SimpleAuthentication is a ASP.NET library that makes it really easy and simple for developers to add Social Authentication to an ASP.NET application. It currently targets .NET 4.x framework, not the new .NET Core framework.
|branch @ GitHub||status|
What does the term "Social Authentication" mean"?
Social Authentication are login buttons that use popular social websites (like Facebook or Google) as the way to login to your own website. These social websites Facebook/Google/etc are referred to as Social Authentication Providers (aka. AP's).
Why do we want to offer Social Authentication?
A few reasons:
- People are getting tired of creating new usernames/passwords all the time.
- People generally only use the same few passwords for all their accounts. This means that if one of those websites is compromised, then there is a high chance those compromised credentials can be reused on other sites the user has an account on.
- If you store passwords, then your server is now a possible target/attack vector and now you have to make sure you're protecting your sensitive user data.
- The Authentication Providers now have to deal with the security of storing passwords. You've just delegated a huge security responsibility to them :)
What Authentication Providers are available?
How does this compare to ASP.NET Identity / ASP.NET Membership?
- Simple Authentication: An extremely lightweight library that only deals with the authentication. No database code. No rules forcing you to implement contracts. No passwords
- ASP.NET Identity / Membership: a heavy, enterprisy, one-huge-hammer-fits-all approach that is strongly tied to sql server and entity framework.
Simple Authentication doesn't want to tie you into any particular database, data access layer or forcing / maintaining passwords. In essence, we've tried to pass this security concern onto other systems. Once you've received some authenticated user information, you decide what you want to do with. On the other hand, ASP.NET Identity/Membership is a full end-to-end stack for user credentials. It's tied to Sql Server and you're tied to implementing all the interface contracts. But most importantly, passwords are still stored in your database if forms authentication was used. It's a one-big-hammer approach.
Read this wiki page for an elaborate discussion on the differences (pro's/con's) of Simple Authentication vs ASP.NET.
Have an OAuth 1.0a or OAuth 2.0 Authentication Provider? It's really easy to create your own providers, extending what's already out of the box. These AP's are also available:
- 37 Signals
Take advantage of the Glimpse plugin so you can see what magic is happening under the hood if you need to debug a problem or just want to see what happens :)
And Finally ...
- Still having problems? Create an issue with your question/problem.
- We accept Pull Requests.
- License : MIT
- No Unicorns were harmed in the coding of this library.