DotNetOpenAuth 4.3和谷歌 - 的OpenID 2.0 + 1.0的OAuth德precated [英] DotNetOpenAuth 4.3 and Google - OpenID 2.0 + OAuth 1.0 deprecated
问题描述
如果您想切入正题,问题是:什么是在asp.net的MVC 5
If you want to cut to the chase, the question is: what is the best/official way to use DotNetOpenAuth with Google in asp.net mvc 5?
大约一年前,我用的OAuth(DotNetOpenAuth的OAuth和OpenID)pretty多,因为它出来的箱子asp.net MVC 4(因为它是在示例项目)。从那时起,我用它成功地为谷歌,Facebook,雅虎和微软。不过,最近我一直有间歇性问题与用户登录到谷歌的。我曾尝试升级到MVC 5 DotNetOpenAuth 4.3,但我得到了相同的。
About a year ago, I used OAuth (DotNetOpenAuth oAuth and OpenID) pretty much as it came out of the box for asp.net MVC 4 (as it is in the sample project). Since then I used it successfully for google, facebook, yahoo and microsoft. However, recently I have been having intermittent problems with users signing into google. I have tried upgrading to MVC 5 and DotNetOpenAuth 4.3, but I get the same.
当我看着谷歌文档,我发现这一点:
When I looked at the google docs I found this:
重要提示:谷歌有去precated为1.0的OAuth的支持。如果你是
使用OpenID 2.0 + 1.0的OAuth,我们建议您切换到Google+
签到。 Google+登录提供了OAuth 2.0验证
机制具有丰富的社交功能,并获得更多的谷歌
台式机和移动功能。它支持所有谷歌用户和
透明的迁移。有关详细信息,请参阅谷歌的迁移
验证。
Important: Google has deprecated its support for OAuth 1.0. If you are using OpenID 2.0 + OAuth 1.0, we recommend that you switch to Google+ Sign-In. Google+ Sign-In provides the OAuth 2.0 authentication mechanism with rich social features and access to additional Google desktop and mobile features. It supports all Google users and transparent migration. For details, see the Migration of Google authentication.
我很可能是错误的,通过我认为外的开箱asp.net的MVC 4 DotNetOpenAuth使用OpenID 2.0(我用minimumRequiredOpenIdVersion =V20)+ 1.0的OAuth。我可以在DotNetOpenAuth源没有依照产品的一个OAuth 2.0库看到,但我不知道如何使用它。另外,我有点紧张验证2.0作为我看了是不是很大的互补性,似乎更容易拍摄自己的脚(可能是毫无根据的,但它似乎是一个反复出现的主题)。
I could very well be mistaken, by I thought that out-of-the-box asp.net mvc 4 DotNetOpenAuth uses OpenID 2.0 (I use minimumRequiredOpenIdVersion="V20") + OAuth 1.0. I can see in the DotNetOpenAuth source that there is an OAuth 2.0 library under 'product', but I am not sure how to use this. Also, I am a bit nervous about Auth 2.0 as what I have read is not very complementary and it seems that it is easier to shoot oneself in the foot (might be unfounded, but it seems to be a recurring theme).
有关Google+的,我发现这些说明这似乎pretty简单,但是这几乎是一年前,所以我想如果这仍然是最好的一段路要走。我还发现这个Git仓库实现谷歌的oauth2。不过,我想知道这是否仍然具有现实意义,因为它是全部来自前一段时间。
For Google+ I found these instructions which seem pretty straightforward, but that is almost a year ago, so I am wondering if this is still the best way to go. I also found this git repository implementing Google oauth2. Still, I would like to know whether this is still relevant as it is all from some time ago.
所以,问题是 - 什么是asp.net mvc5使用DotNetOpenAuth与谷歌最好的/官方的方式?希望我没有错过任何明显,在这种情况下只是一个指向某个链接就可以了。
So, the question is - what is the best/official way to use DotNetOpenAuth with Google in asp.net mvc5? Hopefully I haven't missed anything obvious, in which case just a pointer to some links will be fine.
更新
我发现这个问题这的问题这是相关的。我想我会从混帐谷歌的auth2去,除非我另有告知。
Update I found this question and this question which are related. I guess that I will go with the google auth2 from git unless I am told otherwise.
分辨率
我做了以下内容: -
I did the following: -
- 随后由接受的答案提供的链接中的步骤。这是<一个href=\"http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on\">this链接。
- Followed the steps in the link provided by the accepted answer. It is this link.
使用登录后SSL来保护,而不是回落到HTTP是很重要的,你的登录cookie是一样的保密您的用户名和密码......你在登录后不会使当前的请求或将来重新导向到HTTP请求要快得多。
It's important to keep using SSL after login and not drop back to HTTP, your login cookie is just as secret as your username and password…redirecting back to HTTP after you’re logged in won’t make the current request or future requests much faster.
-
得到了最新DotNetOpenAuth.GoogleOAuth2上的NuGet。
Got the latest DotNetOpenAuth.GoogleOAuth2 on Nuget.
我看着从<一个推荐href=\"http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx\">this MSDN博客(作者是同一个人)关于如何最好地保护现场。基本上,该建议是添加这将迫使所有网页HTTPS以下内容:
I looked at the recommendation from this msdn blog (by the same author) about how to best to secure the site. Basically, the recommendation is to add the following which will force all pages to HTTPS:
filters.Add(新System.Web.Mvc.RequireHttpsAttribute());最后这句话的意思是,整个网站是HTTPS。由于进行这些更改,该网站已经运行良好。
Ultimately what this means is that the whole site is HTTPS. Since making those changes, the site has been running fine.
推荐答案
下面是使用谷歌认证以及其他一些社会整合的推荐方式:
Here is the recommended way to use Google authentication as well as a few other social integrations:
<一个href=\"http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on\" rel=\"nofollow\">http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
为了使用的oauth2(假设你使用MVC)
In order to use oauth2 (assuming your using MVC)
-
启用谷歌的OpenID提供商
打开App_Start \\ Startup.Auth.cs文件,并删除//app.UseGoogleAuthentication注释字符();启用谷歌认证。
Enable the Google OpenID provider Open the App_Start\Startup.Auth.cs file and remove the comment characters in //app.UseGoogleAuthentication(); to enable Google authentication.
在使用其他服务来登录,点击谷歌。然后,用户会被重定向到谷歌网站,您将进入您的凭据。
Under Use another service to log in, click Google. The user is then redirected to the google site where you will enter your credentials.
如果你没有这个文件或文件夹app_start,那么你可能创造了一个空白的项目,而不是一个互联网的项目,当你第一次创建解决方案。这是很容易(如果计划使用外部登录),选择互联网应用当你第一次开始。不知道你的编辑器使用,但Visual Studio的2012/2013让这款可笑容易!
If you don't have this file or folder "app_start", then you probably created a 'blank' project, instead of an "internet" project when you first created the solution. It's much easier (if planning on using external logins) to select 'internet application' when you first begin. Not sure what editor your using, but Visual Studio 2012/2013 make this ridiculously easy!
如果您要使用的OpenID这是目前推荐的方式,这里是一个很好的起点:的 https://developers.google.com/accounts/docs/OpenID#settingup
If your going to use OpenID which is now the recommended way, here is a great starting point: https://developers.google.com/accounts/docs/OpenID#settingup
最后,如果你必须通过你喜欢的编辑器(Visual Studio中)获得的NuGet,你会发现这些任务,如添加的OAuth-1/2或OpenID的已经变得非常容易。
Lastly, if you have access to NUGET through your editor like (Visual studio) , you'll find these tasks, like adding oAuth-1/2 or openId have been made very easy..
下面是最后一个环节,将让你离开了正确的方向,如果上面没有真正适合你的构建...随着一些细节,我会很乐意帮助您找到最好的解决办法。有一件事我可以说的是,的oauth2仍然是非常相关的,今天在许多应用中使用,你就不会出错,实施这个而从今天开始一个新的项目 - 这将是去(或者的至少一个正确的方式正确的方式去)...希望一些这有助于,不只是要下来,你已经被击倒的路径。
Here is a last link that would get you off in the right direction if the above doesn't really fit your build... With a few more details, I would be more than happy to help guide you to the best solution. One thing I can say is that oauth2 IS still very relevant and used in many applications today, and you wouldn't be wrong implementing this while starting a new project today - it would be the right way to go (or at least one of the right ways to go)... Hope some of this helps and isn't just going down a path you have already been down.
希望一切都很好。
这篇关于DotNetOpenAuth 4.3和谷歌 - 的OpenID 2.0 + 1.0的OAuth德precated的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
-
