This article explains the accessibility of OAuth 2.0 in the ASP.NET MVC 5 Web Application. We can use various types of external authentication providers like Facebook, Google, Microsoft and Twitter in MVC 5 applications to log in.
In the same context, I am very excited to describe that now you will not receive any type of SSL Certificate warnings when you enable SSL for the MVC application. Previously while enabling the SSL in the MVC application, the browser like IE, Chrome and Firefox showed a SSL Certificate warning. You can refer to Working with Facebook in MVC and check out in the Step 8 of Creating and Working with Facebook App as in the following screenshot:
So, let's develop the application to work with the external providers. Here I am also describing how to develop the app on Google and authenticating the MVC application by the app on Google. Please use the following procedure:
- Creating ASP.NET MVC 5 Web Application
- Enabling and Setting Up the SSL
Creating ASP.NET MVC 5 Web Application
In this section you will create the web application in the Visual Studio 2013 using the following procedure.
Step 1: Open Visual Studio 2013 and click on "New Project".
In this section you will create the web application in the Visual Studio 2013 using the following procedure.
Step 1: Open Visual Studio 2013 and click on "New Project".
Step 2: Select the ASP.NET Web Application and enter the application name.
Step 3: Select the MVC Project Template to develop the application.
Visual Studio automatically creates the MVC 5 application and you can execute the application by ressing Ctrl+ F5 or F5.
Enabling and Setting Up the SSL
We need to set up the IIS Express to use SSL to connect with the external authentication providers like Google and Facebook. It's important to contiinue using SSL after login and not drop back to HTTP, your login cookie is just as secret as your username and password and without using SSL you're sending it in clear-text across the wire.
Use the following procedure.
Step 1: In the Solution Explorer, select the application and press the F4 key.
Step 2: Enable the SSL Enabled option and copy the SSL URL.
Step 3: Now just right-click on the application and select the Properties option.
Step 4: Select the Web tab from the left pane, and paste the SSL URL into the Project URL box.
namespace MvcAuthenticationApp.Controllers
{
[RequireHttps]
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
Step 6: Now press Ctrl+F5 to run the application and follow the instructions to trust the self-signed certificate generated by IIS Express.
Step 7: After clicking on Yes, the Security Warning wizard opens and click Yes to install the certificate representing the localhost.
Step 8: Now, when you run the application using
Internet Explorer (IE), it shows the Home Page of the application and
there is no SSL warning.
Firefox will show the warning because, as I said earlier, Firefox uses its own certificate store, so it will display the warning.
Comments
Post a Comment