带有 WIF 的 Asp.Net 4.5 上的自定义身份验证 [英] Custom Authentication on Asp.Net 4.5 with WIF

问题描述

我使用声明为 Azure ACS 和 .net 4.5 设置了一个应用程序.我的应用程序也使用 dropbox.我想知道是否可以让用户单独使用 Dropbox 来识别他们自己.

I have an application set up with Azure ACS and .net 4.5 using claims. My application uses dropbox also. I was wondering if i could let users identify them self with dropbox alone.

当用户使用 dropbox 和唯一 ID 登录时，我会从 dropbox 获得令牌.我在 .net 管道中的哪个位置告诉它我已经对用户进行了身份验证，这样的主体也在下一个请求中设置.

I get a token from dropbox when the user logs in with dropbox and a unique id. Where in the .net pipe do i tell it that i have authenticated a user, such the principals are set on the next request also.

为了使示例简单，假设我有一个包含两个输入的表单.名字，通过.如果名称是 1234 并且传递是 1234.那么我想告诉 asp.net 管道用户已通过身份验证.这可能吗?或者我是否需要创建自定义令牌处理程序以将其集成到 WIF 中?

To make the example simple, lets say i have a form with two inputs. name,pass. If the name is 1234 and pass is 1234. then i would like to tell the asp.net pipeline that the user is authenticated. Is this possible? or do i need to create custom token handlers an such to integrate it into WIF?

更新

我发现了这个:我想对解决方案发表评论，如果有安全问题我应该注意.

I found this: I would like comments on the solution, if there are security concerns i should be aware off.

        var sam = FederatedAuthentication.SessionAuthenticationModule;
        if (sam != null)
        {
            var cp = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> {new Claim("Provider","Dropbox")}, "OAuth"));
            var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
            if (transformer != null)
            {
                cp = transformer.Authenticate(String.Empty, cp);
            }
            var token = new SessionSecurityToken(cp);
            sam.WriteSessionTokenToCookie(token);
        }

所有代码:

public HttpResponseMessage get_reply_from_dropbox(string reply_from)
{
    var response = this.Request.CreateResponse(HttpStatusCode.Redirect);
    var q = this.Request.GetQueryNameValuePairs();
    var uid = q.FirstOrDefault(k => k.Key == "uid");
    if (!string.IsNullOrEmpty(uid.Value))
    {
        var sam = FederatedAuthentication.SessionAuthenticationModule;
        if (sam != null)
        {
            var cp = new ClaimsPrincipal(new ClaimsIdentity(new List<Claim> {new Claim("Provider","Dropbox")}, "OAuth"));
            var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
            if (transformer != null)
            {
                cp = transformer.Authenticate(String.Empty, cp);
            }
            var token = new SessionSecurityToken(cp);
            sam.WriteSessionTokenToCookie(token);
        }
    }

    response.Headers.Location = new Uri(reply_from);
    return response;
}
public async Task<string> get_request_token_url(string reply_to)
{

    var client = new HttpClient();
    client.DefaultRequestHeaders.Authorization =
        new AuthenticationHeaderValue("OAuth", 
            string.Format("oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="{0}", oauth_signature="{1}&"",
            "<dropboxkey>","<dropboxsecret>"));
    var data = await client.GetStringAsync("https://api.dropbox.com/1/oauth/request_token");

    var pars = data.Split('&').ToDictionary(k=>k.Substring(0,k.IndexOf('=')),v=>v.Substring(v.IndexOf('=')+1));

    return "https://www.dropbox.com/1/oauth/authorize?oauth_token=" + pars["oauth_token"]
        + "&oauth_callback=<MYSITE>/api/dropbox/get_reply_from_dropbox?reply_from=" + reply_to;


}

它由用户请求身份验证 url 工作，当用户对我的应用程序进行身份验证时，它返回 get_reply_from_dropbox 并登录用户.

It works by the user request the authentication url, when the user authenticates my app it returns to get_reply_from_dropbox and logs in the user.

因为我还需要处理一些其他的事情，比如如果请求不是来自 Dropbox 会怎样.

I offcause needs to handle some other stuff also, like what if the request do not come from dropbox.

推荐答案

我使用 WIF 3.5(不完全相同)为我的网站做了这个，但它确实使用了 ACS+forms auth+OAuth，基本上它使用了 form auth(您可以完全控制)或使用 ACS/OAuth 并将帐户链接在一起或仅使用 ACS/OAuth 本身.

I did this for my site using WIF 3.5 (not exactly the same) but it did use ACS+forms auth+OAuth all together, basically it uses form auth (which you can control completely) or use ACS/OAuth and link the accounts together or just use ACS/OAuth by itself.

不过，您将不得不以不同的方式处理注销.

You will have to handle logging off differently though.

http://garvincasimir.wordpress.com/2012/04/05/tutorial-mvc-application-using-azure-acs-and-forms-authentication-part-1/

DropBox 使用 OAuth，所以我会走这条路线，然后如果您想链接帐户"，请为链接到 DropBox Oauth 帐户的表单身份验证创建用户/密码.用户不必知道正在使用什么身份验证约定.ASP.NET MVC 4 在默认项目中内置了 OAuth/表单身份验证.

DropBox uses OAuth, so I would go that route and then if you want to "link the accounts" create a user/password for forms auth linked to the DropBox Oauth account. The user doesn't necessarily have to know what auth conventions are being used. ASP.NET MVC 4 has the OAuth/forms auth built in the default project.

这篇关于带有 WIF 的 Asp.Net 4.5 上的自定义身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！