stackoom
  简体   繁体   中英

How should I use OpenID to authenticate to WCF Data Services from a Windows Phone 7 app?

 原文  2010-12-20 22:32:53       asp.net-mvc/ windows-phone-7/ openid/ wcf-data-services

Question

I have a Windows Phone application which is reading and writing data from a WCF Data Services service which is hosted in and ASP.NET MVC 3 application.

I can configure both client and server as necessary. I'd like to use OpenID if practical, and once a user is authenticated on the phone they should be able to browse through data which is associated with their OpenID.

How should I configure client and server to make that work?

2 answers

solution1
 1  2010-12-21 09:45:41

To use OpenID in your app you should look at using an embedded WebBrowser control which connects to the provider site (or your site which can redirect). When the OpenID provider returns to your site (embedded in the browser control) you'd pass necessary identifiers back to the app.

There's an example of doing this with a twitter app (using OAuth) at http://blog.markarteaga.com/OAuthWithSilverlightForWindowsPhone7.aspx

solution2
 0  2010-12-20 23:23:48

OpenID is an awkward choice. It sounds like the user already has data associated with their account, which means that the user would have to login to the server at some point in time to set up this data, and then login to the app with the same credentials to access this data. The issue is that of securely verifying that the client app has indeed authenticated the user in question. Assuming that the client app (somehow) has the user's OpenID is not enough because the server can't implicitly trust what the client app tells it.

Off the top of my head, I'd say, what could be done with OpenID is as follows.

First, set up OpenID authentication on the server. Then, when the client app needs to authenticate, it should use the WebBrowser control to point to a server URL that, in turn, lets the user authenticate with their OpenID provider, and points the browser back to the server with the authentication info. At this point, the client app is unaware of the user's authentication status, but the server knows who they are. Now, the server can generate a single-use auth key for the client to use. It can redirect to a special URL with that key in it, at which point the client detects said URL, extracts the key, hides the WebBrowser control, and uses that key to talk to the server. I believe that would be a secure way to do such authentication, but like I said, this is just off the top of my head.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I use OWIN to authenticate with OpenID Connect directly with a token Use POSTMAN to authenticate to OPENID server How should I handle user identity for a Window Phone / WCF / ASP.NET MVC application? WCF services, loading data from database How can I use Windows Authentication for Users on a ASP.NET MVC site and impersonate the user using the AppPool user on back-end WCF services? Why should I use WCF with MVC? What should I use for a WCF modular design? How to save an entity with a collection of related entities using WCF data services WCF Data Services + Azure error Allow access to windows service hosted WCF services only to one ASP MVC app in Azure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM