Integration of ASP.NET Forms Authentication with Twitter OAuth
Posted by admin in 
In a previous article, I proposed a custom Forms Authentication for Facebook connect. The need for such a measure come from the fact that both Forms Authentication and Facebook Connect use cookies as means of authenticating users. Things are quite different on Twitter OAuth because it does not send any cookie to the browser: everything happens with HTTP requests. As a result, a Twitter Application developed in ASP.NET can use Forms Authentication without being in conflict with Twitter OAuth’s own cookie system.
There is something else to consider in Twitter OAuth, and that is the secret key that is associated with a Twitter account’s lifetime. Actually, the secret key never expires, which means that the Twitter App could keep a user connect as long as needed.
So the trick is that once the user has authorized your application to perform status update, you make a call to ‘http://twitter.com/account/verify_credentials.xml‘ to retrieve the users screen name. All you have to do, is call
1 | FormsAuthentication.SetAuthCookie("<em>Screen_Name</em>", true); |
to set the cookie on the users browser. If you want the user to be logged on for eternity (well you can’t have a user connect for more that a year), set the timeout value to whatever you feel right in the web.config file as follow:
<authentication mode="Forms"> <forms loginUrl="YOUR_LOGIN_PAGE" timeout="2880"/> </authentication>
The secret key will have to be saved somewhere (like a DB) do that is can be used when the user comes back to your website. Of course, there should be a Logout button somewhere on your website. When user asks to log out, simply call
1 | FormsAuthentication.SignOut() |
to have the cookie removed. Note: next time the user will want to come back, he will have to go through the Twitter OAuth authorization process again, since that’s the only way your app will be able to authenticate the user.
How Can Professional SEO Services Be Good for Your Business
Professional SEO services are often thought as expensive services that do not guarantee results. The general case against SEO is that nothing can ever replace good content. There is also a strong belief among SEO skeptics that good content can only be created by business visionaries. Finally, most brick and mortar business owners are not familiar with the concept of Internet traffic. In brick and mortar businesses, traffic is generated by location, location and location! In other words, traffic to the business is the traffic that a certain physical location provides. If the business is located in a crowded area, then the business could have a lot of visitors that could lead to a lot of sales. Things are a bit different in e-businesses: traffic mus be created and location must be earned. In this article, I will explain why not only professional SEO services can help grow an e-business, but that they are actually a bargain when it comes to the total cost of promoting. After all, no one would think of opening a brick and mortar business in an isolated place!
First things first, one must understand the importance of the Internet and words in today’s world of information. The Internet is a great promotion channel that all marketers must take into consideration in their marketing strategy. From here, the question is how can we get more exposure on the Internet? To answer this question, lets look at the most visited website in the world: Google. According to compete.com, Google has more something like 150 Million unique visitors in a month. Now what does Google do? it provides search services. Ahah!! If website is linked on every search request that is ran on Google, then that website would have 150 Million visitors in a month! This is exactly why professional SEO services are a must for every e-business: they will guarantee that a share of this huge user base will be redirected to your website.
Now, a question still remains: why would someone pay X-hundred dollars an hour to someone just to write text? The answer is simple: complexity and specialization. Every business has a core competency. Unless you are an SEO expert and are offering professional SEO services, chances are that SEO is not among your competencies. Today, the Internet ecosystem has become so complex that it is cost effective to deal with professionals than to do things the amateur way. On the other hand, when you outsource search engine optimization efforts, you save resources to execute activities that are within your core competence.
In conclusion, SEO is a must for all businesses and its must be performed by professionals. At the end of the day, you will save money and make more profit if you let experts handle this part of the business.
Custom ASP.NET MVC Authorization with Facebook Connect
Action filters are an interesting concept in ASP.NET MVC. The point with action filters is that you can basically intercept a call to an ASP.NET MVC action and execute some code before the action’s code is executed. The ‘Authorize’ action filter is often used in Forms Authentication to make sure that an action reserved to a member is not executed by a non-member. When it come to using this feature with Facebook Connect applications, things get a little bit dirty. In this article, I will explore some contradicting aspects of Facebook Connect in regards to its integration with Forms Authentication and propose a solution which is based on implementing a custom ASP.NET MVC authorization.
Forms authentication is a cookie-based authentication method. The thing is that Facebook Connect also uses cookies as a mean of authentication. A Facebook cookie contains a session key which is valid for the session. Facebook API calls must be done with this session key to associate actions to a Facebook account.
Now, if a developer wants to use both Forms Authentication and Facebook cookies to handle a session, there will be countless issues of data incoherence to handle (ex: Facebook sessions expire when the browser is closed, but not Forms Authentication sessions).
The solution is to not use Forms Authentication or any other ASP.NET authentication at all, but use a custom authorization class which wraps Facebook’s session cookie. To do so, create a new class like with the following code:
public class CustomAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { if (Validate_Facebook_Connect_Cookie()) return true; httpContext.Response.Redirect("Facebook_Connect_URL"); return false; } }
The ‘Validate_Facebook_Connect_Cookie()‘ function should look into the cookie and verify that the user is correctly authenticated. Now, all you have to do is to add the ‘[CustomAuthorize]‘ attribute to those actions that need authorization.
How to Connect Your ASP.NET MVC Twitter Application to Twitter OAuth
For those who are familiar with Facebook Connect, Twitter has a similar service. It’s called Twitter OAuth. Twitter applications that use Twitter OAuth do not ask for password as opposed to other Twitter Applications. This is a plus for user privacy and inspires confidence when a new visitor wants to use your app. Personally, I am reluctant in providing my login and password to some website I stumbled upon but that I have never heart of. So when I developed a The Tweet Watch, I used Twitter OAuth. You can take a look at it to see how Twitter OAuth works with ASP.NET MVC. In this article, I’ll show a simple way to connect your ASP.NET MVC app to Twitter OAuth.
Before starting, make your life easier and get one of those OAuth .NET libraries or classes and add it to your project. You will avoid a lot of headache in dealing with ‘HttpWebRequest’ class and interoperability issues with different sites. There is a lot of them out there, so you need to find one that suites your needs. I’m not going to recommend one since changes to Twitter’s own implementation of OAuth could break how a .NET library works. Also, don’t forget that you will have to provide your Twitter application’s public and secret keys to the classes or the library. Nevertheless, if your mad about doing everything yourself, the Twitter OAuth process is explained enough in this article for you to be able to do so.
First, create a new controller and call it Twitter. Of course you can give any other name, and you don’t even have to create a new controller if you don’t want to. In this example we will suppose that a new controller is created, as I find that things are cleaner in this way. In this controller, create a new action called ‘CallBack’ (Twitter server will request this action after the user has authorized your application to perform status updates).
Second, in the Index function of your new controller, initiate the authorization process by requesting ‘http://twitter.com/oauth/request_token‘. Twitter server will respond back with an OAuth Token. If you are using an OAuth .NET library, you might have a function that covers this as well as the next step in one single function call (skip the next step if it is your case).
Third, you will have to extract the OAuth Token from the previous response and request for ‘http://twitter.com/oauth/authorize?oauth_token=The_OAuth_Token‘ where The_OAuth_Token is the extracted token. You might have to add the URL to your callback action which make the request look something like this: ‘http://twitter.com/oauth/authorize?oauth_token=The_OAuth_Token&oauth_callback=URL_To_Your_CallBack‘. This will get you to the point where the user is shown with the Twitter authorization page. After the user has authenticated and allowed your Twitter App to perform status updates, Twitter will call the ‘CallBack’ action (which is the URL_To_Your_CallBack).
Fourth, In your ‘CallBack’ action, you will first need to make a request to ‘http://twitter.com/oauth/access_token‘ to get the OAuth secret token. Again, OAuth .NET libraries should have a function for this. Once you have the secret token, request for user information with ‘http://twitter.com/account/verify_credentials.xml‘ to which Twitter server will respond with an XML answer containing user credentials.
At this point, you can use Twitter API to do all those things that you can do with it. Remember, the secret token must be provided with every request to the Twitter API so that they are linked to the right Twitter account. Since Twitter API uses the REST architecture, objects do not have a life time across multiple HTTP requests. This means that you will have to save the secret key somewhere (in Session object for example) to be able to perform API calls for the span of the user session. Also, secret keys do not have a expiration period. This means that you can use a secret key for as long as you want to. This characteristic will introduce a few particularities to consider in regards to ASP.NET Membership and Form Authentication. I will cover this aspect in a future article.
Search Engine Optimization vs Traditional Promotion: The Power of Words
Lets take a look at the promotion pyramid from Ames:
As we go from the bottom to the top of the pyramid, the cost per contact goes high. Now, the good thing with the Internet is that it covers all these promotion channels but at lower costs. This is most true for lower level channels such as Media advertising, public relations and direct mails, but it is especially advantageous for the top channels.
In my opinion, SEO is similar to personal selling. This is so be cause of the aggregation power of search engines. When people land on your website through a search engine, it is because there is a good chance that they are looking for your service. Why? because you are using the same words that visitors are searching for. Since the customer is fed by information that he is looking for, the effect is the same as in personal sales: messages are precisely targeted to the customer and a kind of interaction occurs between the customer and the website.
Now, the real advantage of SEO relies in the fact that it offers great economies of scale compared to direct sale. SEO effort is spent once for all potential customers, while personal sales effort is spent every time for a client. Of course, SEO effort needs to be maintained but every time, it is scaled to all customers. Some would argue that SEO will not be able to offer the same kind of sales potential and it is entirely true. An experienced sales representative will be able to do things that programmed applications will not be able to do. But there is one thing that SEO can do with economies of scale: cut costs, which is the best incentive to buy.
From now on, the challenge in marketing is in targeting the right words as well as expressing the right ideas. In doing so, both service supplier and client will save costs.
8 SEO Reflexes for Web Developers
One efficient way of implementing good SEO is to have web developers integrate SEO while coding. Here is a list of habits every web developer should have when coding website’s server side:
- Have a different title and meta-tags for each page. You should have a set of keywords for every page and have them incorporated in the page title before the company name.
- Use title tag for links and use those keywords in it. Use keywords in the anchor text also.
- Use h1, h2, h3, bold and italic around keywords as much as possible.
- Use the alt tag for images and use keywords to name the image.
- Use search engine friendly URLs.
- Have a sitemap.xml for search engines.
- Don’t overuse Ajax. Since Ajax content is dynamic, some of the page’s content will not be seen by the spider.
- Don’t use Flash for menus. The spider doesn’t look at Flash.
About Singular Technologies
Featured Website
