如何使用WorldDomination和Nancy管理身份验证? [英] How do I manage my authentication with WorldDomination and Nancy?

问题描述

我正在尝试使用<一个用于Nancy的href ="http://www.nuget.org/packages/Nancy.SimpleAuthentication/"> WorldDomination SimpleAuthentication插件. TL; DR跳到该问题底部加粗的问题.

I'm trying to get social authentication working in an asp.net-hosted Nancy web app using the WorldDomination SimpleAuthentication plugin for Nancy. TL;DRs skip to the question bolded at the bottom of the question.

两者都很不错，但是除了初始身份验证请求(什么都没有)之外，身份验证过程(覆盖面很广)与在请求期间标识已身份验证的用户之间存在很大的文档空白.

Both are pretty nice, but there is a big documentation gap between the authentication process (well covered) and identifying the authenticated user during requests other than the initial authenticate request (nothing).

Nancy通过其他程序包提供基本和表单身份验证，它们提供的钩子非常简单.在实际的身份验证过程中，WorldDomination没有提供太多信息.普通的用户是谁发出请求"的过程似乎显然缺少快乐路径"，而每次用户访问服务器时都会发生该过程.

Nancy provides for basic and forms authentication via additional packages, and the hooks they provide are pretty straight forward. WorldDomination does not provide much information past the actual authentication process. There seems to be a distinct lack of Happy Path for the normal "who is the user making this request" process that has to happen every time a user hits the server.

我已经花了很多时间来弄清楚这部分，但是我的研究并没有使我找到任何明显的解决方案. WD演示应用程序不需要身份验证请求，还不需要请求代码，并且代码库似乎不包含任何与正常请求周期有关的内容.

I've been spending a fair amount of time to figure this part out, but my research hasn't led me to any obvious solutions. The WD demo apps are bereft of request code other than authentication requests, and the codebase doesn't appear to contain anything dealing with the normal request cycle.

我最好的猜测是，我需要与表单身份验证集成，实现Nancy的表单身份验证钩子，并使用从WD获得的内容填充自己的类型.

My best guess is that I need to integrate with forms auth, implementing Nancy's forms auth hooks and using what I get back from WD to populate my own types.

这似乎并不像是最幸福的道路.实际上，这似乎更像是做很多工作让你懒得混蛋".

This doesn't exactly seem like the happiest of happy paths. In fact, it seems to be more of a "do lots of work you lazy bastard" path.

确切地说，将WorldDomination的社交OAuth身份验证提供程序和Nancy集成在一起的推荐快乐途径是什么?我在这里关注的是标准的这个人是谁向我求婚"页面生命周期的一部分

What, exactly, is the recommended happy path for integrating WorldDomination's social OAuth authentication providers and Nancy? I'm concentrating on the standard "who is this person that requests of me" page lifecycle part here.

此幸福路径如何处理用户注销的奖励积分(来自我将为此目的创建的成群的sockpuppet帐户)！

Bonus points (from my hordes of sockpuppet accounts I will create for the purpose) for how this happy path handles users logging out as well!

推荐答案

使用简单身份验证，我们可以简单地通过提供程序来处理提供程序的身份验证.每个提供商的实现方式，命名，承诺都略有不同，因此我们可以将所有内容整合到简单身份验证中，使开发人员更容易在其网站中实现该功能.

With Simple Authentication, we simply handle the authentication with a provider in a simple way. Every provider has slightly different implementations, different naming, different promises, so we can to consolidate all that into Simple Authentication and make it easier for a developer to implement into their website.

这就是为什么存在Nancy.SimpleAuthentication包的原因.因为我们了解Nancy的工作原理，所以我们通过创建用于处理重定向，身份验证回调等的模块，简化了与Nancy的集成.

Thats why the Nancy.SimpleAuthentication package exists. Because we know how Nancy works we have simplified the integration into Nancy by creating the modules for you to handle redirection, authentication callback, etc.

问题是，我们根本不知道您如何通过您的网站对用户进行身份验证.

The problem is, we simply do not know how you authenticate a user against your website.

我们可以自行处理整个表单身份验证场景，实际上我计划在将来进行处理. (必须先实现60％的权利要求)，但这仍然需要您实现IAuthenticationCallbackProvider

We can handle the whole forms auth scenario ourselves, and I actually plan to in the future. (have to implement claims first which I'm 60% way through), but it will still at bare minimum require you to implement the IAuthenticationCallbackProvider

public class Test : IAuthenticationCallbackProvider
{
    public dynamic Process(
        NancyModule nancyModule, 
        AuthenticateCallbackData model)
    {
        //Query for the database user based on the Provider / Id
        //Authenticate the user
        //Call LoginWithoutRedirect, and redirect how you want...
        //  or LoginWithRedirect

        return nancyModule.Negotiate.WithView("AuthenticateCallback")
            .WithModel(model);
    }
}

该类是必需的，以便您根据数据库对用户进行身份验证.

This class is required in order for you to authenticate the user against your database.

我们考虑的事情是用户进行身份验证的时间达到了95％，很可能已经具有某种形式的身份验证.通常是形式验证.

The thing we thought about tho is 95% of the time the user putting in the authentication, most likely already has some form of authentication already. Usually Forms Auth.

因此，假设您已进入SimpleAuthentication，并连接了IAuthenticationCallbackProvider类.您真正需要做的就是实现Forms Auth之类的东西，这差不多是1类，还有一个方法调用.

So assuming you've pulled in SimpleAuthentication, and wired up your IAuthenticationCallbackProvider class. All you really need to do is implement the Forms Auth stuff, which is pretty much 1 class, and a method call.

在提供程序中，您需要调用LoginWithoutRedirect方法，以便Nancy可以创建身份验证cookie.

In the provider you need to call the LoginWithoutRedirect method so that Nancy can create an auth cookie.

然后，您需要设置IUserMapper类，以告诉Nancy如何从数据库中获取用户.如果您使用的是RavenDB，它将类似于:

Then you need to setup the IUserMapper class to tell Nancy how to get the user from the Database. If you're using RavenDB this would look something like:

public class DatabaseUser : IUserMapper
{
    public IDocumentStore DocumentStore { get; set; }
    public DatabaseUser(IDocumentStore documentStore)
    {
        DocumentStore = documentStore;
    }

    public IUserIdentity GetUserFromIdentifier(
        Guid identifier, 
        NancyContext context)
    {
        using (var session = DocumentStore.OpenSession())
        {
            var member = session.Query<Member>()
                .SingleOrDefault(x => x.Identifier == identifier);

            if (member == null)
                return null;

            return new UserIdentity
            {
                UserName = member.DisplayName,
                Claims = new []
                {
                    "NewUser",
                    "CanComment"
                }
            };
        }
    }
}

在引导程序中进行配置，例如:

Configured in the bootstrapper like:

protected override void ConfigureRequestContainer(
    TinyIoCContainer container,
    NancyContext context)
{
    base.ConfigureRequestContainer(container, context);
    container.Register<IUserMapper, DatabaseUser>();
}
protected override void RequestStartup(
    TinyIoCContainer container, 
    IPipelines pipelines, 
    NancyContext context)
{
    base.RequestStartup(container, pipelines, context);

    var formsAuthConfiguration = new FormsAuthenticationConfiguration
    {
        RedirectUrl = "~/login",
        UserMapper = container.Resolve<IUserMapper>(),
    };

    FormsAuthentication.Enable(pipelines, formsAuthConfiguration);
}

就是这样...

我个人认为您不必编写很多代码.南希(Nancy)和简单身份验证(Simple Authentication)都为您完成了大部分工作:)

I personally don't think it's a lot of code that you have to write. Both Nancy and Simple Authentication have done most of the leg work for you :)

我希望将来通过消除对Forms Auth的需求，可以使SimpleAuthentication变得更加容易，但是到目前为止，我认为我们有一个很好的解决方案.

I hope we can make SimpleAuthentication even easier in the future by removing the need for the Forms Auth, but for now I think we have a pretty good solution.

有用的链接:

http://www.philliphaydon.com/2012/12/18/forms-authentication-with-nancyfx/

http://www.philliphaydon.com/2013/01/31/oauth-with-nancyfx-and-world-domination-authentication/

世界统治"的第二个链接，尽管有一些重命名，但大部分都相同.我确实打算做一个更新的博客文章，并在我们完善了Claims之后对Wiki进行修改.

The 2nd link for World Domination, although there's a bit of renaming, it's mostly the same. I do plan to do an updated blog post and revamp the wiki when we have polished off Claims.

希望对您有所帮助.

• 我已记下要创建一个更多的端到端解决方案演示项目.

这篇关于如何使用WorldDomination和Nancy管理身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！