如何使用Facebook登录V2.0与dotnetopenauth OAuthWebSecurity.RequestAuthentication [英] How to use Facebook Login v2.0 with dotnetopenauth OAuthWebSecurity.RequestAuthentication
问题描述
我有一个从网站模板创建于VS2012所以它使用DotNetOpenAuth一个ASP.Net应用MVC4及以下code认证。
I have an ASP.Net MVC4 application that was created from the web template in VS2012 so it uses DotNetOpenAuth and the following code for authentication.
internal class ExternalLoginResult : ActionResult
{
public ExternalLoginResult(string provider, string returnUrl)
{
Provider = provider;
ReturnUrl = returnUrl;
}
public string Provider { get; private set; }
public string ReturnUrl { get; private set; }
public override void ExecuteResult(ControllerContext context)
{
OAuthWebSecurity.RequestAuthentication(Provider, ReturnUrl);
}
}
我想使用Facebook登录v2.0和我可以做到这一点使用JavaScript SDK,但我不能工作了,如果它可以指定版本OAuth认证。
I want to use Facebook Login v2.0 and I can do this using the Javascript SDK but I can't work out if it's possible to specify the version for oAuth authentication.
我知道,它可能在URL中指定V2.0,但我不能看到这个网址可以配置。
I know that it's possible to specify v2.0 in the URL but I can't see where this URL can be configured.
有人是否知道如何做到这一点? - 或者是硬coded到DotNetOpenAuth
Does anybody know how to do this - or is it hard-coded into DotNetOpenAuth?
推荐答案
确定我已经找到了解决办法是实现一个自定义OAuth用户端如下(在这个岗位找到<一href=\"http://forums.asp.net/t/1847724.aspx?+Urgent+How+can+I+get+ExtraData+from+OAuthWebSecurity+%29%3a-\" rel=\"nofollow\">http://forums.asp.net/t/1847724.aspx?+Urgent+How+can+I+get+ExtraData+from+OAuthWebSecurity+):-
OK the solution I have found is to implement a custom OAuth client as follows (as found in this post http://forums.asp.net/t/1847724.aspx?+Urgent+How+can+I+get+ExtraData+from+OAuthWebSecurity+):-
using System;
using System.Net;
using System.Collections.Generic;
using System.Web;
using System.Web.Helpers;
using System.Collections.Specialized;
using Newtonsoft.Json;
using System.Web.Script.Serialization;
namespace ExtensionMethods
{
public class FacebookV2Client : DotNetOpenAuth.AspNet.Clients.OAuth2Client
{
private const string AuthorizationEP = "https://www.facebook.com/v2.0/dialog/oauth";
private const string TokenEP = "https://graph.facebook.com/v2.0/oauth/access_token";
private readonly string _appId;
private readonly string _appSecret;
public FacebookV2Client(string appId, string appSecret)
: base("facebook")
{
this._appId = appId;
this._appSecret = appSecret;
}
protected override Uri GetServiceLoginUrl(Uri returnUrl)
{
return new Uri(
AuthorizationEP
+ "?client_id=" + this._appId
+ "&redirect_uri=" + HttpUtility.UrlEncode(returnUrl.ToString())
+ "&scope=email,user_about_me"
+ "&display=page"
);
}
protected override IDictionary<string, string> GetUserData(string accessToken)
{
WebClient client = new WebClient();
string content = client.DownloadString(
"https://graph.facebook.com/me?access_token=" + accessToken
);
dynamic data = Json.Decode(content);
return new Dictionary<string, string> {
{
//The behaviour here is unusual. If you request data.username it holds
//the public Facebook username (Timeline address) instead of the email address that DotetOpenAuth returns as username.
//This complicates matters as some users will login with their mobile rather than their email address so what do we use as username?
"username",
data.email
},
{
"id",
data.id
},
{
"name",
data.name
},
{
"photo",
"https://graph.facebook.com/" + data.id + "/picture"
},
{
"email",
data.email
}
};
}
protected override string QueryAccessToken(Uri returnUrl, string authorizationCode)
{
WebClient client = new WebClient();
string content = client.DownloadString(
TokenEP
+ "?client_id=" + this._appId
+ "&client_secret=" + this._appSecret
+ "&redirect_uri=" + HttpUtility.UrlEncode(returnUrl.ToString())
+ "&code=" + authorizationCode
);
NameValueCollection nameValueCollection = HttpUtility.ParseQueryString(content);
if (nameValueCollection != null)
{
string result = nameValueCollection["access_token"];
return result;
}
return null;
}
}
}
和在AuthConfig.cs
And in AuthConfig.cs
string facebook_appId = "Your appId";
string facebook_appSecret = "Your appSecret";
OAuthWebSecurity.RegisterClient(
new FacebookV2Client(
appId: facebook_appId,
appSecret: facebook_appSecret),
"facebook", null
);
如你所见,重写的GetUserData方法抛出了一些不寻常的。在标准的Facebook客户端,response.username包含了用户的Facebook的电子邮件地址,但在此实现data.username包含公开的Facebook用户名(时间轴地址),因此为什么我填充的用户名与data.email的原因。这个复杂事项的一些用户将他们的移动,而不是他们的电子邮件地址登录,所以我认为response.username(在标准的Facebook客户端)将返回无论是电子邮件还是取决于用户如何签约了对于Facebook的手机号码。那么,如何确定哪些领域应该在这个自定义实现填入用户名?或者是使用公共的Facebook用户名(时间轴地址正确答案(例如joe.blogs.999)。是否有一个原因,我不应该这样做?
As you can see, the overridden GetUserData method has thrown up something unusual. In the standard Facebook client, response.username contains the users Facebook email address but in this implementation data.username contains the public Facebook username (Timeline address), hence the reason why I'm populating username with data.email. This complicates matters as some users will login with their mobile rather than their email address so I assume that response.username (in the standard Facebook client) will return either the email or mobile number depending on how the user signed-up for Facebook. So how do I decide which field should populate username in this custom implementation? Or is the correct answer to use the public Facebook username (Timeline address (e.g. "joe.blogs.999"). Is there a reason why I shouldn't do that?
没有任何人有答案吗?
这篇关于如何使用Facebook登录V2.0与dotnetopenauth OAuthWebSecurity.RequestAuthentication的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
