OAuth的ASP.NET成员资格提供 [英] oAuth ASP.NET Membership Provider
问题描述
是否有实施采用OAuth自定义成员资格提供任何推荐的资源呢?这样做的目的是让用户登录到使用其现有的OAuth认证,我的ASP.NET MVC应用程序。用户通过验证后,我再喜欢利用内置ASP.NET授权功能。
Are there any recommended resources for implementing a custom membership provider that uses oAuth? The goal would be to have users to log into my ASP.NET MVC application using their existing oAuth credentials. After the user is authenticated, I'd then like to leverage the built-in ASP.NET authorization features.
感谢。
推荐答案
我不知道你在找什么是OAuth的。
I'm not sure what you're looking for is OAuth.
OAuth是委派授权,通过使用令牌。根据你在做什么,你有两种情况之一:
OAuth is for delegating authorization, through the use of tokens. Depending on what you're doing you have two scenarios either:
- 您的应用程序要使用某些用户数据,通过提供商托管(比如Twitter或谷歌)。在这种情况下,您的应用程序将是一个消费者 - 总之,用户需要登录并同意授权您的应用程序可以访问他们的数据的供应商,你会被给予它可以用来访问令牌来访问这些受保护的资源。
- 或者,你有一个应用程序,与谁拥有登录插件等用户要提供(即你的提供商)接入用户到第三方应用程序(消费者)的一些限制信息,而不暴露你的用户凭据的服务。
有关OAuth的详细信息 - 请查看 OAuth.Net网站。目前的OAuth 3实现可用于.NET。
For more info on OAuth - check out the OAuth.Net website. There are currently 3 implementations of OAuth available for .Net.
- DevDefined.OAuth
- Madgex OAuth.Net
- DotNetOpenAuth
由于OAuth的工作方式,我真的不能想象你怎么能有一个OAuth的成员资格提供程序 - 它真的打算为确保API的,往往我们的目标是在更精细的水平,即给人以授权委托消费者应用程序访问只是用户的地址簿数据,而不让他们访问电子邮件存档,日历等 - 不与一个会员/角色的安全模型合身
Because of the way OAuth works, I can't really imagine how you could have an "OAuth" membership provider - It's really intended for securing API's, and often the goal is to delegate authorization at a more granular level i.e. giving a consumer application access to just a users address book data, without letting them access email archives, their calendar etc. - which doesn't fit well with a membership / role based security model.
我猜你真正要找的是的OpenID,即你本身#1验证自己的方式。我建议这里,可能阅读
I'm guessing what you're really looking for is OpenId i.e. the way you authenticate yourself with Stackoverflow itself. I would suggest reading the Stackoverflow OpenId case study here and probably the best OpenId implementation for .Net is currently part of DotNetOpenAuth project (this was formally called DotNetOpenId, the google code site for the project is here).
这篇关于OAuth的ASP.NET成员资格提供的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
