Geek Answers Handbook

Facebook login using bearer token (MVC4 Web Api)

I am trying to embed a facebook login using a token. I created a new project in VS 2013 and selected individual user account authentication, as in this tutorial http://www.asp.net/web-api/overview/security/external-authentication-services .

I configured facebook authentication:

app.UseFacebookAuthentication( appId: "123[...]", appSecret: "123[...]");

And everything is working fine.

My testing method:

 [OverrideAuthentication] [HostAuthentication(DefaultAuthenticationTypes.ExternalBearer)] [Route("ExternalLogin2", Name = "ExternalLogin2")] public async Task<IHttpActionResult> GetExternalLogin2() { ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity); return Ok(); }

I do not understand how [HostAuthentication (DefaultAuthenticationTypes.ExternalBearer)] works.

I call the GET request in a script:

 GET http://localhost:17353/api/Account/ExternalLogin2 HTTP/1.1 Authorization: Bearer [my facebook token] Content-Length: 28 Host: localhost:17353

But I get the result 401.

What should I do for authentication with an external media token?

+7
authentication asp.net-mvc asp.net-web-api owin
source share
1 answer

I did not find a solution to this problem. But I solved the problem differently. I added the X-Facebook-Token HTTP header and passed it there. In the overridden GrantResourceOwnerCredentials (context) OAuthAuthorizationServerProvider method, I caught the token from the context .Request.Headers ["X-Facebook-Token"].

 string facebookToken = context.Request.Headers["X-Facebook-Token"]; if (facebookToken == null) { context.SetError("invalid_grant", "Facebook token was not found in X-Facebook-Token header."); return; } dynamic facebookUser; if (!FacebookUtil.TryGetUser(facebookToken, out facebookUser)) { context.SetError("invalid_grant", "Facebook token is incorrect."); return; }

On FacebookUtil.TryGetUser (), I used the Facebook library http://www.nuget.org/packages/facebook

 public static bool TryGetUser(string facebookToken, out dynamic user) { var facebookClient = new FacebookClient(facebookToken) { AppId = AppSettings.FacebookAppId, AppSecret = AppSettings.FacebookAppSecret }; try { user = facebookClient.Get("me"); return true; } catch (Exception) { user = null; return false; } }
+1
source share

More articles:


All Articles