在获取使用MVC4 Twitter的DotNetOpenAuth秘密访问 [英] Getting Twitter Access Secret using DotNetOpenAuth in MVC4
问题描述
我创建与MVC4将授权使用Twitter的用户,让他们从应用程序的鸣叫以及一个应用程序。我能够得到使用BuiltInOAuthClient.Twitter是在MVC4没有问题认证的用户。 <一href=\"http://www.asp.net/web-pages/tutorials/security/enabling-login-from-external-sites-in-an-aspnet-web-pages-site\" rel=\"nofollow\">http://www.asp.net/web-pages/tutorials/security/enabling-login-from-external-sites-in-an-aspnet-web-pages-site
I'm creating an app with MVC4 that will authorize users using Twitter and lets them tweet from the app as well. I'm able to get the user authenticated without a problem using the BuiltInOAuthClient.Twitter that is in MVC4. http://www.asp.net/web-pages/tutorials/security/enabling-login-from-external-sites-in-an-aspnet-web-pages-site
我有访问令牌,和oauth_verifier,但我需要得到acess_secret来自Twitter回来为好。 https://dev.twitter.com/docs/auth/implementing-sign-twitter
I have the access token, and oauth_verifier, but I need to get the acess_secret back from Twitter as well. https://dev.twitter.com/docs/auth/implementing-sign-twitter
什么,我缺少的是如何通过oauth_verifier回到微博使用OAuthWebSecurity以获得进入秘密。
What I'm missing is how to pass the oauth_verifier back to Twitter to get the access secret using OAuthWebSecurity.
同样,我可以使用Twitter的登录确定,但我需要能够使用Twitter的用户也是如此。我以前用TweetSharp库做到了这一点,但我试图用DotNetOpenAuth在这个项目上。
Again, I can use Twitter for the login ok, but I need to be able to use twitter as the user as well. I've done this with the TweetSharp library before, but am trying to use DotNetOpenAuth on this project.
更新:
我使用的OAuthWebSecurity类中的第一个链接描述来管理身份验证。 OAuthWebSecurity.RegisterClient在AuthConfig期望一个DotNetOpenAuth.AspNet.IAuthenticationClient。按照建议你不能换说出来与TwitterConsumer类。
UPDATE: I'm using the OAuthWebSecurity class as described in the first link to manage authentication. OAuthWebSecurity.RegisterClient in the AuthConfig expects a DotNetOpenAuth.AspNet.IAuthenticationClient. You can't swap that out with the TwitterConsumer class as suggested.
我可以使用内置DotNetOpenAuth认证件在第一环节中所述,或者我可以使用自定义code做了充分授权,但我试图找到一种方法,一举两得。
I can use the "built in" DotNetOpenAuth authentication piece as described in the first link, OR I can use custom code to do the full authorization, but I'm trying to find a way to do both.
我可以单独做,但那么用户是Twitter的对话框psented两次(一次登录,一次授权)$ P $。我希望有使用,使用OAuthWebSecurity但广告授权件以及已连接了一块认证的方式。
I can do it separately, but then the user is presented with the Twitter dialog twice (once to login and once to authorize). I'm hoping there's a way to use the already wired up authentication piece that uses OAuthWebSecurity but ad the authorization piece as well.
推荐答案
我一直在敲我的头靠在这个墙上几天了,但我终于有一些作品。有兴趣知道,如果它是一个有效的解决方案,但!
I've been banging my head against a wall with this for a few days now, but I finally have something that works. Would be interested to know if it's a valid solution though!
首先,创建一个新的OAuthClient:
First off, create a new OAuthClient:
public class TwitterClient : OAuthClient
{
/// <summary>
/// The description of Twitter's OAuth protocol URIs for use with their "Sign in with Twitter" feature.
/// </summary>
public static readonly ServiceProviderDescription TwitterServiceDescription = new ServiceProviderDescription
{
RequestTokenEndpoint =
new MessageReceivingEndpoint(
"https://api.twitter.com/oauth/request_token",
HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
UserAuthorizationEndpoint =
new MessageReceivingEndpoint(
"https://api.twitter.com/oauth/authenticate",
HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
AccessTokenEndpoint =
new MessageReceivingEndpoint(
"https://api.twitter.com/oauth/access_token",
HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() },
};
public TwitterClient(string consumerKey, string consumerSecret) :
base("twitter", TwitterServiceDescription, consumerKey, consumerSecret) { }
/// Check if authentication succeeded after user is redirected back from the service provider.
/// The response token returned from service provider authentication result.
protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response)
{
string accessToken = response.AccessToken;
string accessSecret = (response as ITokenSecretContainingMessage).TokenSecret;
string userId = response.ExtraData["user_id"];
string userName = response.ExtraData["screen_name"];
var extraData = new Dictionary<string, string>()
{
{"accesstoken", accessToken},
{"accesssecret", accessSecret}
};
return new AuthenticationResult(
isSuccessful: true,
provider: ProviderName,
providerUserId: userId,
userName: userName,
extraData: extraData);
}
}
最重要的部分就是你施放一个ITokenSecretContainingMessage的响应。看来,应对有TokenSecret一直以来,但它只是一个内部属性。通过铸造它,您可以访问一个公共属性。我不能说我是这样做的球迷,但后来我也搞不懂为什么 DotNetOpenAuth 的Asp.Net团队隐藏在首位的属性。必须有一个很好的理由。
The important part is where you cast the response to an ITokenSecretContainingMessage. It appears that the response has the TokenSecret all along, but it is only on an internal property. By casting it, you get access to a public property. I can't say that I'm a fan of doing this, but then I also don't understand why DotNetOpenAuth the Asp.Net team have hidden the property in the first place. There must be a good reason.
您再AuthConfig注册此客户端:
You then register this client in AuthConfig:
OAuthWebSecurity.RegisterClient( new TwitterClient(
consumerKey: "",
consumerSecret: ""), "Twitter", null);
现在,在对的AccountController的ExternalLoginCallback法,accessSecret可在ExtraData字典。
Now, in the ExternalLoginCallback method on the AccountController, the accessSecret is available in the ExtraData dictionary.
这篇关于在获取使用MVC4 Twitter的DotNetOpenAuth秘密访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
