asp.net-identity - w3toppers.com

How to access Facebook private information by using ASP.NET Identity (OWIN)?

Create a new Microsoft.Owin.Security.Facebook.AuthenticationOptions object in Startup.ConfigureAuth (StartupAuth.cs), passing it the FacebookAppId, FacebookAppSecret, and a new AuthenticationProvider. You will use a lambda expression to pass the OnAuthenticated method some code to add Claims to the identity which contain the values you extract from context.Identity. This will include access_token by default. You must add email to … Read more

How to implement custom authentication in ASP.NET MVC 5

Yes, you can. Authentication and Authorization parts work independently. If you have your own authentication service you can just use OWIN’s authorization part. Consider you already have a UserManager which validates username and password. Therefore you can write the following code in your post back login action: [HttpPost] public ActionResult Login(string username, string password) { … Read more

What is the claims in ASP .NET Identity

what does claim mechanism means in new ASP.NET Identity Core? There are two common authorization approaches that are based on Role and Claim. Role-Based Security A user gets assigned to one or more roles through which the user gets access rights. Also, by assigning a user to a role, the user immediately gets all the … Read more

What is the advantage of using async with MVC5?

The async actions are useful only when you are performing I/O bound operations such as remote server calls. The benefit of the async call is that during the I/O operation, no ASP.NET worker thread is being used. So here’s how the first example works: When a request hits the action, ASP.NET takes a thread from … Read more

The entity type ‘Microsoft.AspNet.Identity.EntityFramework.IdentityUserLogin’ requires a key to be defined

Basically the keys of Identity tables are mapped in OnModelCreating method of IdentityDbContext and if this method is not called, you will end up getting the error that you got. This method is not called if you derive from IdentityDbContext and provide your own definition of OnModelCreating as you did in your code. With this … Read more

Prevent multiple logins

The solution is somewhat more simple than you have started implementing. But the idea is the same: every time user logs in, change their security stamp. And this will invalidate all other login sessions. Thus will teach users not to share their password. I have just created a new MVC5 application from standard VS2013 template … Read more

How to change type of id in Microsoft.AspNet.Identity.EntityFramework.IdentityUser

Using a Stefan Cebulak‘s answer and a Ben Foster’s great blog article ASP.NET Identity Stripped Bare I have came up with below solution, which I have applied to ASP.NET Identity 2.0 with a generated by Visual Studio 2013 AccountController. The solution uses an integer as a primary key for users and also allows to get … Read more

ASP.NET Web API 2: How do I log in with external authentication services?

I had the same problem today and found the following solution: At first get all available providers GET /api/Account/ExternalLogins?returnUrl=%2F&generateState=true The response message is a list in json format [{“name”:”Facebook”, “url”:”/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A15359%2F&state=QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1″, “state”:”QotufgXRptkAfJvcthIOWBnGZydgVkZWsx8YrQepeDk1″}] Now send a GET request to the url of the provider you want to use. You will be redirected to the login page of … Read more

OWIN Security – How to Implement OAuth2 Refresh Tokens

Just implemented my OWIN Service with Bearer (called access_token in the following) and Refresh Tokens. My insight into this is that you can use different flows. So it depends on the flow you want to use how you set your access_token and refresh_token expiration times. I will describe two flows A and B in the … Read more

How do I use ASP.NET Identity 2.0 to allow a user to impersonate another user?

I’ve found a solution to this problem. Basically I add claim with admin username, if this claim exists, I know that impersonation is happening. When admin wants to stop impersonation, system retrieves original username for the claims, deletes old impersonated-cookie and creates a new cookie for the admin: [AuthenticateAdmin] // <- make sure this endpoint … Read more