在Asp.Net 4.5自定义身份验证与WIF [英] Custom Authentication on Asp.Net 4.5 with WIF
问题描述
我已经设置了Azure的ACS和.NET 4.5使用要求的应用程序。我的应用程序使用的Dropbox也。我在想,如果我可以让用户识别它们单独使用Dropbox的自我。
I have an application set up with Azure ACS and .net 4.5 using claims. My application uses dropbox also. I was wondering if i could let users identify them self with dropbox alone.
我从Dropbox的得到令牌时与Dropbox和一个唯一的ID进行登录。凡在.NET管做我告诉你,我已经验证的用户,这样的校长都对下一个请求还设置。
I get a token from dropbox when the user logs in with dropbox and a unique id. Where in the .net pipe do i tell it that i have authenticated a user, such the principals are set on the next request also.
为使示例简单,让说我有两个输入的形式。命名,通过。如果名字是1234和传球为1234,然后我想告诉asp.net管道用户进行身份验证。这可能吗?或者我需要创建自定义标记处理程序的这种整合入WIF?
To make the example simple, lets say i have a form with two inputs. name,pass. If the name is 1234 and pass is 1234. then i would like to tell the asp.net pipeline that the user is authenticated. Is this possible? or do i need to create custom token handlers an such to integrate it into WIF?
更新
我发现这一点:我想该解决方案的意见,如果有安全问题,我应该知道了。
I found this: I would like comments on the solution, if there are security concerns i should be aware off.
var sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam != null)
{
var cp = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> {new Claim("Provider","Dropbox")}, "OAuth"));
var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
if (transformer != null)
{
cp = transformer.Authenticate(String.Empty, cp);
}
var token = new SessionSecurityToken(cp);
sam.WriteSessionTokenToCookie(token);
}
所有代码:
All code:
public HttpResponseMessage get_reply_from_dropbox(string reply_from)
{
var response = this.Request.CreateResponse(HttpStatusCode.Redirect);
var q = this.Request.GetQueryNameValuePairs();
var uid = q.FirstOrDefault(k => k.Key == "uid");
if (!string.IsNullOrEmpty(uid.Value))
{
var sam = FederatedAuthentication.SessionAuthenticationModule;
if (sam != null)
{
var cp = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> {new Claim("Provider","Dropbox")}, "OAuth"));
var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
if (transformer != null)
{
cp = transformer.Authenticate(String.Empty, cp);
}
var token = new SessionSecurityToken(cp);
sam.WriteSessionTokenToCookie(token);
}
}
response.Headers.Location = new Uri(reply_from);
return response;
}
public async Task<string> get_request_token_url(string reply_to)
{
var client = new HttpClient();
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("OAuth",
string.Format("oauth_version=\"1.0\", oauth_signature_method=\"PLAINTEXT\", oauth_consumer_key=\"{0}\", oauth_signature=\"{1}&\"",
"<dropboxkey>","<dropboxsecret>"));
var data = await client.GetStringAsync("https://api.dropbox.com/1/oauth/request_token");
var pars = data.Split('&').ToDictionary(k=>k.Substring(0,k.IndexOf('=')),v=>v.Substring(v.IndexOf('=')+1));
return "https://www.dropbox.com/1/oauth/authorize?oauth_token=" + pars["oauth_token"]
+ "&oauth_callback=<MYSITE>/api/dropbox/get_reply_from_dropbox?reply_from=" + reply_to;
}
它的工作原理是用户要求的认证网址,当用户进行身份验证我的应用程序返回到get_reply_from_dropbox和日志的用户。
It works by the user request the authentication url, when the user authenticates my app it returns to get_reply_from_dropbox and logs in the user.
我offcause需要处理一些其他的东西也一样,如果要求不是来自Dropbox的东西。
I offcause needs to handle some other stuff also, like what if the request do not come from dropbox.
推荐答案
我这样做是使用WIF 3.5(不完全一样),我的网站,但它没有使用ACS +窗体身份验证+ OAuth的都在一起,基本上它采用的形式AUTH(你可以完全控制),或使用ACS /的OAuth和帐户连接在一起,或只是单独使用ACS / OAuth的。
I did this for my site using WIF 3.5 (not exactly the same) but it did use ACS+forms auth+OAuth all together, basically it uses form auth (which you can control completely) or use ACS/OAuth and link the accounts together or just use ACS/OAuth by itself.
您将不得不处理注销,虽然是不同的。
You will have to handle logging off differently though.
DropBox的使用OAuth,所以我会走这条路,然后,如果你想关联帐户创建链接到DropBox的窗体身份验证用户/密码OAuth的帐户。用户不必知道正在使用什么身份验证规则。 ASP.NET MVC 4内建在默认项目中的OAuth /窗体身份验证。
DropBox uses OAuth, so I would go that route and then if you want to "link the accounts" create a user/password for forms auth linked to the DropBox Oauth account. The user doesn't necessarily have to know what auth conventions are being used. ASP.NET MVC 4 has the OAuth/forms auth built in the default project.
这篇关于在Asp.Net 4.5自定义身份验证与WIF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!