简体   繁体   中英

Facebook login using external bearer token (MVC4 Web Api)

I'm trying to implement facebook login using external bearer token. I created new project in VS 2013 and selected individual user account authentication like in this tulorial http://www.asp.net/web-api/overview/security/external-authentication-services .

I configured facebook authentication:

            appId: "123[...]",
            appSecret: "123[...]");

And all work fine.

My test method:

[Route("ExternalLogin2", Name = "ExternalLogin2")]
public async Task<IHttpActionResult> GetExternalLogin2()
    ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
    return Ok();

I don't understand how [HostAuthentication(DefaultAuthenticationTypes.ExternalBearer)] works.

I invoke GET request in fiddler:

GET http://localhost:17353/api/Account/ExternalLogin2 HTTP/1.1
Authorization: Bearer [my facebook token]
Content-Length: 28
Host: localhost:17353

But I receive 401 result.

What I must do for authenticating by external bearer token?

I haven't found solution for this problem. But I solved task by another way. I added HTTP header X-Facebook-Token and passed it there. In overrided method GrantResourceOwnerCredentials(context) of OAuthAuthorizationServerProvider I caught the token from context.Request.Headers["X-Facebook-Token"].

string facebookToken = context.Request.Headers["X-Facebook-Token"];
if (facebookToken == null)
    context.SetError("invalid_grant", "Facebook token was not found in X-Facebook-Token header.");

dynamic facebookUser;
if (!FacebookUtil.TryGetUser(facebookToken, out facebookUser))
    context.SetError("invalid_grant", "Facebook token is incorrect.");

In FacebookUtil.TryGetUser() I used Facebook library http://www.nuget.org/packages/facebook

public static bool TryGetUser(string facebookToken, out dynamic user)
    var facebookClient = new FacebookClient(facebookToken)
        AppId = AppSettings.FacebookAppId,
        AppSecret = AppSettings.FacebookAppSecret

        user = facebookClient.Get("me");
        return true;
    catch (Exception)
        user = null;
        return false;

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM