Home/ Questions/Q 9201945
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T23:08:25+00:00

I’m confused and concerned with the following line because it seems like the API

  • 0

I’m confused and concerned with the following line because it seems like the API for the OAuthWebSecurity has its own authentication store. 

        // If the current user is logged in add the new account
        OAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, User.Identity.Name);

If I’m reading the above correctly, it seems to indicate that the API saves relationship locally.

Please tell me this is not the case, and explain what exactly does it do? I need my web application to be as stateless as possible, I cannot have API storing local values like this.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It uses the SimpleMembershipProvider which is the default provider in ASP.NET MVC 4 to create or update the association between the public provider user id and a local user. Basically it will add a record to the webpages_OAuthMembership table.

    Here’s the corresponding code from the WebSecurity.CreateOrUpdateOAuthAccount that gets called:

    public override void CreateOrUpdateOAuthAccount(string provider, string providerUserId, string userName)
{
    this.VerifyInitialized();
    if (userName.IsEmpty())
    {
        throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
    }
    int userId = this.GetUserId(userName);
    if (userId == -1)
    {
        throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
    }
    int userIdFromOAuth = this.GetUserIdFromOAuth(provider, providerUserId);
    using (IDatabase database = this.ConnectToDatabase())
    {
        if (userIdFromOAuth == -1)
        {
            if (database.Execute("INSERT INTO [" + OAuthMembershipTableName + "] (Provider, ProviderUserId, UserId) VALUES (@0, @1, @2)", new object[] { provider, providerUserId, userId }) != 1)
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
            }
        }
        else if (database.Execute("UPDATE [" + OAuthMembershipTableName + "] SET UserId = @2 WHERE UPPER(Provider)=@0 AND UPPER(ProviderUserId)=@1", new object[] { provider, providerUserId, userId }) != 1)
        {
            throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
        }
    }
}
    • 0