locked
ApplicationOAuthProvider integrated with ASP.Net membership RRS feed

  • Question

  • User-2085019742 posted

    I have an extensive Web site written using MVC 4 and using ASP.Net membership for authentication (aspnet_Membership, aspnet_Users tables etc.).

    I want to add on a gateway for mobile apps that use OAuth tokens as implemented in Visual Studio 2013 / MVC 5 using the OAuth support when using the Web API controller.

    This will be a separate site but I want to access the user credentials in the ASP.Net membership tables.

    The ApplicationOAuthProvider uses the new ASP.Net Identity framework.

    Is there any way I can make the GrantResourceOwnerCredentials use the old the ASP.Net membership framework ?

    Wednesday, February 11, 2015 10:48 AM

Answers

  • User-2085019742 posted

    OK I have got something working.

    I still have some tidying up to do but what I have done is

    1) Overwrite ApplicationUserManager:FindAsync in IndentityConfig.cs

    2) Verify the user entry in the old aspnet_User and aspnet_Membership tables.

    3) This requires being able to reproduce the old password hashing algorithm (luckly in my case we were using a bespoke function so I had the code)

    4) The problem I had is that although I had verified the incoming user an ApplicationUser the generation of the token by the rest of the Identity framework expects an entry in the new AspMembership table.

    5) I have got around this using an SQL script to duplicate the users from the old Membership tables in the new Identity table. 

    6) I am going see if I can create these entries on the fly as part of the verification of the incoming call.

    Hope this information helps.

    - Graham (Wright)

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, February 14, 2015 10:43 AM

All replies

  • User-734925760 posted

    Hi,

    So far as I know, to authenticate users with credentials from an external provider, you must register your web site with the provider. When you register your site, you will receive the parameters (such as key or id, and secret) to include when registering the client.

    For more information about using ApplicationOAuthProvider , please refer to the link below:

    http://www.asp.net/mvc/overview/older-versions/using-oauth-providers-with-mvc

    Hope it's useful for you.

    Best Regards,

    Michelle Ge

    Thursday, February 12, 2015 11:05 PM
  • User-2085019742 posted

    Thanks for your response but I don't want to authenticate against an external OAuth provider (this is well documented, including the URL you supplied).

    I want to authenticate against my old Asp.Net Membership database but feed this into the new Asp.Net Identity framework so I can support token authentication for use in mobile apps. This is poorly documented and the example at https://code.msdn.microsoft.com/Simple-Aspnet-Identiy-Core-7475a961 does not work

    Thursday, February 12, 2015 11:17 PM
  • User1470014404 posted

    Precisely what i am also trying to do.

    Have a new MVC5 app - added an ApiController to it, now want a remote app to be able to send authentication tokens, but ALL the code I have seen says post the grant-password request to /token.

    BUT in MVC5 /Token doesn't get defined in Startup.Auth - like ALL the examples show it as.

    Driving me nuts - it 'should' be such an integral part of MVC5 :-((.

    Anybody shed some light please ???.

    All the example code I can find seems to be irrelevant for use with MVC5 :-(( - its all completely different and the MVC5 templates generated are so full of cookies, google, facebook and everything BUT OAuth :-((.

    There are examples which say MVC5 has made OAuth easy - hah - you must be joking......

    BR

    Graham

    Friday, February 13, 2015 2:12 PM
  • User-2085019742 posted

    OK I have got something working.

    I still have some tidying up to do but what I have done is

    1) Overwrite ApplicationUserManager:FindAsync in IndentityConfig.cs

    2) Verify the user entry in the old aspnet_User and aspnet_Membership tables.

    3) This requires being able to reproduce the old password hashing algorithm (luckly in my case we were using a bespoke function so I had the code)

    4) The problem I had is that although I had verified the incoming user an ApplicationUser the generation of the token by the rest of the Identity framework expects an entry in the new AspMembership table.

    5) I have got around this using an SQL script to duplicate the users from the old Membership tables in the new Identity table. 

    6) I am going see if I can create these entries on the fly as part of the verification of the incoming call.

    Hope this information helps.

    - Graham (Wright)

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Saturday, February 14, 2015 10:43 AM
  • User-2085019742 posted

    Point 4 should say "and created an ApplicationUser, "

    Saturday, February 14, 2015 10:45 AM