Suggested Videos
Part 101 - Custom authorization requirement and handler example in asp.net core | Text | Slides
Part 102 - Multiple custom authorization handlers for a requirement in asp.net core | Text | Slides
Part 103 - Custom authorization handler success vs failure | Text | Sldies
In this video, we will discuss using external identity providers like Goole, Facebook, Twitter, Microsoft etc to authenticate and log into our asp.net core application.
Users usually register with our application by providing their email, username and a password. We then use this local username and password to authenticate who the user is and sign him/her into our application. However, we do not have to always rely on a local username and password that is registered with our application.
External identity providers in asp.net core
Most people these days have accounts already created with third party applications like Microsoft, Google, Facebook, Twitter etc. Why do these users have to create yet another account with our application. It's not a great user experience to ask the user to create yet another user account just to login to our application. We want to reuse their existing user account with Facebook, Google, Microsoft, Twitter etc.
We trust these third party applications and use them to authenticate and identify who the user is. For this reason these third party applications are commonly called trusted identity providers. To be more accurate, we call them trusted external identity providers, as these third party applications are external to our own application. Windows authentication can also be used as an external identity provider.
In this video and in our upcoming videos we will discuss integrating these external identity providers in our asp.net core web application.
Benefits of using external identity providers
Allowing users to reuse their existing accounts to log into our application benefits end users from having to remember yet another username and password. It also benefits us as application developers as we no longer have to store and maintain the highly sensitive information such as the username and password in our application database. It is now the responsibility of the external authentication provider such as Facebook or Google for example.
Asp.net core has built-in support for integrating these external authentication providers. Integrating these external authentication providers follows a similar pattern. If we understand how to integrate one of the external authentication providers, implementing others is not that different.
In addition to using these external authentication providers, most applications these days support 2 factor or even 3 factor authentication. We will discuss implementing 2 factor authentication in our upcoming videos.
Whether we are using
How external identity providers work in asp.net core
If a user wants to use his/her Google account to signin to our application, they click the Google button.
Our application then redirects the user to Google signin page. Here the user provides his/her google login credentials.
Upon a successful login, google will then send the user back to our application and a pre-configured callback function is executed. The code in this callback function checks the identity received from the external identity provider and sign-in that user into our application. We will see all this in action in our upcoming videos.
To use an external identity provider like Google, we have to first register our application with Google. Upon successful registration we will be provided with Client Id and Client Secret which we need to use Google authentication.
Up next : Registering our application with Google and integrating Google authentication in our asp.net core application.
Part 101 - Custom authorization requirement and handler example in asp.net core | Text | Slides
Part 102 - Multiple custom authorization handlers for a requirement in asp.net core | Text | Slides
Part 103 - Custom authorization handler success vs failure | Text | Sldies
In this video, we will discuss using external identity providers like Goole, Facebook, Twitter, Microsoft etc to authenticate and log into our asp.net core application.
Users usually register with our application by providing their email, username and a password. We then use this local username and password to authenticate who the user is and sign him/her into our application. However, we do not have to always rely on a local username and password that is registered with our application.
External identity providers in asp.net core
Most people these days have accounts already created with third party applications like Microsoft, Google, Facebook, Twitter etc. Why do these users have to create yet another account with our application. It's not a great user experience to ask the user to create yet another user account just to login to our application. We want to reuse their existing user account with Facebook, Google, Microsoft, Twitter etc.
We trust these third party applications and use them to authenticate and identify who the user is. For this reason these third party applications are commonly called trusted identity providers. To be more accurate, we call them trusted external identity providers, as these third party applications are external to our own application. Windows authentication can also be used as an external identity provider.
In this video and in our upcoming videos we will discuss integrating these external identity providers in our asp.net core web application.
Benefits of using external identity providers
Allowing users to reuse their existing accounts to log into our application benefits end users from having to remember yet another username and password. It also benefits us as application developers as we no longer have to store and maintain the highly sensitive information such as the username and password in our application database. It is now the responsibility of the external authentication provider such as Facebook or Google for example.
Asp.net core has built-in support for integrating these external authentication providers. Integrating these external authentication providers follows a similar pattern. If we understand how to integrate one of the external authentication providers, implementing others is not that different.
In addition to using these external authentication providers, most applications these days support 2 factor or even 3 factor authentication. We will discuss implementing 2 factor authentication in our upcoming videos.
Whether we are using
- A local username and password combination that is specific to our application
- Windows login
- Facebook, Google, Microsoft, Twitter etc
How external identity providers work in asp.net core
If a user wants to use his/her Google account to signin to our application, they click the Google button.
Our application then redirects the user to Google signin page. Here the user provides his/her google login credentials.
Upon a successful login, google will then send the user back to our application and a pre-configured callback function is executed. The code in this callback function checks the identity received from the external identity provider and sign-in that user into our application. We will see all this in action in our upcoming videos.
To use an external identity provider like Google, we have to first register our application with Google. Upon successful registration we will be provided with Client Id and Client Secret which we need to use Google authentication.
Up next : Registering our application with Google and integrating Google authentication in our asp.net core application.
Hi, I have been following your tutorials. I am so thankful for all the quality contents with detail explanation. May I know when is your next tutorial will be out? I am so excited on how to implement external service provider to login into our web application and how we can use those credentials to interact with our existing data.
ReplyDelete