[英]How best to implement Google social sign-in authentication in ASP.NET Core?
I want to implement an authentication system in ASP .NET Core where: 我想在ASP .NET Core中实现身份验证系统,其中:
The user clicks a button which looks like the standard Google sign-in button. 用户单击类似于标准Google登录按钮的按钮。
The user is then prompted to sign in to Google Accounts and signs in. 然后,系统提示用户登录Google帐户并登录。
A http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
claim with the value equal to that of the user_id
of the signed-in Google account is added to the User
variable in the RazorBasePage
class. 在RazorBasePage
类的User
变量中添加了一个http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
声明,该声明的值等于已登录Google帐户的user_id
的值。
The server adds the user to a user table with user_id
as the primary key. 服务器将用户添加到以user_id
作为主键的用户表中。
I originally investigated a solution using the built-in ASP .NET Identity system. 我最初研究了使用内置ASP .NET Identity系统的解决方案。 However, I soon realised it was far more functionality than what I needed. 但是,我很快意识到这比我需要的功能要多得多。
Next, I followed this article to implement a system where the user must authenticate with their Google account when attempting to use controllers or actions tagged with the [Authorize] attribute. 接下来,我将按照本文的内容来实现一个系统,在该系统中,用户在尝试使用带有[Authorize]属性标记的控制器或操作时必须使用其Google帐户进行身份验证。
Meanwhile, I also investigated a login system using this article. 同时,我还研究了使用本文的登录系统。 This article implements a system where developer can implement their own custom authorisation system, eg check against a hard-coded password. 本文实现了一个系统,开发人员可以在该系统中实现自己的自定义授权系统,例如,检查硬编码的密码。
And I also investigated some of Google's developer pages on identity This system allows the developer to easily implement an authentication system on the client side - additional steps are required to pass the authentication to the server. 我还研究了Google的一些关于身份的开发人员页面。该系统使开发人员可以轻松地在客户端实施身份验证系统-需要其他步骤才能将身份验证传递给服务器。
This collection of images should help to communicate the aforementioned authorisation systems. 图像的收集应有助于传达上述授权系统。 My current ConfigureServices method in StartUp.cs contains the following code: 我当前在StartUp.cs中的ConfigureServices方法包含以下代码:
services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogle(options => {
options.ClientId = Configuration["Authentication:Google:ClientId"];
options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.SaveTokens = true;
});
Any tips on how to implement such a system would be greatly appreciated. 任何有关如何实现这样的系统的技巧将不胜感激。 Thanks! 谢谢!
Looks like Google deprecated use of Google+ for retrieving user information: https://github.com/aspnet/AspNetCore/issues/6486 看起来Google已弃用Google+来检索用户信息: https : //github.com/aspnet/AspNetCore/issues/6486
In ASP.Net Core MVC 2.0 I ended up doing this in Startup.cs:ConfigureServices 在ASP.Net Core MVC 2.0中,我最终在Startup.cs:ConfigureServices中执行了此操作
services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogle(options => {
options.ClientId = Configuration["Authentication:Google:ClientId"];
options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
options.SaveTokens = true;
options.UserInformationEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo";
options.ClaimActions.Clear();
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
options.ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
options.ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
options.ClaimActions.MapJsonKey(ClaimTypes.Surname, "family_name");
options.ClaimActions.MapJsonKey("urn:google:profile", "link");
options.ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
options.ClaimActions.MapJsonKey("picture", "picture");
})
;
Don't forget to add the following line before app.UseMvc() 不要忘记在app.UseMvc()之前添加以下行
app.UseAuthentication();
Also, you will need to configure Google API for cloud identity for your app. 另外,您将需要为您的应用配置Google API以实现云身份。
To display the information you can do something like: 要显示信息,您可以执行以下操作:
@Context.User.Identity.Name
<img src="@Context.User.Claims.SingleOrDefault(c => c.Type == "picture")?.Value" />
Finally: Please consider privacy of this information. 最后:请考虑此信息的隐私权。 It's not ethical (and in most jurisdictions not legal) to store private information without telling the user that you are storing it and for what purpose. 在不告知用户您正在存储隐私以及出于什么目的的情况下存储隐私信息是不道德的(在大多数司法辖区中也不合法)。
Use blow code get user data. 使用打击代码获取用户数据。
services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
})
.AddCookie()
.AddGoogle(options => {
options.ClientId = Configuration["Authentication:Google:ClientId"];
options.ClientSecret = Configuration["Authentication:Google:ClientSecret"];
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.SaveTokens = true;
options.UserInformationEndpoint = "https://openidconnect.googleapis.com/v1/userinfo";
options.ClaimActions.Clear();
options.ClaimActions.MapJsonKey(ClaimTypes.PPID, "ppid");
options.ClaimActions.MapJsonKey(ClaimTypes.Name, "email");
});
This all data you get on your Callback method into controller with in Claim
type
and value
. 您将所有在Callback方法上获得的数据与Claim
type
和value
一起type
到控制器中。
If you want to get other into than added your key like options.ClaimActions.MapJsonKey(ClaimTypes, jsonKey)
如果您想除添加键之外的其他options.ClaimActions.MapJsonKey(ClaimTypes, jsonKey)
例如options.ClaimActions.MapJsonKey(ClaimTypes, jsonKey)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.