我知道有关于这个问题的其他问答,但它们已经过时了,而且我无法在任何地方找到可靠的答案。
Stack Overflow到底使用什么来验证用户身份?网站DotNetOpenAuth声称它是用来验证用户身份的。但对我来说,最(外观)相似的是OAuth C# Library。
那么它真正使用的是什么?或者,我该如何模仿同样的用户界面?
我想使用ASP.NET MVC创建完全相同的OpenID认证。
我知道有关于这个问题的其他问答,但它们已经过时了,而且我无法在任何地方找到可靠的答案。
Stack Overflow到底使用什么来验证用户身份?网站DotNetOpenAuth声称它是用来验证用户身份的。但对我来说,最(外观)相似的是OAuth C# Library。
那么它真正使用的是什么?或者,我该如何模仿同样的用户界面?
我想使用ASP.NET MVC创建完全相同的OpenID认证。
DotNetOpenAuth
进行OpenID认证,而且花费的时间相对较短(需要注意的是,我对ASP.NET、MVC、DotNetOpenAuth等完全不熟悉)。
DotNetOpenAuth
附带各种示例,甚至还有一个ASP.NET MVC示例,但该示例只提供了视图和控制器,实际上没有模型,而模型是MVC中的M : )。因此,我在SO上提出了以下问题:
简单登录的MVC模式中各组件的职责是什么
那么,在MVC中,一个非常简单的OpenID登录应该是什么样子呢?好的,让我们来看看...
1. 您将需要一个模型:
public class User
{
[DisplayName("User ID")]
public int UserID{ get; set; }
[Required]
[DisplayName("OpenID")]
public string OpenID { get; set; }
}
public class FormsAuthenticationService : IFormsAuthenticationService
{
public void SignIn(string openID, bool createPersistentCookie)
{
if (String.IsNullOrEmpty(openID)) throw new ArgumentException("OpenID cannot be null or empty.", "OpenID");
FormsAuthentication.SetAuthCookie(openID, createPersistentCookie);
}
public void SignOut()
{
FormsAuthentication.SignOut();
}
}
2. 您需要一个控制器:
[HandleError]
public class UserController : Controller
{
private static OpenIdRelyingParty openid = new OpenIdRelyingParty();
public IFormsAuthenticationService FormsService { get; set; }
protected override void Initialize(RequestContext requestContext)
{
if (FormsService == null)
{
FormsService = new FormsAuthenticationService();
}
base.Initialize(requestContext);
}
// **************************************
// URL: /User/LogIn
// **************************************
public ActionResult LogIn()
{
if (User.Identity.IsAuthenticated)
{
return RedirectToAction("Profile", "User");
}
Identifier openID;
if (Identifier.TryParse(Request.QueryString["dnoa.userSuppliedIdentifier"], out openID))
{
return LogIn(new User { OpenID = openID }, Request.QueryString["ReturnUrl"]);
}
else
{
return View();
}
}
[HttpPost]
public ActionResult LogIn(User model, string returnUrl)
{
string openID = ModelState.IsValid?model.OpenID:Request.Form["openid_identifier"];
if (User.Identity.IsAuthenticated)
{
return RedirectToAction("Profile", "User");
}
else if (!string.IsNullOrEmpty(openID))
{
return Authenticate(openID, returnUrl);
}
else if(ModelState.IsValid)
{
ModelState.AddModelError("error", "The OpenID field is required.");
}
// If we got this far, something failed, redisplay form
return View(model);
}
// **************************************
// URL: /User/LogOut
// **************************************
public ActionResult LogOut()
{
if (User.Identity.IsAuthenticated)
{
FormsService.SignOut();
}
return RedirectToAction("Index", "Home");
}
// **************************************
// URL: /User/Profile
// **************************************
[Authorize]
public ActionResult Profile(User model)
{
if (User.Identity.IsAuthenticated)
{
// ------- YOU CAN SKIP THIS SECTION ----------------
model = /*some code to get the user from the repository*/;
// If the user wasn't located in the database
// then add the user to our database of users
if (model == null)
{
model = RegisterNewUser(User.Identity.Name);
}
// --------------------------------------------------
return View(model);
}
else
{
return RedirectToAction("LogIn");
}
}
private User RegisterNewUser(string openID)
{
User user = new User{OpenID = openID};
// Create a new user model
// Submit the user to the database repository
// Update the user model in order to get the UserID,
// which is automatically generated from the DB.
// (you can use LINQ-to-SQL to map your model to the DB)
return user;
}
[ValidateInput(false)]
private ActionResult Authenticate(string openID, string returnUrl)
{
var response = openid.GetResponse();
if (response == null)
{
// Stage 2: user submitting Identifier
Identifier id;
if (Identifier.TryParse(openID, out id))
{
try
{
return openid.CreateRequest(openID).RedirectingResponse.AsActionResult();
}
catch (ProtocolException ex)
{
ModelState.AddModelError("error", "Invalid OpenID.");
ModelState.AddModelError("error", ex.Message);
return View("LogIn");
}
}
else
{
ModelState.AddModelError("error", "Invalid OpenID.");
return View("LogIn");
}
}
else
{
// Stage 3: OpenID Provider sending assertion response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay;
FormsAuthentication.SetAuthCookie(response.FriendlyIdentifierForDisplay, true);
if (!string.IsNullOrEmpty(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Profile", "User");
}
case AuthenticationStatus.Canceled:
ModelState.AddModelError("error", "Authentication canceled at provider.");
return View("LogIn");
case AuthenticationStatus.Failed:
ModelState.AddModelError("error", "Authentication failed: " + response.Exception.Message);
return View("LogIn");
}
}
return new EmptyResult();
}
}
3. 您需要一个视图:
<%@ Page Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<YourProject.Models.User>" %>
<asp:Content ID="loginTitle" ContentPlaceHolderID="TitleContent" runat="server">
Log in - YourWebSiteName
</asp:Content>
<asp:Content ID="loginContent" ContentPlaceHolderID="MainContent" runat="server">
<p>
<%--- If you have a domain, then you should sign up for an affiliate id with MyOpenID or something like that ---%>
Please log in with your OpenID or <a href="https://www.myopenid.com/signup?affiliate_id=????">create an
OpenID with myOpenID</a> if you don't have one.
</p>
<%
string returnURL = HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"]);
if (returnURL == null)
{
returnURL = string.Empty;
}
using (Html.BeginForm("LogIn", "User", returnURL))
{%>
<%= Html.LabelFor(m => m.OpenID)%>:
<%= Html.TextBoxFor(m => m.OpenID)%>
<input type="submit" value="Log in" />
<%
} %>
<%--- Display Errors ---%>
<%= Html.ValidationSummary()%>
</asp:Content>
Profile
视图,但这应该很容易弄清楚。