1

browsing in this website, i found some interesting suggestions. SocialAuth.net and DotNetOpenAuth.

i started using SocialAuth. It's very simple to use and it worked (i only tried with google so far thou). My only problem with this library is that it doesn't provide a way to retrieve the Contacts from the providers it offers without logging you in with the new (or latest) provider you requested the list of Contacts.

in other words, i MUST sing in my people with a local username and password for security reasons. BUT i would like to benefit from this library's feature of getting contacts from different providers. Thing is that it overrides my currently logged in user (using FormsAuthentication) for the Authentication Token sent by google.

Has anybody confronted this issue?

Does DotNetOpenAuth doesn't have this flaw? Thanks

Pepito Fernandez
  • 2,352
  • 6
  • 32
  • 47

2 Answers2

2

Are you sure you understand OAuth?

It could be that I misread your question, and to be honest I don't have any experience with socialAuth.net (will look into it). To me it seems like you think socialAuth.net requires you to login, I know this is not the fact in DotNetOpenAuth. Only place you need to login (if you aren't already) is the service you are connecting with (Twitter, Facebook, etc.)

Of course it could also be I just answered your question :D

Sjaak van der Heide
  • 566
  • 2
  • 6
  • 21
  • Hello Sjaak, thanks for the response. I haven't at all dealt with DotNetOpenAuth. In the other hand, SocialAuth pretty much, according to them, is an improved implementation of OAuth, etc, etc. Yes, i do know how these systems work. Now, all i want is to take advantage of secundaries features like retrieving contacts. Take Facebook as an example. You don't sign into Facebook using none of these providers, no. you use Facebook user and password. BUT you do use, within facebook, a feature to retrieve contacts from your emails so you add them to friends or invite them to fb. that's what i need. – Pepito Fernandez May 24 '12 at 14:36
1

Maybe you should check the last changes in source: http://code.google.com/p/socialauth-net/source/list

As you can see, in r320 it seems they have fixed this issue

Farlop
  • 690
  • 1
  • 6
  • 20
  • Yes, they did!!! i am ppcuban at that site. :) I submitted that Issue like a week ago or around the same date i posted it hee. – Pepito Fernandez May 30 '12 at 14:21
  • I'm trying this source code, but somehow it feels that is not enough, at least for my needs. If I specify a callback action (in SocialAuthUser.Login()) where I call to `FormsAuthentication.SetAuthCookie(userName,false);` to set my custom userName, this gets replaced by `FormsAuthentication.RedirectFromLoginPage(SessionManager.GetUserSessionGUID().ToString(), false)` performed in SetUserAsLoggedIn private function. I think it should also check for Response cookies. I think I'm going to open a new issue in project tracker. – Farlop May 31 '12 at 11:38
  • Farlop, that's a good point. I think the library is pretty good and delivers. It really does. Just a couple bugs that can be solved with our help. That's how products get better and better. feedback baby, feedback. – Pepito Fernandez May 31 '12 at 14:26
  • i think they should ignore from line 608 to 611 if i am handling authentication (in web.config their authentication to false and AuthenticationMode = Forms) i don't need extra code redirecting me or something if i have an Action callback where i can handle whatever i need. Since there is no documentation i can't really understand what's the purpose of that SetUserAsLoggedIn() if i am not using their authentication features. Specifically about your case, i would check if SessionManager.Callback is null, if not, execute it and ignore the nex 4 lines... if statements. What do you think? – Pepito Fernandez May 31 '12 at 15:34
  • SocialAuth.net 2.3.1 Enhancement-1 makes it possible to bypass setting authentication cookie problem by specifying a tag in web.config. http://code.google.com/p/socialauth-net/downloads/detail?name=SocialAuth-net-2.3.1.zip&can=2&q=#makechanges – helloworld Feb 18 '13 at 07:44