stackoom
  简体   繁体   中英

ASP.Net MVC 5 OAuth2 Facebook Claims are not persisted. Why?

 原文  2015-11-14 17:07:55       c#/ asp.net/ asp.net-mvc/ owin/ claims

Question

I just created a new MVC application to learn something about OAuth2. To get started I registered as a developer with Facebook and enabled the Facebook Identity Provider in my application:

Startup.Auth.cs 

app.UseFacebookAuthentication(
           appId: "something",
           appSecret: "secret");

Authentication worked straight out of the box but I wondered if my User property of my Homecontroller had any Facebook related information. It had not and I wondered why. I had a look at the Katana/Owin sources how the Facebook provider is implemented and found a place where custom claims are being set:

FacebookAuthenticationHandler.cs 

context.Identity.AddClaim(new Claim("urn:facebook:name", context.Name, XmlSchemaString, Options.AuthenticationType));

But when I reach my Controller and check the Identity's Claims property there are none of these custom claims once set by the Owin provider. When I check the database (AspNetUserClaims table) I find that completely deserted.

Is there a reason why claims are not persisted to the db? Is the db even a good place to store these claims (at least there is a table)? Do I have to configure anything in my application to get the claims presisted? Or is there another point where I can keep the claims to be alive for the whole user session?

1 answers

solution1
 2  2015-11-14 21:08:29

Allright, dove a bit deeper into Owin and came to the conclusion that the Authentication Providers are part of an Owin middleware construct which runs independently in a pipeline and does not affect the applications principal directly. There is an action in the AccountController named ExternalLoginCallback which is called when the whole auth aria is finished. It gets an ExternalLoginInfo object which holds all my claims and constructs an ApplicationUser which acts as the official application user. It has a Claims property but that one is not automatically populated with my claims from the ExternalLoginInfo and I guess the reason is that claims could change with every login. So in my case I would better delete all old old claims before I add the new to my user. Since this is custom I have to provide that somehow by myself. Since this data is very volatile I keep that in Session for now.

Any comments on that issue are warmly welcome.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Facebook authentication Claims in asp.net 5 mvc 6 asp.net mvc 5 and oauth2 login Getting Claims from OAuth Authorization Service in ASP.Net MVC 6 ASP.net MVC Custom Claims Fetching oauth credentials after asp.net mvc Twitter OAuth2 login ASP.NET MVC 5 get claims Implement OAuth2 with Asp.net 4.0 ASP.Net MVC claims authorization and authentication Updating Claims Value in ASP.NET MVC How to write OAuth2 Web API Client in Asp.net MVC
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM