DotNetOpenAuth 4.3 和 Google - OpenID 2.0 + OAuth 1.0 已弃用 [英] DotNetOpenAuth 4.3 and Google - OpenID 2.0 + OAuth 1.0 deprecated
问题描述
如果您想切入正题,问题是:在 asp.net mvc 5 中将 DotNetOpenAuth 与 Google 结合使用的最佳/官方方法是什么?
If you want to cut to the chase, the question is: what is the best/official way to use DotNetOpenAuth with Google in asp.net mvc 5?
大约一年前,我几乎使用了 OAuth(DotNetOpenAuth oAuth 和 OpenID),因为它是为 asp.net MVC 4 开箱即用的(就像在示例项目中一样).从那以后,我成功地将它用于 google、facebook、yahoo 和 microsoft.但是,最近我遇到了间歇性问题用户登录谷歌的问题.我曾尝试升级到 MVC 5 和 DotNetOpenAuth 4.3,但我得到了相同的结果.
About a year ago, I used OAuth (DotNetOpenAuth oAuth and OpenID) pretty much as it came out of the box for asp.net MVC 4 (as it is in the sample project). Since then I used it successfully for google, facebook, yahoo and microsoft. However, recently I have been having intermittent problems with users signing into google. I have tried upgrading to MVC 5 and DotNetOpenAuth 4.3, but I get the same.
当我查看谷歌文档时,我发现了这一点:
When I looked at the google docs I found this:
重要提示:Google 已弃用对 OAuth 1.0 的支持.如果你是使用 OpenID 2.0 + OAuth 1.0,我们建议您切换到 Google+登入.Google+ 登录提供 OAuth 2.0 身份验证具有丰富社交功能和访问额外 Google 的机制桌面和移动功能.它支持所有谷歌用户和透明迁移.详情见谷歌迁移身份验证.
Important: Google has deprecated its support for OAuth 1.0. If you are using OpenID 2.0 + OAuth 1.0, we recommend that you switch to Google+ Sign-In. Google+ Sign-In provides the OAuth 2.0 authentication mechanism with rich social features and access to additional Google desktop and mobile features. It supports all Google users and transparent migration. For details, see the Migration of Google authentication.
我很可能误会了,因为我认为开箱即用的 asp.net mvc 4 DotNetOpenAuth 使用 OpenID 2.0(我使用 minimumRequiredOpenIdVersion="V20")+ OAuth 1.0.我可以在 DotNetOpenAuth 源代码中看到产品"下有一个 OAuth 2.0 库,但我不确定如何使用它.另外,我对 Auth 2.0 有点紧张,因为我读到的内容不是很互补,而且似乎更容易自爆(可能没有根据,但似乎是一个反复出现的主题).
I could very well be mistaken, by I thought that out-of-the-box asp.net mvc 4 DotNetOpenAuth uses OpenID 2.0 (I use minimumRequiredOpenIdVersion="V20") + OAuth 1.0. I can see in the DotNetOpenAuth source that there is an OAuth 2.0 library under 'product', but I am not sure how to use this. Also, I am a bit nervous about Auth 2.0 as what I have read is not very complementary and it seems that it is easier to shoot oneself in the foot (might be unfounded, but it seems to be a recurring theme).
对于 Google+,我发现这些说明非常简单,但那是将近一年前的事了,所以我想知道这是否仍然是最好的方法.我还发现 这个 git 存储库实现了 Google oauth2.不过,我想知道这是否仍然与前一段时间有关.
For Google+ I found these instructions which seem pretty straightforward, but that is almost a year ago, so I am wondering if this is still the best way to go. I also found this git repository implementing Google oauth2. Still, I would like to know whether this is still relevant as it is all from some time ago.
那么,问题是 - 在 asp.net mvc5 中将 DotNetOpenAuth 与 Google 一起使用的最佳/官方方法是什么?希望我没有遗漏任何明显的东西,在这种情况下,只需指向某些链接的指针就可以了.
So, the question is - what is the best/official way to use DotNetOpenAuth with Google in asp.net mvc5? Hopefully I haven't missed anything obvious, in which case just a pointer to some links will be fine.
更新我发现了这个问题和这个问题 是相关的.我想除非另有说明,否则我会使用 git 中的 google auth2.
Update I found this question and this question which are related. I guess that I will go with the google auth2 from git unless I am told otherwise.
分辨率
我做了以下事情:-
- 按照已接受答案提供的链接中的步骤进行操作.它是 此链接.
登录后继续使用 SSL 很重要,不要退回到 HTTP,您的登录 cookie 与您的用户名和密码一样保密……登录后重定向回 HTTP 不会发出当前请求或未来请求更快.
It's important to keep using SSL after login and not drop back to HTTP, your login cookie is just as secret as your username and password…redirecting back to HTTP after you’re logged in won’t make the current request or future requests much faster.
在 Nuget 上获得了最新的 DotNetOpenAuth.GoogleOAuth2.
Got the latest DotNetOpenAuth.GoogleOAuth2 on Nuget.
我查看了来自 此 msdn 博客(由同一作者撰写)关于如何最好地保护站点.基本上,建议添加以下内容以强制所有页面使用 HTTPS:
I looked at the recommendation from this msdn blog (by the same author) about how to best to secure the site. Basically, the recommendation is to add the following which will force all pages to HTTPS:
filters.Add( new System.Web.Mvc.RequireHttpsAttribute() );这最终意味着整个网站都是 HTTPS.自从进行这些更改后,该网站一直运行良好.
Ultimately what this means is that the whole site is HTTPS. Since making those changes, the site has been running fine.
推荐答案
以下是使用 Google 身份验证以及其他一些社交集成的推荐方式:
Here is the recommended way to use Google authentication as well as a few other social integrations:
为了使用oauth2(假设您使用MVC)
In order to use oauth2 (assuming your using MVC)
启用 Google OpenID 提供商打开 App_StartStartup.Auth.cs 文件,去掉//app.UseGoogleAuthentication(); 中的注释字符;启用 Google 身份验证.
Enable the Google OpenID provider Open the App_StartStartup.Auth.cs file and remove the comment characters in //app.UseGoogleAuthentication(); to enable Google authentication.
在使用其他服务登录下,点击谷歌.然后,用户将被重定向到您将在其中输入凭据的 google 站点.
Under Use another service to log in, click Google. The user is then redirected to the google site where you will enter your credentials.
如果您没有这个文件或文件夹app_start",那么您可能在第一次创建解决方案时创建了一个空白"项目,而不是互联网"项目.当您第一次开始时,选择互联网应用程序"要容易得多(如果计划使用外部登录).不确定您使用的是什么编辑器,但 Visual Studio 2012/2013 使这变得非常简单!
If you don't have this file or folder "app_start", then you probably created a 'blank' project, instead of an "internet" project when you first created the solution. It's much easier (if planning on using external logins) to select 'internet application' when you first begin. Not sure what editor your using, but Visual Studio 2012/2013 make this ridiculously easy!
如果您打算使用现在推荐的 OpenID,这是一个很好的起点:https://developers.google.com/accounts/docs/OpenID#settingup
If your going to use OpenID which is now the recommended way, here is a great starting point: https://developers.google.com/accounts/docs/OpenID#settingup
最后,如果您可以通过像 (Visual Studio) 这样的编辑器访问 NUGET,您会发现这些任务,例如添加 oAuth-1/2 或 openId 变得非常容易..
Lastly, if you have access to NUGET through your editor like (Visual studio) , you'll find these tasks, like adding oAuth-1/2 or openId have been made very easy..
这是最后一个链接,如果上述内容不适合您的构建,它可以让您朝着正确的方向前进...提供更多详细信息,我将非常乐意帮助您找到最佳解决方案.我可以说的一件事是 oauth2 仍然非常相关并在今天的许多应用程序中使用,并且您在今天开始一个新项目时实施它不会错 - 这将是正确的方法(或至少是其中之一)正确的方法)...希望其中一些有所帮助,而不仅仅是沿着您已经走下的道路.
Here is a last link that would get you off in the right direction if the above doesn't really fit your build... With a few more details, I would be more than happy to help guide you to the best solution. One thing I can say is that oauth2 IS still very relevant and used in many applications today, and you wouldn't be wrong implementing this while starting a new project today - it would be the right way to go (or at least one of the right ways to go)... Hope some of this helps and isn't just going down a path you have already been down.
希望一切顺利.
这篇关于DotNetOpenAuth 4.3 和 Google - OpenID 2.0 + OAuth 1.0 已弃用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
