Introduction:
This blog will describe in details how to use Facebook as an identity provider to login into your SharePoint application.
There are many ways to integrate you SharePoint application with Facebook; so you can start developing authentication and authorization mechanisms for your SharePoint application, OR you can start using Windows Azure Access Control Service (ACS) that provides an easy way of authenticating users who need to access your SharePoint application.
How does ACS work with SharePoint and Facebook?
- User requests to be authenticated against a relying party (In our case, it is a SharePoint web application), and then to choose from a dropdown list the required Identity Provider for authentication.
- The user will be redirected to the chosen identity provider (which is Facebook in our case).
- The user enter his/her username and password.
- The Facebook will generate and send a security token to the user that hold claims and other properties.
- Facebook will redirect the user to the ACS, and the user will send the generated security token to the ACS.
- ACS validate the security token, and generate a new security token.
- The ACS redirect the user to the SharePoint web application and send the new security token to the user.
- The user will send the security token to the SharePoint web application.
- The SharePoint application will validate the security token, and then redirect the user to the required page.
Configuration Steps:
PS: I will assume you have ONLY a configured SharePoint machine and connected to the internet only.
First of all, let us create a windows azure account:
- Go to http://www.windowsazure.com/
- Sign in with your Microsoft account (Live.com, Outlook.com, or Hotmail.com)
- Click on accounts:
- click on Sign up for a free trial.
- Choose your county and click the next arrow
- Enter you mobile number, and click on send text message, wait 5 minutes, and you will receive a verification code.
- Enter you verification code and click on verify code, then click the next arrow.
- Enter your credit card and your billing information; (You will not be charged for this, remember the first 90 days are FREE).
- Click Next.
- Click on Portal on the top right of the page.
- Click on ACTIVE DIRECTORY on the left navigation then click on ACCESS CONTROL NAMESPACES.
- Click on CREATE A NEW NAMESPACE.
- Fill the namespace (I name it MySharePointLogin; you can choose your own namespace) and click create.
- The URL of your Access Control Namespace will be like this:
- http://MySharePointLogin.accesscontrol.windows.net (Mine)
- http://YourNamespaceTitle.accesscontrol.windows.net (Your namespace title)
- Now go to Facebook Developer: http://developers.facebook.com
- Sign in using your Facebook username and password.
- Click on App from the top navigation
- Click Create New App
- Fill the required information and click Continue
- Fill the required Captcha
- Fill the Access Control Namespace URL in the Site URL, and Click Save.
- PS You will require the App ID and App Secret in the next phase.
** Click here to go to Part 2