ASP.NET Web Pages to includes support for OAuth and OpenID providers. Using these providers, you can let users log into your site using their existing credentials from Facebook, Twitter, Windows Live, Google, and Yahoo. For example, to log in using a Facebook account, users can just choose a Facebook icon, which redirects them to the Facebook login page where they enter their user information. They can then associate the Facebook login with their account on your site. A related enhancement to the Web Pages membership features is that users can associate multiple logins (including logins from social networking sites) with a single account on your website.
This image shows the Login page from the Starter Site template, where a user can choose a Facebook, Twitter, or Windows Live icon to enable logging in with an external account:
You can enable OAuth and OpenID membership using just a few lines of code. The methods and properties you use to work with the OAuth and OpenID providers are in the
WebMatrix.Security.OAuthWebSecurity
class.
However, instead of using code to enable logins from other sites, a recommended way to get started with the new providers is to use the new Starter Site template that is included with WebMatrix 2. The Starter Site template includes a full membership infrastructure, complete with a login page, a membership database, and all the code you need to let users log into your site using either local credentials or those from another site.
This section provides an example of how to let users log in from external sites (Facebook, Twitter, Windows Live, Google, or Yahoo) to a site that's based on the Starter Site template. After creating a starter site, you do this (details follow):
- For the sites that use an OAuth provider (Facebook, Twitter, and Windows Live), you create an application on the external site. This gives you application keys that you'll need in order to invoke the login feature for those sites.
- For sites that use an OpenID provider (Google, Yahoo), you do not have to create an application. For all of these sites, you must have an account in order to log in and to create developer applications.Note Windows Live applications only accept a live URL for a working website, so you cannot use a local website URL for testing logins.
- Edit a few files in your website in order to specify the appropriate authentication provider and to submit a login to the site you want to use.
Enabling Google and Yahoo Logins
- Create or open an ASP.NET Web Pages site that's based on the WebMatrix Starter Site template.
- In your website, edit the _AppStart.cshtml page and add the following two lines of code in the Razor code block after the call to the
WebSecurity.InitializeDatabaseConnection
method. This code enables both the Google and Yahoo OpenID providers.OAuthWebSecurity.RegisterOpenIDClient(BuiltInOpenIDClient.Google); OAuthWebSecurity.RegisterOpenIDClient(BuiltInOpenIDClient.Yahoo);
- In the ~/Account/Login.cshtml page, remove the comments from the following
<fieldset>
block of markup near the end of the page. To uncomment the code, remove the@*
characters that precede and follow the<fieldset>
block. The resulting code block looks like this:<fieldset> <legend>Log in using another service</legend> <input type="submit" name="provider" id="facebook" value="Facebook" title="Log in using your Facebook account." /> <input type="submit" name="provider" id="twitter" value="Twitter" title="Log in using your Twitter account." /> <input type="submit" name="provider" id="windowsLive" value="WindowsLive" title="Log in using your Windows Live account." /> </fieldset>
- Add an
<input>
element for the Google or Yahoo provider to the<fieldset>
group in the~/Account/Login.cshtml page. The updated<fieldset>
group with<input>
elements for both Google and Yahoo looks like the following example: - In the ~/Account/AssociateServiceAccount.cshtml page, add
<input>
elements for Google or Yahoo to the<fieldset>
group near the end of the file. You can copy the same<input>
elements that you just added to the<fieldset>
section in the ~/Account/Login.cshtml page.The ~/Account/AssociateServiceAccount.cshtml page in the Starter Site template can be used if you want to create a page on which users can associate multiple logins from other sites with a single account on your website.
<fieldset> <legend>Log in using another service</legend> <input type="submit" name="provider" id="facebook" value="Facebook" title="Log in using your Facebook account." /> <input type="submit" name="provider" id="twitter" value="Twitter" title="Log in using your Twitter account." /> <input type="submit" name="provider" id="windowsLive" value="WindowsLive" title="Log in using your Windows Live account." /> <input type="submit" name="provider" id="yahoo" value="Yahoo" title="Log in using your Yahoo account." /> <input type="submit" name="provider" id="google" value="Google" title="Log in using your Google account." /> </fieldset>
Testing Google and Yahoo login
- Run the default.cshtml page of your site and choose the Log in button.
- On the Login page, in the Use another service to log in section, choose either the Google or Yahoo submit button. This example uses the Google login.The web page redirects the request to the Google login page.
- Enter credentials for an existing Google account.
- If Google asks you whether you want to allow Localhost to use information from the account, click Allow.The code uses the Google token to authenticate the user, and then returns to this page on your website. This page lets users associate their Google login with an existing account on your website, or they can register a new account on your site to associate the external login with.
- Choose the Associate button. The browser returns to your application's home page.
Enabling Facebook Logins
- Go to the Facebook developers site (log in if you're not already logged in).
- Choose the Create New App button, and then follow the prompts to name and create the new application.
- In the section Select how your app will integrate with Facebook, choose the Website section.
- Fill in the Site URL field with the URL of your site (for example, http://www.example.com). The Domain field is optional; you can use this to provide authentication for an entire domain (such as example.com).Note If you are running a site on your local computer with a URL likehttp://localhost:12345 (where the number is a local port number), you can add this value to the Site URL field for testing your site. However, any time the port number of your local site changes, you will need to update the Site URL field of your application.
- Choose the Save Changes button.
- Choose the Apps tab again, and then view the start page for your application.
- Copy the App ID and App Secret values for your application and paste them into a temporary text file. You will pass these values to the Facebook provider in your website code.
- Exit the Facebook developer site.
Now you make changes to two pages in your website so that users will able to log into the site using their Facebook accounts.
- Create or open an ASP.NET Web Pages site that's based on the WebMatrix Starter Site template.
- In your website, edit the _AppStart.cshtml page and uncomment the code for the Facebook OAuth provider. The uncommented code block looks like the following:
OAuthWebSecurity.RegisterOAuthClient( BuiltInOAuthClient.Facebook, consumerKey: "", // for Facebook, consumerKey is called AppID in the SDK consumerSecret: "");
- Copy the App ID value from the Facebook application as the value of the
consumerKey
parameter (inside the quotation marks). - Copy App Secret value from the Facebook application as the
consumerSecret
parameter value. - Save and close the file.
- Edit the ~/Account/Login.cshtml page and remove the comments from the
<fieldset>
block near the end of the page. To uncomment the code, remove the@*
characters that precede and follow the<fieldset>
block. The code block with comments removed looks like the following:<fieldset> <legend>Log in using another service</legend> <input type="submit" name="provider" id="facebook" value="Facebook" title="Log in using your Facebook account." /> <input type="submit" name="provider" id="twitter" value="Twitter" title="Log in using your Twitter account." /> <input type="submit" name="provider" id="windowsLive" value="WindowsLive" title="Log in using your Windows Live account." /> </fieldset>
- Save and close the file.
Testing Facebook login
- Run the site's default.cshtml page and choose the Login button.
- On the Login page, in the Use another service to log in section, choose the Facebook icon.The web page redirects the request to the Facebook login page.
- Log into a Facebook account.The code uses the Facebook token to authenticate you and then returns to a page where you can associate your Facebook login with your site's login. Your user name or email address is filled into the Email field on the form.
- Choose the Associate button.The browser returns to the home page and you are logged in.
Enabling Twitter Logins
- Browse to the Twitter developers site.
- Choose the Create an App link and then log into the site.
- On the Create an Application form, fill in the Name and Description fields.
- In the WebSite field, enter the URL of your site (for example, http://www.example.com).Note If you're testing your site locally (using a URL like http://localhost:12345), Twitter might not accept the URL. However, you might be able to use the local loopback IP address (for example http://127.0.0.1:12345). This simplifies the process of testing your application locally. However, every time the port number of your local site changes, you'll need to update the WebSite field of your application.
- In the Callback URL field, enter a URL for the page in your website that you want users to return to after logging into Twitter. For example, to send users to the home page of the Starter Site (which will recognize their logged-in status), enter the same URL that you entered in the WebSite field.
- Accept the terms and choose the Create your Twitter application button.
- On the My Applications landing page, choose the application you created.
- On the Details tab, scroll to the bottom and choose the Create My Access Token button.
- On the Details tab, copy the Consumer Key and Consumer Secret values for your application and paste them into a temporary text file. You'll pass these values to the Twitter provider in your website code.
- Exit the Twitter site.
Now you make changes to two pages in your website so that users will be able to log into the site using their Twitter accounts.
- Create or open an ASP.NET Web Pages site that's based on the WebMatrix Starter Site template.
- In your website, edit the _AppStart.cshtml page and uncomment the code for the Twitter OAuth provider. The uncommented code block looks like this:
OAuthWebSecurity.RegisterOAuthClient( BuiltInOAuthClient.Twitter, consumerKey: "", consumerSecret: "");
- Copy the Consumer Key value from the Twitter application as the value of the
consumerKey
parameter (inside the quotation marks). - Copy the Consumer Secret value from the Twitter application as the value of the
consumerSecret
parameter. - Save and close the file.
- Edit the ~/Account/Login.cshtml page and remove the comments from the
<fieldset>
block near the end of the page. To uncomment the code, remove the@*
characters that precede and follow the<fieldset>
block. The code block with comments removed looks like the following:<fieldset> <legend>Log in using another service</legend> <input type="submit" name="provider" id="facebook" value="Facebook" title="Log in using your Facebook account." /> <input type="submit" name="provider" id="twitter" value="Twitter" title="Log in using your Twitter account." /> <input type="submit" name="provider" id="windowsLive" value="WindowsLive" title="Log in using your Windows Live account." /> </fieldset>
- Save and close the file.
Testing Twitter login
- Run the default.cshtml page of your site and choose the Login button.
- On the Login page, in the Use another service to log in section, choose the Twitter icon.The web page redirects the request to a Twitter login page for the application you created.
- Log into a Twitter account.
- The code uses the Twitter token to authenticate the user and then returns you to a page where you can associate your login with your website account. Your name or email address is filled into the Email field on the form.
- Choose the Associate button.The browser returns to the home page and you are logged in.