自动登录用户网站时，用户到FB或谷歌被记录 - DotNetOpenAuth [英] Auto Login user to website when user is logged in to FB or google - DotNetOpenAuth

问题描述

我使用DotNetOpenAuth登录使用FB和谷歌用户。

I am using DotNetOpenAuth to log in users with FB and Google.

当用户访问该网站，有没有一种方法来检测他/她已经登录到FB或谷歌并自动登录呢？

When a user visits the website, is there a way to detect that he/she has already logged in to FB or Google and log them automatically?

感谢您

推荐答案

是的，如果你的用户的已的明确登录到使用前谷歌或Facebook的网站。出于保护隐私的原因，既不是供应商将让你含蓄登录他们的用户在无需每个用户明确地登录到您的网站至少一次（并单击记住我在其登录​​页面，而这样做）。

Yes, if your user has already explicitly logged into your web site using Google or Facebook before. For privacy reasons neither provider will allow you to implicitly log their users in without each user explicitly signing into your web site at least once (and clicking "remember me" at their login page while doing so).

一旦用户已批准，就变成可能的，但仍然不是很简单。该方法涉及您的网页上创建一个隐藏的iframe（也许是第一个创建的用户会话时，你的iframe添加到任何网页用户正在查看，或者只是你的流行着陆页）。此的iframe指向您的网站，什么也不做，但发起无用户交互登录流程的URL。对于谷歌来说，这意味着你的服务器会与谷歌OP标识符 OpenIdRelyingParty.CreateRequest 电话，并设置 IAuthenticationRequest.Mode = AuthenticationRequestMode.Immediate 返回的对象上调用之前 IAuthenticationRequest.RedirectToProvider 。在立即位告诉提供商没有预料到与用户交互（因为你的iframe是不可见的），并要么放弃立即响应或不响应。然后在重定向回你的网站（在隐藏的iframe仍然），你会看到用户登录到谷歌（或没有），并得到他们的身份标识，并将其登录到你的网站。

Once the user has approved that, it becomes possible but still isn't very simple. The approach involves creating a hidden iframe on your page (perhaps when the user session is first created, you add the iframe to whatever page the user is viewing, or just your popular landing page). This iframe is pointed at a URL on your site that does nothing but initiate the no-user-interaction login flow. For Google, this means your server makes an OpenIdRelyingParty.CreateRequest call with the Google OP Identifier, and you set IAuthenticationRequest.Mode = AuthenticationRequestMode.Immediate on the returned object before calling IAuthenticationRequest.RedirectToProvider. The Immediate bit tells the Provider to not expect to interact with the user (since your iframe is invisible) and to either give an immediate yes or no response. Then in the redirect back to your site (still in the hidden iframe) you'll see the user is logged into Google (or not) and get their Claimed Identifier and log them into your site.

有关Facebook的它使用OAuth 2的旧草案中，这个过程可能是相似的，但使用的OAuth 2班。我没有做这个的，所以我真的不能给出一个概述。

For Facebook which uses an old draft of OAuth 2, the process may be similar, but use the OAuth 2 classes. I haven't done this one though, so I can't really give an overview.

这篇关于自动登录用户网站时，用户到FB或谷歌被记录 - DotNetOpenAuth的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！