使用Asp.net 4.0实施OAuth2
[英]Implement OAuth2 with Asp.net 4.0
问题描述
I have a .NET 4.0 application and I need to add an OAuth2 authentication with a third tier. 
我有一个.NET 4.0应用程序,我需要添加一个第三层的OAuth2身份验证。 And I am little bit confused (hard to find sample and documentation for .NET 4.0). 我有点困惑(很难找到.NET 4.0的示例和文档)。
Could I use Microsoft.AspNet.Membership.OpenAuth (OAuth 2.0) with Asp.net 4.0 (.NET 4.0) ? 我可以将Microsoft.AspNet.Membership.OpenAuth(OAuth 2.0)与Asp.net 4.0(.NET 4.0)一起使用吗?
The other option I have is to use DotNetOpenAuth, but I have some trouble to found an example with Callback for Webforms in .NET 4.0. 我的另一个选择是使用DotNetOpenAuth,但是在.NET 4.0中找到带有Webforms回调的示例时遇到了一些麻烦。
From my understanding I should have an authentication page (login page) : 据我了解,我应该有一个身份验证页面(登录页面):
var medOK = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "some client id");
medOK.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("some secret code");
// CallBack
var state = new AuthorizationState();
var uri = Request.Url.AbsoluteUri;
uri = RemoveQueryStringFromUri(uri);
state.Callback = new Uri(uri);
var accessTokenResponse = medOK.ProcessUserAuthorization();
if (accessTokenResponse != null){
//If you have accesstoek then do something
} else if (this.AccessToken == null) {
// If we don't yet have access, immediately request it.
medOK.PrepareRequestUserAuthorization(state);
medOK.RequestUserAuthorization();
}
And a callback page (let's say an ashx page) with : 还有一个回调页面(例如ashx页面):
var medOK = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "some client id");
medOK.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("some secret code");
var response = medOK.GetClientAccessToken();
// Then I get claims
Make sens ? 有感觉吗? (I tried to be concise and do not write all what I tried, but if needed I can provide more information) (我尽量简洁,不写所有尝试的内容,但是如果需要,我可以提供更多信息)
2 个解决方案
解决方案1
5 已采纳 2016-02-16 21:54:37
If you are using 4.5 or higher use Owin as described in many website blogpost and if you create an Asp.net project with Visual Studio 2013+ template you will have an example how to implement it, like mentioned here . 如果您使用4.5或更高版本,请使用许多网站博客文章中所述的Owin,并且如果使用Visual Studio 2013+模板创建Asp.net项目,则将有一个示例来实现它, 如此处所述 。 Or you can use IdentityModel which is simple to use. 或者,您可以使用简单易用的IdentityModel 。
For .NET 4.0, I ended to use DotNetOpenAuth, it was not an easy way to find how to call the library, so I will share my finding, the first step id to get a user authorization. 对于.NET 4.0,我结束使用DotNetOpenAuth,这不是找到如何调用该库的简单方法,因此,我将分享我的发现,这是获得用户授权的第一步。
var client = new WebServerClient(GetAuthServerDescription(), clientIdentifier: "client id");
client.ClientCredentialApplicator = ClientCredentialApplicator.PostParameter("secrete");
// CallBack
uri = RemoveQueryStringFromUri(callBack);
state.Callback = new Uri(uri);
var accessTokenResponse = client.ProcessUserAuthorization();
if (accessTokenResponse != null){
//If you have accesstoek then do something
} else {
// If we don't yet have access, immediately request it.
client.PrepareRequestUserAuthorization(state).Send();
}
With GetAuthServerDescription building an AuthorizationServerDescription 使用GetAuthServerDescription构建AuthorizationServerDescription
And the method for the callback url is a simple post (to get the token) as I didn't found how to send the exact parameters I needed to send to my provider. 回调URL的方法是一个简单的文章(获取令牌),因为我没有找到如何发送需要发送给提供程序的确切参数。
解决方案2
-5 2016-02-23 09:16:59
您应该阅读我的stackoverflow 问题以获取有用的指导。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.