[英]What's the Difference Between OAuthWebSecurity's “RequestAuthentication()” and “VerifyAuthentication()” methods in ASP.NET-Webpages with C#?
I'm trying to really "hash out" what's going on when I use OAuth (actually using it for Google only), but I just can't quite seem to understand the difference between: 我正在尝试真正“弄清楚”使用OAuth时发生的情况(实际上仅将其用于Google),但是我似乎不太了解以下两者之间的区别:
OAuthWebSecurity.RequestAuthentication("Google", Href("~/Account/RegisterService.cshtml"));
And: 和:
OAuthWebSecurity.VerifyAuthentication(Href("~/Account/RegisterService.cshtml"));
At " http://msdn.microsoft.com " They describe the difference as: 在“ http://msdn.microsoft.com ”上,他们将区别描述为:
RequestAuthentication():
Requests the specified provider to start the authentication by directing users to an external website, and directs the provider to redirect the user to the specified URL when authentication is successful. 通过将用户定向到外部网站来请求指定的提供程序启动身份验证,并在身份验证成功时指示提供程序将用户重定向到指定的URL。
(Found Here: http://msdn.microsoft.com/en-us/library/microsoft.web.webpages.oauth.oauthwebsecurity.requestauthentication(v=vs.111).aspx ) (位于此处: http : //msdn.microsoft.com/zh-cn/library/microsoft.web.webpages.oauth.oauthwebsecurity.requestauthentication (v= vs.111 ) .aspx )
And VerifyAuthentication():
和VerifyAuthentication():
Returns a value that indicates whether the user account has been confirmed by the provider. 返回一个值,该值指示提供者是否已确认用户帐户。
(Found Here: http://msdn.microsoft.com/en-us/library/microsoft.web.webpages.oauth.oauthwebsecurity.verifyauthentication(v=vs.111).aspx ) (位于此处: http : //msdn.microsoft.com/zh-cn/library/microsoft.web.webpages.oauth.oauthwebsecurity.verifyauthentication (v= vs.111 ) .aspx )
So, I guess the question comes down to what the difference between their meanings of "authenticated" and "confirmed" are. 因此,我想问题归结为它们的“已认证”和“已确认”含义之间的区别是什么。
RequestAuthentication
is going to redirect the user to the website and ask for the login. RequestAuthentication
将把用户重定向到网站并要求登录。 Once the credentials are entered and permission granted for your application it is going back to your website (returnUrl). 输入凭据并为您的应用程序授予权限后,它将返回您的网站(returnUrl)。
Once it comes back you should use VerifyAuthentication
to validate the tokens returned by the provider. 回来后,您应该使用VerifyAuthentication
验证提供者返回的令牌。
var result = OAuthWebSecurity.VerifyAuthentication();
if (result.IsSuccessful)
{
var provider = result.Provider;
var uniqueUserID = result.ProviderUserId;
}
So RequestAuthentication
is called when the user should be redirected to the provider to login/grant access. 因此,应在将用户重定向到提供程序以登录/授予访问权限时调用RequestAuthentication
。 (User Login & Consent) (用户登录并同意)
And VerifyAuthentication
is the validation part just bellow. 而VerifyAuthentication
是下面的验证部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.