Access Control Service V2 and Facebook Integration

Posted on April 22, 2011 by Dominick Baier

I haven’t been blogging about ACS2 in the past because it was not released and I was kinda busy with other stuff. Needless to say I spent quite some time with ACS2 already (both in customer situations as well as in the classroom and at conferences).

ACS2 rocks! It’s IMHO the most interesting and useful (and most unique) part of the whole Azure offering!

For my talk at VSLive yesterday, I played a little with the Facebook integration. See Steve’s post on the general setup.

One claim that you get back from Facebook is an access token. This token can be used to directly talk to Facebook and query additional properties about the user. Which properties you have access to depends on which authorization your Facebook app requests. You can specify this in the identity provider registration page for Facebook in ACS2. In my example I added access to the home town property of the user.

Once you have the access token from ACS you can use e.g. the Facebook SDK from Codeplex (also available via NuGet) to talk to the Facebook API.

In my sample I used the WIF ClaimsAuthenticationManager to add the additional home town claim. This is not necessarily how you would do it in a “real” app. Depends ;)

The code looks like this (sample code!):

public class ClaimsTransformer : ClaimsAuthenticationManager
{
    public override IClaimsPrincipal Authenticate(
      string resourceName, IClaimsPrincipal incomingPrincipal)
    {
        if (!incomingPrincipal.Identity.IsAuthenticated)
        {
            return base.Authenticate(resourceName, incomingPrincipal);
        }
 
        string accessToken;
        if (incomingPrincipal.TryGetClaimValue(
          "http://www.facebook.com/claims/AccessToken", out accessToken))
        {
            try
            {
                var home = GetFacebookHometown(accessToken);
                if (!string.IsNullOrWhiteSpace(home))
                {
                    incomingPrincipal.Identities[0].Claims.Add(
                      new Claim("http://www.facebook.com/claims/HomeTown", home));
                }
            }
            catch { }
        }
 
        return incomingPrincipal;
    }

     private string GetFacebookHometown(string token)
    {
        var client = new FacebookClient(token);
        dynamic parameters = new ExpandoObject();
        parameters.fields = “hometown”;
        dynamic result = client.Get(“me”, parameters);

        return result.hometown.name;
    }
}

 
This entry was posted in IdentityModel. Bookmark the permalink.

2 Responses to Access Control Service V2 and Facebook Integration

  1. Michael says:
    November 9, 2012 at 20:35

    Hi Dominick. I have tinkered with ACS a bit. Can we hook a custom membership provider through it? If i want to authenticate through it will ACS lets say issue a SAML token against a membership provider table?

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s