Tag Archives: OAuth

[RESOLVED]Adding a new field in Register Page.Storing Data in DataBase

December 5, 2014Controller, Entity Framework, HTML, OAuth, Post, Table, View, Web FormsController, Entity Framework, HTML, OAuth, Post, Table, View, Web Formsadmin

Hi,

I’m new to this,To start with i downloaded a wingtip web asp.net sample. I want to include a new field ‘EMPLOYEEID" in register page and store the data in AspNetUsers database table. I have created the field in Register page and a new column in database(Aspnetuser.EmployeeID)
.

What are the changes to be done in code to add the user data to database through register page.

//For now I have done something like this: IN register.aspx page I changed this(in BOLD)

protected void CreateUser_Click(object sender, EventArgs e)
{
var manager = Context.GetOwinContext().GetUserManager<ApplicationUserManager>();
var user = new ApplicationUser() { UserName = Name.Text, Email = Email.Text , EmployeeID = EmployeeID};
IdentityResult result = manager.Create(user, Password.Text);

See the section "Adding Profile Data to the User Class" in this link,

http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

Hi harshilshah,

Thanks for your post.

Based on my understanding ,you want to add extra information in AspNetUsers database table?

Firstly you need to install these two packages:- Microsoft.Aspnet.Identity.Core

This package contains the core interfaces of ASP.NET Identity.Microsoft.Aspnet.Identity.EntityFramework

This package contains the implementation of ASP.NET Identity System which works with Entity Framework Code First. This means that if we use this package then we can store information in a SQL Server database. Also we can easily plug other databases if we
wanted.and then updated your IDE

Secondly,Enable Entity Framework Code First Database Migrations.Thirdly,Add new properties

Fourthly,Add New Migration

Fifthly,Update RegisterViewModel

and then Update Register View Page and Update Account Controller’s Register action (Post Version)

Details information:

#Customize User’s Profile in ASP.NET Identity System

http://www.itorian.com/2013/11/customize-users-profile-in-aspnet.html

Hope this can be helpful.

Best Regards.

Eileen

[RESOLVED]MVC Tutorials removed from website

December 4, 2014OAuth, PDF, Post, Table, View, Web FormsOAuth, PDF, Post, Table, View, Web Formsadmin

Hello ! this week i got started with the Microsoft MVC. I was doing the movie store tutorial under the MVC4 tutorial pages and today when i was gonna continue the tutorial has been removed. All MVC tutorials are gone from the tutorials page of microsoft
MVC. Does anyone have a PDF or something with the tuts ? I woud like to complete the MvcMovie (MVC 4 tutorial),

Regards.

EDIT: I have found a PDF with the tutorial. (I dont know about posting links so if anybody needs it just google "mvc movie tutorial pdf" its the first link), shame on me, i should’ve searched the google before posting here.

Hi,

My suggestion, use the following site:

http://www.asp.net/mvc/overview/getting-started/introduction/getting-started,

If you need to learn MVC, do not waste your time learn MVC4. Go direct to MVC 5. MVC 6 is coming next year, but MVC 5 still good to learn. Here a free video :

http://pluralsight.com/training/Player?author=scott-allen&name=aspdotnet-mvc5-fundamentals-m1-introduction&mode=live&clip=0&course=aspdotnet-mvc5-fundamentals

Have fun

Hi,

Going forward, please post the link broken in feedback section of the forums.

http://forums.asp.net/188.aspx/1?Feedback+on+this+website

EDIT:

Notes from Terry:

We have consolidated the "Overview" and "Tutorials" areas into one "Guidance" area for MVC. There will be redirects to the new locations put up within the next day. You can see the old and new URLs here: http://forums.asp.net/t/2014539.aspx?ASP+NET+MVC+Content+Reorganization+10+23+2014

The content can be found under http://www.asp.net/mvc/overview. The tutorial you are looking for is now here: http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

I apologize for any inconvenience.

As the problem is now resolved, please look for any content in the latest urls.

Old and new links table announcement:

http://forums.asp.net/t/2014539.aspx?ASP+NET+MVC+Content+Reorganization+10+23+2014

Regards

Siva

[RESOLVED]PPage Removed from site: MVC 5 OAuth tutorial

December 4, 2014OAuth, Post, Table, View, Web FormsOAuth, Post, Table, View, Web Formsadmin

This site page seems to be removed

http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on#goog

Hi,

There looks to be few more threads regarding tutorial links broken. Please post the link broken in feedback section of the forums.

http://forums.asp.net/188.aspx/1?Feedback+on+this+website

Regards

Siva

Hi,

It seems that it that site merged to this site:

http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

Best Regards

Starain

Notes from Terry on Feedback forums section:

I apologize for any inconvenience.

So, please look into the latest urls for the content.

Old and new links table announcement:

http://forums.asp.net/t/2014539.aspx?ASP+NET+MVC+Content+Reorganization+10+23+2014

[RESOLVED]MVC 5 Owin 3rd party login fails after a while on Azure until website is restarted

December 4, 2014Login, Nuget, OAuth, Post, View, Web FormsLogin, Nuget, OAuth, Post, View, Web Formsadmin

Hi,

As per the subject above, we have an ASP.NET MVC 5 application deployed on Azure Websites where the 3rd party Google and Facebook logins work absolutely fine and then fail after about one day (or sometimes two days). The period seems to differ, but the pattern
is always the same.

This only happens on Azure and not locally. When it fails, both Google AND Facebook login fails, restarting the website make it work again.

The code where it fails is the following:

public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
if (loginInfo == null) // fails here where loginInfo is null
{
return RedirectToAction("Login");
}

When it fails, we seeem to get the external token OK and the external cookie is set OK, it is just when trying to get info for application cookie (internal asp.net identity) that it fails.

Any idea how to overcome this issue?

Thanks in advance

Hi,

Please try to use the newest package and try again.

# Microsoft WebPages OAuth library 3.2.2

https://www.nuget.org/packages/Microsoft.AspNet.WebPages.OAuth/

On the other hand, please try it with a new project.

Best Regards

Starain

Thanks, but we are already using the latest OAuth library 3.0.0 with the latest 3.2.2 MVC template.

We will however create a new blank project and compare that with our project just in case.

The other weird thing is that it seems to work fine in staging on mywebsite.azurewebsites.com but only fails on the live site which runs under our own domain. We are trying to find out what is different between staging and live other than the fact that live
is running under a real domain name.

Both staging and live run under SSL, although not sure that is relevant. I might pose a question on the Azure Websites forum as well.

Posted on the Azure Websites forum as well (I don’t seem to be able to create a link here as yet):

https://social.msdn.microsoft.com/Forums/azure/en-US/61a60b00-7826-4b54-aa35-2e99f4d4087c/mvc-5-owin-3rd-party-login-fails-after-a-while-on-azure-until-website-is-restarted?forum=windowsazurewebsitespreview

May be you are missing web.config settings. See this sample for guidance,

https://github.com/tjoudeh/AngularJSAuthentication

the only reason why it would fail after a while in my opinion would be that your cookies aren’t cleared set a clearcookies on your login page and try again.

if this fixes your problem then it’s all about session. sessionid that’s saved in the cookie and it tries to retrieve it upon revisit of the website while the session has already been reset and returns a null value as session so logininfo would be null in
that case

how to customize my MVC project to support oAuth

December 4, 2014Api, OAuth, View, Web FormsApi, OAuth, View, Web Formsadmin

I have learned oAuth2.0 with Google, Facebook, twitter…

I want to be able to secure my web API’s that I build in my MVC 5 project . how do I do that?how do I create the app for the web APi if im following the tutorials as mentioned by let’s say google.is there is something like that.

for example the web API for getting the products on the asp.net tutorial, how can I support the oAuth2.0 for that?

did you looknat tutorials?

http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

ignatandrei

did you looknat tutorials?

http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

ofcourse I did but I really got lost , this tutorials teaches me how to get the id and secret from applications for facebook and stuff like that, what about my APP and where is the ACS in azure playing role.I’m really lost and need help. what does the ACS
have to do?where do I use OAuth in my MVC application?

so many questions and very few documentation.all documents concerning this issue are about the same topic facebook and google

can you help?

lolo512

really got lost , this tutorials teaches me how to get the id and secret from applications for facebook and stuff like that, what about my APP and where is the ACS in azure playing role

I do not understand why you mention ACS in Azure. What’s that?
More, what problems did you have with tutorials? Try to reproduce on your PC and tell the error

[RESOLVED]Asp.net wep api with angular js

December 4, 2014Api, Login, OAuth, Post, Web FormsApi, Login, OAuth, Post, Web Formsadmin

Hi,

I have two projects, one is asp.net web api and another is angular js. And I want to use token based authentication in api. Now my question is how angular project will connect with api, and where and how to save token in angular project.

normally the token will be stored in a cookie, but if its a SPA, it may be a javascript variable, and passed as a custom header or parameter. a common approach is calling the webapi with credentials, and getting back a token. but if you are using oauth (separate
login server), then the token usually is stored in a cookie.

Hi shakimran,

Thanks for your post.

According to your description,

shakimran

Now my question is how angular project will connect with api, and where and how to save token in angular project.

I think store the generated token in client local storage so this token can be sent with each request to access secure resources on the back-end API

The best way to store this token is to use AngularJS module named “angular-local-storage” which gives access to the browsers local storage with cookie
fallback if you are using old browser, so I will depend on this module to store the token .please check this:

#AngularJS Token Authentication using ASP.NET Web API 2, Owin, and Identity

http://www.codeproject.com/Articles/784106/AngularJS-Token-Authentication-using-ASP-NET-Web-A

More information:

#CRUD with SPA, ASP.NET Web API and Angular.js

http://www.codeproject.com/Articles/832288/CRUD-with-SPA-ASP-NET-Web-API-and-Angular-js

Hope this can be helpful.

Best Regards,

Eileen

Hi,

I have implemented your link example and it works fine. But when I am going to do fluent api, it gives 500 error and it says "Cross-Origin Request Blocked: The Same Origin Policy
disallows reading the remote resource at http://localhost:81/token. This can be fixed by moving the resource to the same domain or enabling CORS".

public class TaskApiContext : DbContext
    {
        public TaskApiContext()
            : base("TaskApiContext")
        {
        }
        protected override void OnModelCreating(DbModelBuilder modelBuilder)
        {
        }
    }

If I remove OnModelCreating method then it’s OK.

Passing display=touch to Facebook OAuth with Microsoft OWIN

December 4, 2014Authorization, Login, OAuth, View, Web FormsAuthorization, Login, OAuth, View, Web Formsadmin

I have an ASP.NET MVC5 app which I have configured for Facebook OAuth 2 login using the ASP.NET OWIN authentication model that ships with this version of MVC.

I want to tell Facebook to optimize its login page for touch-based devices. Facebook documentation says I should be able to do this by adding a display=touch parameter to the query string we pass to Facebook when we kick off the OAuth flow. (see https://developers.facebook.com/docs/reference/dialogs/oauth/)

This ought to be a simple thing to do, but I am at a total loss about how to go about customizing the various OWIN middleware classes to add this parameter.

How do I customize the OWIN auth flow to modify the Facebook OAuth URL?

Hi hboxx,

You may refer to these articles below:

# OWIN OAuth 2.0 Authorization Server

http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

# Creating Custom OAuth Middleware for MVC 5

https://www.simple-talk.com/dotnet/.net-framework/creating-custom-oauth-middleware-for-mvc-5/

Best Regards

Starain

securing web API using oAuth 2 and azure ACS

December 4, 2014Api, Authorization, OAuth, View, Web FormsApi, Authorization, OAuth, View, Web Formsadmin

I have read lots of tutorials about securing web API’s using oAuth2. I have also created the ACS in the azure. but still I don’t understand what does the ACS have to do with securing web API’s. I find this tutorial supportive http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server but
don’t know where the ACS role is supposed to be. I need to understand the process step by step what is supposed to happen to secure the web API.

can anyone please support me with information?

ACS has some support for producing tokens, but ACS is being deprecated by Microsoft, so I’d suggest to not develop anything new using it.

I’m obliged to use ACS my task is to secure my web API’s through oAuth2 using ACS. I should generate my own registration server. but i’m missing the flow I don’t know what to do so little documentation about the subject

Hi lolo512,

Please take a look at this article below:

# ACS v2 OAuth 2.0 Delegation Support Explained

http://blogs.msdn.com/b/adventurousidentity/archive/2011/09/18/acs-v2-oauth-2-0-delegation-support-explained.aspx

Best Regards

Starain

[RESOLVED]secure my WEB API with oAuth2 using ACS

December 4, 2014Api, HTML, OAuth, Web FormsApi, HTML, OAuth, Web Formsadmin

I have built my MVC 5 project and the web api project as well, published both on azure and all working fine.now I want to secure my web api with oAuth2 using ACS on azure. I have followed step by step the tutorial for that:

https://github.com/maartenba/WindowsAzure.Acs.Oauth2/blob/master/README.md#windows-azure-access-control-settings

and when running I’m having this error:

the AcsAuthenticationModule could not be registered for your application.Remove the AppStart_OAuth2API.cs file from your project and add the following entry under the system.webServer.httpModules section in the web.config:<add name=…../>

Ineed to know what is going wrong. I have tried the above but still shows an error that the path s missing

Hi,

If you would like to register module dynamically, you can try using
PreApplicationStartMethod attribute.

For more information, please refer to the document:

#Register your HTTP modules at runtime without config

http://blog.davidebbo.com/2011/02/register-your-http-modules-at-runtime.html

#Three Hidden Extensibility Gems in ASP.NET 4

http://haacked.com/archive/2010/05/16/three-hidden-extensibility-gems-in-asp-net-4.aspx/

Explicitly token validation

December 3, 2014AJAX, Api, Authorization, Jquery, OAuth, Web FormsAJAX, Api, Authorization, Jquery, OAuth, Web Formsadmin

Hi,

I am doing an Asp.net web Api 2 project and I am using OAuth. Now I am able to generate token and send it to client. Now I am want to send that token to server from client using jQuery ajax call and validated that token
explicitly and get user information. I am not using asp.net identity.

Code

public class UserModel
    {
        public string UserName { get; set; }
        public string Password { get; set; }
        public string ConfirmPassword { get; set; }
    }

public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
            ConfigureOAuth(app);
            HttpConfiguration config = new HttpConfiguration();
            WebApiConfig.Register(config);
            app.UseWebApi(config);
        }

        public void ConfigureOAuth(IAppBuilder app)
        {
            OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString("/token"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new SimpleAuthorizationServerProvider()
            };

            // Token Generation
            app.UseOAuthAuthorizationServer(OAuthServerOptions);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

}
}

public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
    {
        public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            // Resource owner password credentials does not provide a client ID.
            if (context.ClientId == null)
            {
                context.Validated();
            }

return Task.FromResult<object>(null);
}

        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            using (AuthRepository _repo = new AuthRepository())
            {
                var user = _repo.FindUser(context.UserName, context.Password);

                if (user == null)
                {
                    context.SetError("invalid_grant", "The user name or password is incorrect.");
                    return;
                }
            }

            var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim("sub", context.UserName));
            identity.AddClaim(new Claim("role", "user"));

context.Validated(identity);

}
}

Hi shakimran,

You may refer to this article:

http://mvcdiary.com/2013/03/01/how-oauthsecurity-to-obtain-emails-for-different-oauth-clients-but-microsoft-client-doesnt-return-email-it-didnt-include-scope-wl-emails/

Best Regards

Starain

Asp Forum

It is about ASP.NET

Tag Archives: OAuth

[RESOLVED]Adding a new field in Register Page.Storing Data in DataBase

[RESOLVED]MVC Tutorials removed from website

[RESOLVED]PPage Removed from site: MVC 5 OAuth tutorial

how to customize my MVC project to support oAuth

ignatandrei

lolo512

securing web API using oAuth 2 and azure ACS

[RESOLVED]secure my WEB API with oAuth2 using ACS

Explicitly token validation