使用OAuthWebSecurity与Facebook强制重新认证 [英] Force re-authentication using OAuthWebSecurity with Facebook
问题描述
,因为它的OAuth提供商我的网站是使用Facebook。用户将能够通过我的网站买东西,所以我想迫使他们即使验证,如果他们已经与Facebook活动会话。
我发现Facebook的API文档,讨论重新验证,但我这个链接不能让它与我的MVC应用程序工作。任何人都知道这是可能的?
VAR额外=新词典<字符串对象>();
extra.Add(AUTH_TYPE,重新认证);OAuthWebSecurity.RegisterFacebookClient(
APPID:**********
appSecret:************
显示名称: ,
extraData:另计);
找到了解决办法。我要创建我自己的客户,而不是使用由 OAuthWebSecurity.RegisterFacebookClient
使用系统;
使用System.Collections.Generic;
使用System.Collections.Specialized;
使用System.Linq的;
使用System.Net;
使用的System.Web;
使用System.Web.Helpers;命名空间Namespace.Helpers
{
公共类MyFacebookClient:DotNetOpenAuth.AspNet.Clients.OAuth2Client
{
私人常量字符串AuthorizationEP =https://www.facebook.com/dialog/oauth;
私人常量字符串TokenEP =https://graph.facebook.com/oauth/access_token;
私人只读字符串_appId;
私人只读字符串_appSecret; 公共MyFacebookClient(字符串APPID,弦乐appSecret)
:基地(脸谱)
{
this._appId = APPID;
this._appSecret = appSecret;
}
保护覆盖乌里GetServiceLoginUrl(URI RETURNURL)
{
返回新的URI(
AuthorizationEP
+?CLIENT_ID =+ this._appId
+&放大器; REDIRECT_URI =+ HttpUtility.UrlEn code(returnUrl.ToString())
+&放大器;范围=电子邮件,user_about_me
+&放大器;显示器=页面
+&放大器; AUTH_TYPE =重新验证
);
} 保护覆盖的IDictionary<字符串,字符串> GetUserData(字符串的accessToken)
{
Web客户端的客户端=新的WebClient();
字符串内容= client.DownloadString(
https://graph.facebook.com/me?access_token=+的accessToken
);
动态数据= Json.De code(内容);
返回新字典<字符串,字符串> {
{
ID,
data.id
},
{
名称,
data.name
},
{
照片,
https://graph.facebook.com/+ data.id +/图片
},
{
电子邮件,
data.email
}
};
} 保护覆盖字符串QueryAccessToken(URI RETURNURL,串授权code)
{
Web客户端的客户端=新的WebClient();
字符串内容= client.DownloadString(
TokenEP
+?CLIENT_ID =+ this._appId
+与& client_secret =+ this._appSecret
+&放大器; REDIRECT_URI =+ HttpUtility.UrlEn code(returnUrl.ToString())
+&放大器; code =+授权code
); NameValueCollection中的NameValueCollection = HttpUtility.ParseQueryString(内容);
如果(NameValueCollection中!= NULL)
{
字符串结果=的NameValueCollection [的access_token];
返回结果;
}
返回null;
}
}
}
,然后在AuthConfig.cs ...
OAuthWebSecurity.RegisterClient(
新MyFacebookClient(
APPID:XXXXXXXXXX
appSecret:xxxxxxxxxxxxxxxx),
脸谱,空
);
My website is using facebook as it's oauth provider. Users will be able to buy things through my site so I want to force them to authenticate even if they already have an active session with facebook.
I found this link in facebook's api documentation that discusses reauthentication but I can't get it to work with my mvc app. Anyone know if this is possible?
var extra = new Dictionary<string, object>();
extra.Add("auth_type", "reauthenticate");
OAuthWebSecurity.RegisterFacebookClient(
appId: "**********",
appSecret: "**********************",
displayName: "",
extraData: extra);
Found the solution. I had to create my own client instead of using the default one provided by OAuthWebSecurity.RegisterFacebookClient
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Linq;
using System.Net;
using System.Web;
using System.Web.Helpers;
namespace Namespace.Helpers
{
public class MyFacebookClient : DotNetOpenAuth.AspNet.Clients.OAuth2Client
{
private const string AuthorizationEP = "https://www.facebook.com/dialog/oauth";
private const string TokenEP = "https://graph.facebook.com/oauth/access_token";
private readonly string _appId;
private readonly string _appSecret;
public MyFacebookClient(string appId, string appSecret)
: base("facebook")
{
this._appId = appId;
this._appSecret = appSecret;
}
protected override Uri GetServiceLoginUrl(Uri returnUrl)
{
return new Uri(
AuthorizationEP
+ "?client_id=" + this._appId
+ "&redirect_uri=" + HttpUtility.UrlEncode(returnUrl.ToString())
+ "&scope=email,user_about_me"
+ "&display=page"
+ "&auth_type=reauthenticate"
);
}
protected override IDictionary<string, string> GetUserData(string accessToken)
{
WebClient client = new WebClient();
string content = client.DownloadString(
"https://graph.facebook.com/me?access_token=" + accessToken
);
dynamic data = Json.Decode(content);
return new Dictionary<string, string> {
{
"id",
data.id
},
{
"name",
data.name
},
{
"photo",
"https://graph.facebook.com/" + data.id + "/picture"
},
{
"email",
data.email
}
};
}
protected override string QueryAccessToken(Uri returnUrl, string authorizationCode)
{
WebClient client = new WebClient();
string content = client.DownloadString(
TokenEP
+ "?client_id=" + this._appId
+ "&client_secret=" + this._appSecret
+ "&redirect_uri=" + HttpUtility.UrlEncode(returnUrl.ToString())
+ "&code=" + authorizationCode
);
NameValueCollection nameValueCollection = HttpUtility.ParseQueryString(content);
if (nameValueCollection != null)
{
string result = nameValueCollection["access_token"];
return result;
}
return null;
}
}
}
and then in AuthConfig.cs...
OAuthWebSecurity.RegisterClient(
new MyFacebookClient(
appId: "xxxxxxxxxx",
appSecret: "xxxxxxxxxxxxxxxx"),
"facebook", null
);
这篇关于使用OAuthWebSecurity与Facebook强制重新认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!