Noggin .NetCore Auth is a simple library for doing social authentication in ASP.NET Core MVC in .NET 5.0. It authenticates that people are who they say they are, but does not authorise them and has no opinion on how you store details about your users. You're free to do that however you want and in whatever way works best for your application.
The source code is available at the Noggin .NetCore Git Repo.
For a working example download a zip of the source code including the sample site.
For an example site of NogginNetCoreAuth in action, the source code for this site is available GitHub.
The important steps are:
PM> Install-Package Noggin.NetCoreAuth
This is the step that requires most thought and the one that gives you the most power and freedom. Noggin.NetCoreAuth.Providers.ILoginHandler has two methods. One is called if the user successfully authenticates with their chosen social login provider, the other is called if they fail. We send you the information we've been able to glean about them from the provider, but you need to log them in (or not) to your site and save anything you need to.
Once you're done you can return a view or redirect the user to a page of your choice.
Task<IActionResult> SuccessfulLoginFrom(string provider, UserInformation user, HttpContext context); Task<IActionResult> FailedLoginFrom(string provider, AuthenticationFailInformation failInfo, HttpContext context);
See SampleLoginHandler in the sample site for an example of one. The important part is that we don't have any opinion on how to store your user, or even if you need to. We just tell you who they are.
You'll need the following using statement:
using Noggin.NetCoreAuth.Config;
In ConfigureServices(...)
public void ConfigureServices(IServiceCollection services) { // Point NogginAuth at you Login Handler services.AddNogginNetCoreAuth<YourFunkyLoginHandler>(Configuration); // Configure session. Noggin Auth requires session to persists details between first and second call to login providers services.AddSession(options => { options.IdleTimeout = TimeSpan.FromMinutes(25); options.Cookie.HttpOnly = true; options.Cookie.Name = ".What.ever.you.want.to.call.your.cookie"; }); // ... }
In Configure(...)
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { // ... app.UseRouting(); app.UseSession(); // Order here is important (authorization must be after authentication as it needs an authenticated user to check) app.UseAuthentication(); app.UseAuthorization(); // ... app.UseEndpoints(endpoints => { endpoints.MapControllerRoute( name: "default", pattern: "{controller=Home}/{action=Index}/{id?}"); endpoints.MapNogginNetAuthRoutes(app.ApplicationServices); }); }
This is where you say which providers you want to use and to fill in your developer credentials. You need to register an API key for each provider you want to use.
Add a x section to your appsettings like this:
"NogginNetAuth": { "Providers": [ { "Name": "Twitter", "RedirectTemplate": "auth/twitter", "CallbackTemplate": "auth/twitter/callback", "Api": { "PublicKey": "...", "PrivateKey": "..." } }, { "Name": "Facebook", "Api": { "PublicKey": "...", "PrivateKey": "..." } }, { "Name": "Google", "Api": { "PublicKey": "...", "PrivateKey": "..." } } ], "DefaultRedirectTemplate": "auth/{provider}", "DefaultCallbackTemplate": "auth/callback/{provider}" }
You will need to register an app with each provider to be able to use them to login. You can register here to get API Keys:
So you can use Noggin Core Auth Tag helpers add the following to Views/_ViewImports.cshtml.
@addTagHelper "*, Noggin.NetCoreAuth"
Once this is included all you need to do is add:
<auth-link provider="twitter">Twitter</auth-link>
This will render an <a> tag with a link to correct place to kick off authentication. You can set provider to be any of your configured providers.
Some providers will only work if you have SSL and if your users need to login to your site then chances are that you'd be better off with an SSL cert installed on your site. If you've not already got SSL setup then read my post on setting up a free SSL cert on IIS.