I might be a little late to the party, so I wasn’t aware on how to do this. Nobody wants to create yet ANOTHER login when they go to your site. So, a common trend is to be able to login to a new website that you are visiting, using credentials from common places such as: Facebook, Twitter, Google, and Microsoft. Not only is this convenient – it’s much more secure, assuming that these big companies don’t get their user stores hacked!
OK, so how do you do this? I mean, most of these services use OAuth, so you probably have to have a deep understanding of that, right? Well, you should have a basic understanding – but even that isn’t necessary! If you have Visual Studio 2012, you have this ability baked right into the templates!
Create a new MVC 4 website, using the Internet template:
Next, open up ~App_StartAuthConfig.cs (or .vb):
In there, you literally just un-comment what services you want to enable:
Now, the link to that page (http://go.microsoft.com/fwlink/?LinkID=252166) has a TREMENDOUS amount of good information, and links to each provider. You need to “register” your app with each oAuth provider and get the key and secret for each, and paste them into this file. For your convenience, here are the links on where to register your app, so that you can use that website as an OAuth provider:
- Microsoft – https://manage.dev.live.com
- Facebook – https://developers.facebook.com/apps
- Twitter – https://dev.twitter.com/apps
- LinkedIn – https://www.linkedin.com/secure/developer
- Yahoo! – http://developer.yahoo.com/oauth/
Google uses OpenID and authorizes the app on the fly, so for that you don’t pre-register your app. And yes, that OAuthWebSecurity class you reference in that AuthConfig class has methods for .RegisterLinkedInClient() and .RegisterYahooClient()
As far as success, I haven’t tried all of them, but here’s what found:
- Microsoft – didn’t work because it thought the redirect URI wasn’t valid. When I registered an app, I put a bogus URL because it must have SOMEthing, but apparently that didn’t work.
- Twitter – didn’t work, I get an unhandled ProtocolException of “Error occurred while sending a direct message or getting the response.”. I haven’t researched this further.
- Facebook – worked right away.
- Google – worked right away.
- LinkedIn – didn’t try yet.
- Yahoo! – didn’t try yet.