How can authenticate user by their Google, Yahoo or OpenID accounts in MVC?

One of the major problem for websites users is that they have to create account for too many websites which they want to use, and it is hard to remember all accounts information. One the best solution is that users login to your website with another account that already have , same as Google , Microsoft , Facebook, Twitter and etc…

Today I am going to teach you how let users to connect to your website by these three accounts

  1. Google ( Gmail)
  2. Yahoo
  3. OpenId

Let start with making some changes in the AuthConfig.cs file, you can access to this file from the App_Start folder in application root, as you see here the code in the file is commented, we need to change it to this:

Before you change the code, should add these reference to the class,

using DotNetOpenAuth.OpenId.RelyingParty;
using Microsoft.Web.WebPages.OAuth;
using MvcAuction.Models;

And your code should be like this :

public static class AuthConfig
    {
        public static void RegisterAuth()
        {

            OAuthWebSecurity.RegisterGoogleClient();
            OAuthWebSecurity.RegisterYahooClient();

            var MyOpenIdClient =
new OpenIdClient("myopenid", WellKnownProviders.MyOpenId);
            OAuthWebSecurity.RegisterClient(MyOpenIdClient, "myOpenID", null);
        }
    }

You need these three critical functions to authenticate the users:
1. Offers the list of available providers.

public ActionResult Login()
        {

            ViewBag.List = OAuthWebSecurity.RegisteredClientData;

           return View();

        }

Here there is a sample code for View file, that shows you how retrieve data from above function and show them as list of button to users

 <form method="post" action="/AdminUsers/ExternalLogins" > 
        <p> 
    @foreach (AuthenticationClientData p in ViewBag.List)
        {
            <button type="submit" name="provider" value="@p.AuthenticationClient.ProviderName" title="Log in using your @p.DisplayName account">@p.DisplayName</button>
        }
        </p>
</form>

2. When the user click on one of the buttons that you created for each provider, this function will be run and sends request to the provider :

 public void ExternalLogins(string Provider)
         {
             OAuthWebSecurity.RequestAuthentication(Provider,"/home/GetResult");

         }

3. This function gets the result from provider and you can make appropriate decision Based on result:

  public ActionResult GetResult()
        {
            AuthenticationResult result = OAuthWebSecurity.VerifyAuthentication();
            return View();
        }

As I said before , may the posts on MVC will not be clear or easy for those programmer that are new in MVC, therefore please feel free to contact me if you have any questions or leave comment here, good luck

How can make SAH1 through VB.Net & C#

Security

What is SHA1?

This part has been copied directly form Wikipedia

SHA-1 is a cryptographic hash function designed by the United States National Security Agency and published by the United States NIST as a U.S. Federal Information Processing Standard. SHA stands for “secure hash algorithm”. For further information click here

Why you need SHA1?

If you want to make your sensitive information secure, one of the best way, is that make them encrypt. There are different ways which  you can use them to make your information encrypt but  in most of cases the encrypted information can be decrypted easily , So these methods  cannot be  good choice  for encrypting  data same as Base64, But SHA1 is a one way street , it means after encrypt  nobody can decrypt  it . Awesome!

If there is no way to decrypt SHA1, how we can use it?

It is common question about SHA1! Somebody still looking for a way to decrypt the SHA1 but I suggest them to stop searching because they cannot find anything.

Now I will explain you how SHA1 can work for you. For example you make a SAH1 from the password that you want to save on the database, when user wants to login to the system you have to make another SHA1 form the string that user has entered, then compare it with SHA1 that you have been saved before on the database if they are same user is eligible to login to the system.

To make a SAH1 you need to pass 3 steps:

  1. Make byte stream from the string that you want to encrypt.
  2. Make SHA1 form the byte.
  3. Make string from the SHA1 that you have produced.

I have mention these three steps in the code below:

[VB.Net]

 Private Sub EncryptData()
    Dim strToHash As String = "Please Encrypt me !"
    Dim Result As String = ""
    Dim OSha1 As New _
    System.Security.Cryptography.SHA1CryptoServiceProvider

    'Step 1
    Dim bytesToHash() As Byte _
     = System.Text.Encoding.ASCII.GetBytes(strToHash)

    'Step 2
    bytesToHash = OSha1.ComputeHash(bytesToHash)

    'Step 3
     For Each item As Byte In bytesToHash
          Result += item.ToString("x2")
     Next
    End Sub

[C#]

private void EncryptData()
{
    string strToHash = "Please Encrypt me !";
    string Result = "";
    System.Security.Cryptography.SHA1CryptoServiceProvider OSha1 = _
    new System.Security.Cryptography.SHA1CryptoServiceProvider();

    //Step 1
    byte[] bytesToHash = _
    System.Text.Encoding.ASCII.GetBytes(strToHash);

    //Step 2
    bytesToHash =_
    OSha1.ComputeHash(bytesToHash);

    //Step 3
    foreach (byte item in bytesToHash) {
        Result += item.ToString("x2");
    }
}

What Is SSL (Secure Sockets Layer) ?

SecurityIn this post I am going to talk about SSL , Each programer specially web Programmer must know about the SSL.

What Is SSL ? 
SSL is a security standard that makes a secure connection between Server and Client , for
example web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).

SSL can guarantee that confidential information same as Credit Card Number , Security numbers and any sensitive information to be transmitted securely.

How does it work?

SSL Certificates have two keys: a public and a private key. These keys work together to make a secure and encrypted connection.

You must create a Certificate Signing Request (CSR) on your server. The CSR makes the private key and a CSR data file that you should send it to the SSL Certificate issuer (Certificate Authority or CA). A public key is created by CA to match your private key without compromising the key itself.  The private key is not seen by CA.

Caution!
Anyone can create certificate but browsers only trust certificates that are signed by organization which are in the list of trusted CAs.