Tutorial by Examples

You need to get some details from your OAuth provider of choice. We'll be looking at Google, but ASP.NET is also set up to allow out-the-box use of Twitter, Facebook and Microsoft (obviously). You'll want to go to the Google developer console (https://console.developers.google.com/) and create a pr...

When someone registers with your application, a new ApplicationUser object will be stored in the database. By default the class is very barebones, but it can be customised - you can find it in Models > IdentityModels.cs. This is mine: public class ApplicationUser : IdentityUser { public ...

Go to Providers > ApplicationOAuthProvider.cs and edit the ValidateClientRedirectUri function. This was a big gotcha to me, as if you don't do this there'll be a fantastically unhelpful error message. By default, this code will make any callbacks to your site invalid unless they're to the site's ...

Here is the default flow of registering a user in Web API. All of these routes can be found in the AccountController: The user requests a list of the login providers using the GetExternalLogins route, passing a return URL as a parameter. This returns an array of provider objects, containing t...

I have found that the Web API template is broken - the default implementation relies on cookies in the final step, which you probably don't want to be using in a Rest API. Without a cookie, GetExternalLoginInfoAsync in RegisterExternal always returns null. I removed RegisterExternal entirely, inste...