locked
Consuming Facebook authentication in Web API RRS feed

  • Question

  • User-478662262 posted

    Hi. I am trying to implement Facebook authentication in a Web API project which will be used by mobile clients. There will be no local login.

    I followed the steps explained here to create the project using Visual Studio's Web API template. I already have Facebook app Id&secret, I set OAuth redirect URI on Facebook's panel and I set the Id&secret in the Startup.Auth.cs file:

    app.UseFacebookAuthentication(
        appId: "***",
        appSecret: "***");

    Then I created a LocalDB database and set the web.config DefaultConnection string: <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=webapidb;Integrated Security=True;Pooling=False" providerName="System.Data.SqlClient" />

    When I run the project, I can use Account.GetExternalLogin (https://localhost:44302/api/account/externallogin/?provider=Facebook) method with GET to initiate login. I am redirected to Facebook's consent page, then when I am redirected back to GetExternalLogin, I can see that the method's "error" parameter is null. I also added a watch on the User.Identity.IsAuthenticated and it evaluates to true inside the method.

    Up to now everything is as expected.

    But once GetExternalLogin method completes, I try to invoke any [Authenticate]-decorated method (https://localhost:44302/api/values/3) and I get HTTP401 Unauthorized error.

    One more thing is that when I open AspNetUsers table there are no records, I was expecting to see my Facebook user name saved here.

    Could you please explain how the authentication mechanism should be consumed by the clients and what should be done to have the user Id and name saved to the database?

    Thanks!

    Friday, May 20, 2016 3:43 PM

Answers