与FB连接/谷歌的OAuth在.NET登录 [英] Login with FB Connect / Google OAuth in .NET

问题描述

我希望让我的用户使用我的登录系统，或者FB连接或谷歌登录登录到我的网站。我不想用大库（比如dotnetOpenAuth）的只有那些2个选项 - ？所以，我应该怎么做到这一点。

I'd like to allow my users to login to my website using my login system, or FB Connect or Google Login. I wouldn't want to use big libraries (like dotnetOpenAuth) for only those 2 options - So how should I accomplish this?

其他的问题 - 我应该怎么绑定FB /谷歌用户在我内心的用户系统？我想，以便能够使用他们两个人（我可以例如使用登录FB，然后与谷歌登录，并且仍然被绑定到同一个用户）登录。

Additional question - how should I bind the FB/Google user to my inner user system? I'd like to allow to login using both of them (I could for example login using FB and then login with Google, and still be bound to the same user).

我使用ASP.NET MVC 2

I'm using ASP.NET MVC 2

谢谢！

推荐答案

如果你不喜欢用大的库如 DotnetOpenAuth 你将不得不手动执行的OpenID协议。 这里有则需要符合规格。

If you don't like to use big libraries like DotnetOpenAuth you will have to manually implement the OpenID protocol. Here are the specifications you will need to conform to.

这虽这么说，我会使用现有的库推荐你。 DotnetOpenAuth 是.NET的参考库。

This being said, I would recommend you using an existing library. DotnetOpenAuth is the reference library for .NET.

还有一个小备注：OpenID和OAuth的是不同的标准，旨在实现不同的东西：的OpenID 是同时的OAuth 是授权。

Also a small remark: OpenId and OAuth are different standards and are designed to achieve different things: OpenId is for authentication while OAuth is for authorization.

至于确定哪些可以登录不同的OpenID提供商而言，你将需要一些东西来识别它​​们相同的用户。例如与DotnetOpenAuth创建一个认证请求OpenID提供商，你可能需要的全名和电子邮件时：

As far as identifying the same user which could log from different OpenID providers is concerned you will need something to identify them. For example with DotnetOpenAuth when creating an authentication request to the OpenID provider you could require the FullName and the Email:

using (var openid = new OpenIdRelyingParty())
{
    var request = openid.CreateRequest(Identifier.Parse(openid_identifier));

    request.AddExtension(new ClaimsRequest
    {
        BirthDate = DemandLevel.NoRequest,
        Email = DemandLevel.Require,
        FullName = DemandLevel.Require
    });
}

和使用该信息的内部数据库内识别用户。

and use this information to identify the user within your internal database.

所以这里的想法：

1. 您创建一个内部数据库表，该表将包含您的网站的用户。在开始的时候这个表是空的。


2. 的用户来到你的网站，并希望使用它。他还没被认证，所以你问他的凭据。你为他选择自己的OpenID提供商和prepare认证请求，并重定向他到自己的供应商进行认证的能力。


3. 用户用他的供应商进行认证，并重新回到您的网站。在这一刻，你知道他所声称的身份和你的用户添加到您的用户表。现在，用户可以随时回来到您的网站并登录。


4. 您可以提供您的身份验证的用户添加其他OpenID提供商（就像计算器一样）的可能性。最重要的想法是，用户需要在为了做到这一点已经被验证您的网站。这样他就可以进入他的替代OpenID提供商和重定向到该供应商的认证。一旦他验证他重新回到您的网站，因为他已经验证到你的网站，你可以添加到用户表替代他的OpenID提供商。


5. 控制器动作，将处理来自OpenID提供商的重定向应检查用户是否已经验证到您的网站，如果不使用验证他的 FormsAuthentication.GetAuthCookie 和传球声称的身份。如果声称的身份并没有在内部用户表中，你需要添加它。如果用户已经通过身份验证到您的网站这意味着他将是一个替代OpenID提供商到他的个人资料，所以你会更新你的用户表和新的供应商添加到它。

1. You create an internal database table which will contain your site users. At the beginning this table is empty.
2. A user comes to your site and wishes to use it. He is not yet authenticated so you ask him for his credentials. You provide him the ability to choose his OpenId provider and prepare an authentication request and redirect him to his provider for authentication.
3. The user authenticates with his provider and is redirected back to your site. At this moment you know his claimed identity and you add the user to your users table. Now the user can always come back to your site and login.
4. You could provide the possibility to your authenticated users to add another OpenId provider (just like StackOverflow does). The important idea is that the user needs to already be authenticated to your site in order to do this. So he could enter his alternative OpenId provider and get redirected to this provider for authentication. Once he authenticates he is redirected back to your site and because he was already authenticated to your site you could add to the users table his alternative OpenId provider.
5. The controller action which will handle the redirect from the OpenId provider should check whether the user is already authenticated to your site and if not authenticate him using FormsAuthentication.GetAuthCookie and passing the claimed identity. If the claimed identity doesn't exist in your internal users table you need to add it. If the user is already authenticated to your site it means that he is adding an alternative OpenId provider to his profile, so you would update your users table and add the new provider to it.

这篇关于与FB连接/谷歌的OAuth在.NET登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！