I am attempting to authenticate and login users through the Steam API using ASP.Net Core 2.
I'm having limited success. I think I need the following parameters:
providerURL: 'http://steamcommunity.com/openid',
stateless: true,
// How the OpenID provider should return the client to us
returnURL: 'http://localhost:4000/auth/openid/return',
realm: 'http://localhost:4000/',
I am attempting to add the authentication via the AddOpenIDConnect mechanism.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddAuthentication().AddOpenIdConnect(steamOptions =>
{
steamOptions.ClientId = "<APIKEY>";
steamOptions.ClaimsIssuer = "https://steamcommunity.com/openid";
}
This doesn't work. Clearly, there has to be a better way to call this.
One noticeable thing I've encountered: a GET request with Postman returns an XML file:
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="0">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<URI>https://steamcommunity.com/openid/login</URI>
</Service>
</XRD>
</xrds:XRDS>
Is there any way we can force services.AddAuthentication() to parse XML?
I solved this with the AspNet.Security.OpenID.Steam library that Kévin Chalet just recently built. You'll need to use the 2.0.0-rc2-final for ASP.Net Core 2.
All you need to do is add services.AddAuthentication().AddSteam() into ConfigureServices, like so (it's not the only service in there):
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication().AddSteam();
}
Note that you'll need the other default services generated by the Asp.Net Core 2 Web MVC template and Identity installed.