Authentication:Facebook:AppId"];
    facebookOptions.AppSecret = Configuration["Authentication:Facebook:AppSecret"];
});

Now you have to register a new application on the Facebook developer portal in order to get the AppId and AppSecret needed to authenticate your application with Facebook. Go to the URL https://developers.facebook.com/apps/ and click on the Add a New App button and add the basic information for your app. Once that's done, go to the settings and enter the URL for the OAuth redirect page, which is /signin-facebook (but you need to specify the absolute URL, http://localhost:nnn). This route is added by the Nuget package for the Facebook authentication.

The last thing is to retrieve the AppId and AppSecrets needed for the application to work. For this, go to the Dashboard inside the developer portal:

Now that you have these values, you have to store them in the settings of your application. Since this is sensitive data, you don't want to accidentally commit them to a public source repository, so it's better to store them in the User Secrets.

The file is stored in the user profile, which is still easily readable, but, in theory, only by its owner. The, in production, this information can be passed to the app in different ways, like shown when explaining the configuration of app settings inside the WebHost.

{
  "Authentication": {
    "Facebook": {
      "AppId": "myappId",
      "AppSecret": "myappsecret"
    }
  }
}

Now just launch the site and you'll see a new button to sign-in and log-in via Facebook

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
security ,authentication ,asp.net core ,web application security ,oauth

Published at DZone with permission of Simone Chiaretta, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}