从Windows服务访问Google Drive [英] Accessing Google Drive from Windows service
问题描述
我试图了解是否可以从传统Windows服务访问Google云端硬盘,而不涉及用户。
遵循 https://开发人员指南。 google.com/drive/quickstart ,我已经能够创建一个将文件上传到Google Drive的命令行应用程序。但是,这个应用程序启动Web浏览器并将我重定向到Google的授权服务器页面,该页面为我提供了必须在命令行应用程序中输入的授权代码。显然,这对于作为Windows服务运行的应用程序不起作用,Windows服务会尝试在不同的时间将文件上传到Google Drive。在我的情况下,根本不可能涉及用户不止一次,这将在设置过程中。
据我所知,授权代码仅在短时间内有效。如果我稍后尝试重复使用它,我会收到一个例外。
在 https://developers.google.com/accounts/docs/OAuth2 ,有可能的身份验证方案的描述。唯一与我想要做的事情相符的是服务帐户方案。这允许应用程序在不涉及用户的情况下访问Google服务。但是,根据同一页面,使用服务帐户的应用程序无法访问数据。
由于这可能会导致安全问题,我得到的印象是Google不想打扰旧式认证(用户名/密码)。从安全角度来看,存储用户/传入配置当然不是很好。我是否错过了某些东西,或者我正在尝试做什么而不支持?
快速启动应用程序是一个简化的命令在线应用程序削减了一些角落,使入门体验更快,但它仍然可以作为Windows服务的起点。
如果你不想要要启动浏览器,您必须删除对 Process.Start(authUri.ToString())的调用,并可能将授权url打印到控制台,以便用户可以复制链接。
只要应用程序存储交换访问代码时返回的刷新令牌和访问令牌,您只需执行一次此手动步骤。访问令牌在一小时后过期,但刷新令牌永不过期(除非用户手动撤消对应用的访问),后者是用于请求新访问令牌的访问令牌。
该文档还包含一个完整的.NET应用程序,演示如何存储令牌以及如何解决各种授权边缘情况: https://developers.google.com/drive/examples/dotnet
I'm trying to understand if it's possible to access a Google Drive from a traditional Windows Service, without involving the user.
Following the guides on https://developers.google.com/drive/quickstart, I've been able to create a command line application which uploads a file to Google Drive. However, this application launches the web browser and redirects me to Google's Authorization Server page which gives me an authorization code I have to enter in the command line app. Obviously this won't work for an application which is running as a Windows Service which will try to upload files to Google Drive at different times. In my scenario, it would simply not be possible to involve the user more than once and that would be during set-up.
As far as I can tell, the authorization code is only valid for a short period of time. If I try to reuse it later, I get an exception.
At https://developers.google.com/accounts/docs/OAuth2, there are description of possible authentication scenarios. The only scenario which matches what I am trying to do is the "Service Accounts" scenario. This allows an application to access services Google without involving the user. However, according to the same page applications using service accounts cannot access data.
I get the impression that Google don't want to bother with old-style authentication (username/password) due to the security issues this may cause. Storing user/pass in configuration is of course not great from a security point of view. Am I missing something, or is what I'm trying to do simply not supported?
The quickstart application is a simplified command-line app that cuts some corners to make the getting started experience quicker but it can still be used as a starting point for a Windows service.
If you don't want to launch the browser, you have to remove the call to Process.Start(authUri.ToString()) and perhaps print the authorization url to the console so that the user can copy the link.
You only need to perform this manual step once, as long as the application stores the refresh token and the access token that are returned when exchanging the access code. The access token expires after one hour but the refresh token never expires (unless the user manually revokes access to the app) and the latter is the one that is used to request new access tokens.
The documentation also includes a complete .NET application that shows how to store the tokens and how to address the various authorization edge cases: https://developers.google.com/drive/examples/dotnet
这篇关于从Windows服务访问Google Drive的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
