There are several ways to use OpenID on ASP.net sites, but none of them seem to use the existing mechanism of Membership and Authentication Providers.
在ASP.net站点上使用OpenID有几种方法,但似乎没有一种方法使用现有的成员和身份验证提供者机制。
I wonder what the proper way would be to create a site that solely relies on OpenID? Continuing to use Forms Authentication but implementing a variant of the SqlMembershipProvider that does the lookup against OpenID?
我想知道创建一个完全依赖OpenID的站点的正确方法是什么?继续使用表单身份验证,但实现针对OpenID进行查找的SqlMembershipProvider的变体?
Or would I go one level deeper and write my own FormsAuthenticationModule? That seems to be a bit too bare-bones, as (to my knowledge) Forms Authentication can looked up against any data source.
或者我可以再深入一步,编写自己的FormsAuthenticationModule吗?这似乎有点过于简单,因为(据我所知)表单验证可以查找任何数据源。
Or is there a third way, keeping the FormsAuthenticationModule but making it do the lookup against OpenID?
或者有第三种方法,保持FormsAuthenticationModule,但是让它对OpenID进行查找?
As this is for an ASP.net MVC application I have no use for the built-in Login WebForms Controls if that makes a difference.
因为这是一个ASP.net MVC应用程序,所以如果有什么不同的话,我就不需要内置的登录WebForms控件了。
6 个解决方案
#1
10
The Membership API that ASP.NET defines doesn't fit well at all with OpenID, which is probably why you don't see many systems using it. I haven't seen a need to use the Membership provider with OpenID yet, so it hasn't really become an issue. One project that attempted to make the Membership provider model fit with OpenID is http://code.google.com/p/dotnet-membership-provider/, but it doesn't look like it's been maintained recently.
ASP的成员API。NET定义与OpenID完全不匹配,这可能就是为什么很少有系统使用它的原因。我还没有看到需要使用OpenID的成员提供程序,所以它并没有真正成为一个问题。一个试图使成员提供者模型与OpenID相匹配的项目是http://code.google.com/p/dotnet membershipprovider/,但它看起来不像是最近维护的。
As womp said, you don't need to redo the FormsAuthenticationModule. It works perfectly well with OpenID.
正如womp所说,不需要重新执行FormsAuthenticationModule。它在OpenID上工作得非常好。
Check out the project templates that come with DotNetOpenAuth to see how things can work without the membership provider.
请查看与DotNetOpenAuth一起提供的项目模板,了解如何在没有成员提供程序的情况下工作。
#2
4
The OpenID Membership Provider project might be what you are looking for.
OpenID成员资格提供程序项目可能是您正在寻找的。
And even though you're not using Login controls, it's still recommended to leverage the Membership Provider model for authentication.
尽管您不使用登录控件,但仍然建议使用成员资格提供者模型进行身份验证。
It's not usually necessary to go as deep as implementing FormsAuthentication specific functionality, since writing a MembershipProvider is pretty trivial, and I've never found a case where it wasn't flexible enough to handle. Note that often you only need to implement one method (ValidateUser()) of the interface to get a working provider.
通常不需要像实现特定于FormsAuthentication的功能那样深入,因为编写一个MembershipProvider是非常简单的,而且我从来没有发现过它不够灵活的情况。注意,通常只需要实现接口的一个方法(ValidateUser())就可以得到一个工作提供者。
#3
2
This is an old question, but I haven't seen the approach I used when searching around for it, so here goes. (It's only tested with Google, since I'm creating the appearance of integration with my company's Google Apps for Business account, rather than full OpenID integration.)
这是一个老问题,但是我还没有看到我搜索它时使用的方法,所以这里。(它只在谷歌上进行了测试,因为我正在创建与我公司的商业账户谷歌应用程序集成的外观,而不是完整的OpenID集成。)
I use DotNetOpenAuth to claim the OpenID, making sure to require the e-mail address.
我使用DotNetOpenAuth声明OpenID,确保需要电子邮件地址。
request.AddExtension(new ClaimsRequest
{
BirthDate = DemandLevel.NoRequest,
Email = DemandLevel.Require,
FullName = DemandLevel.Require
});
Then, when I get back an authenticated response, I look up the username from the e-mail:
然后,当我得到一个经过验证的响应时,我从电子邮件中查找用户名:
case AuthenticationStatus.Authenticated:
ClaimsResponse info = response.GetExtension<ClaimsResponse>();
string username = Membership.GetUserNameByEmail(info.Email);
FormsAuthentication.SetAuthCookie(username, true);
return Redirect(ReturnUrl ?? "/");
Assuming you also have a Membership and Role provider set up, setting the forms Auth cookie for the appropriate username gives you access to all the other Membership and Roles goodness.
假设您还设置了一个成员关系和角色提供者,那么为适当的用户名设置表单Auth cookie将使您能够访问所有其他成员关系和角色。
#4
0
The ASP.NET MVC sample included with DotNetOpenId uses FormsAuthentication to log the user in after they have been authenticated by OpenID. It does not, as far as I can tell, do any integration with the Membership system.
ASP。DotNetOpenId包含的NET MVC示例使用FormsAuthentication在用户通过OpenID进行身份验证后将其记录下来。就我所知,它没有与会员系统进行任何集成。
#5
0
if anyone comes across a good c# janrain example - please let me know.
如果有人遇到一个很好的例子,请告诉我。
i've got dsn pointing to tumblr, then for the login widget it comes back to a subdomain where i have it's path to a folder under the root.
我有dsn指向tumblr,然后是登录小部件,它返回到一个子域,在那里我有它的路径到根目录下的文件夹。
so then i have an app_code folder in there that i am using this c# helper class - i can get the token back just fine and it's taking me to my members.domain.com so the widget is working - just need to get the user details on the provider they used to get to the members area.
所以我有一个app_code文件夹,我使用c#助手类,我可以拿回令牌很好,带我去我的members.domain.com部件是工作,只需要获取用户详细信息的提供者使用到会员区。
http://groups.google.com/group/rpx-developers/web/c-helper-class?_done=/group/rpx-developers%3F
http://groups.google.com/group/rpx-developers/web/c-helper-class?_done=/group/rpx-developers%3F
is the helper class
是辅助类
error
错误
Server Error in '/' Application. Unexpected API error Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
“/”应用程序中的服务器错误。意外API错误描述:在执行当前web请求期间发生了一个未处理的异常。请查看堆栈跟踪,以获得关于错误的更多信息,以及错误起源于代码的何处。
Exception Details: System.Exception: Unexpected API error
异常详细信息:系统。例外:意想不到的API错误
Source Error:
源错误:
Line 22: Line 23: Rpx feedit = new Rpx("apikey", "https://learnbartending.rpxnow.com/"); Line 24: feedit.AuthInfo(justoken); Line 25: XmlElement xmlstuff = feedit.AuthInfo(justoken); Line 26:
第22行:第23行:Rpx feedit = new Rpx(“apikey”,“https://learnbartending.rpxnow.com/”);24行:feedit.AuthInfo(justoken);第25行:XmlElement xmlstuff = feedit.AuthInfo(justoken);26行:
Source File: c:\Inetpub\vhosts\learnbartending.com\httpdocs\members\Default.aspx.cs Line: 24
源文件:c:\Inetpub\vhosts\learnbartending.com\httpdocs\成员\Default.aspx.cs Line: 24
Stack Trace:
堆栈跟踪:
#6
0
If you need to leverage the userID(guid)
from your Membership database then you are going to have to create a skeleton account when they first login, then figure out some mechanism of rotating a fresh password on subsequent logins. This password would obviously be for your Membership provider and would be transparent.
如果您需要从您的会员数据库中利用userID(guid),那么您将不得不在第一次登录时创建一个框架帐户,然后找出一些机制,在后续登录时旋转一个新的密码。这个密码显然是为您的会员提供程序设置的,并且是透明的。
Now the fun part is finding metadat that is common? HMM e-mail address maybe?
有趣的是找到常见的元数据?嗯也许电子邮件地址?
I am working on this dilemma as well with facebook connect. I have to have a userid to tie them to the classified postings in my database.
我也在研究facebook connect的困境。我必须有一个用户名才能将它们与我数据库中的机密信息联系起来。
Fun stuff.
有趣的东西。
Just an update. I got this working nicely.
只是一个更新。我做得很好。
I created a table
我创建了一个表
CREATE TABLE [dbo].[OAuthUsers]
(
[OuthUserID] [int] IDENTITY(1,1) NOT NULL,
[UserID] [uniqueidentifier] NOT NULL,
[access_token] [varchar](150) NULL,
[expires_in] [datetime2](7) NULL,
[refresh_token] [varchar](150) NULL,
[issued_at] [datetime2](7) NULL,
[user_id] [varchar](50) NOT NULL,
[domain] [varchar](50) NULL,
[scope] [varchar](150) NULL,
CONSTRAINT [PK_OAuthUsers] PRIMARY KEY CLUSTERED
)
Store the access_token
for facebook or openid. OpenID has a refresh token you can ask for, so store it as well
存储facebook或openid的access_token。OpenID有一个可以请求的refresh token,所以也要存储它
I have an ashx handler as my redirect_url. In that handler you can do all of the processing for each case, user already has an account in provider database, user does not have an account in provider database so we create one. All that neat crap :)
我有一个ashx处理程序作为我的redirect_url。在这个处理程序中,你可以为每个案例做所有的处理,用户已经在提供者数据库中有一个帐户,用户在提供者数据库中没有帐户,所以我们创建一个。所有那些乱七八糟的东西:)
Have fun with it.
玩得开心。
#1
10
The Membership API that ASP.NET defines doesn't fit well at all with OpenID, which is probably why you don't see many systems using it. I haven't seen a need to use the Membership provider with OpenID yet, so it hasn't really become an issue. One project that attempted to make the Membership provider model fit with OpenID is http://code.google.com/p/dotnet-membership-provider/, but it doesn't look like it's been maintained recently.
ASP的成员API。NET定义与OpenID完全不匹配,这可能就是为什么很少有系统使用它的原因。我还没有看到需要使用OpenID的成员提供程序,所以它并没有真正成为一个问题。一个试图使成员提供者模型与OpenID相匹配的项目是http://code.google.com/p/dotnet membershipprovider/,但它看起来不像是最近维护的。
As womp said, you don't need to redo the FormsAuthenticationModule. It works perfectly well with OpenID.
正如womp所说,不需要重新执行FormsAuthenticationModule。它在OpenID上工作得非常好。
Check out the project templates that come with DotNetOpenAuth to see how things can work without the membership provider.
请查看与DotNetOpenAuth一起提供的项目模板,了解如何在没有成员提供程序的情况下工作。
#2
4
The OpenID Membership Provider project might be what you are looking for.
OpenID成员资格提供程序项目可能是您正在寻找的。
And even though you're not using Login controls, it's still recommended to leverage the Membership Provider model for authentication.
尽管您不使用登录控件,但仍然建议使用成员资格提供者模型进行身份验证。
It's not usually necessary to go as deep as implementing FormsAuthentication specific functionality, since writing a MembershipProvider is pretty trivial, and I've never found a case where it wasn't flexible enough to handle. Note that often you only need to implement one method (ValidateUser()) of the interface to get a working provider.
通常不需要像实现特定于FormsAuthentication的功能那样深入,因为编写一个MembershipProvider是非常简单的,而且我从来没有发现过它不够灵活的情况。注意,通常只需要实现接口的一个方法(ValidateUser())就可以得到一个工作提供者。
#3
2
This is an old question, but I haven't seen the approach I used when searching around for it, so here goes. (It's only tested with Google, since I'm creating the appearance of integration with my company's Google Apps for Business account, rather than full OpenID integration.)
这是一个老问题,但是我还没有看到我搜索它时使用的方法,所以这里。(它只在谷歌上进行了测试,因为我正在创建与我公司的商业账户谷歌应用程序集成的外观,而不是完整的OpenID集成。)
I use DotNetOpenAuth to claim the OpenID, making sure to require the e-mail address.
我使用DotNetOpenAuth声明OpenID,确保需要电子邮件地址。
request.AddExtension(new ClaimsRequest
{
BirthDate = DemandLevel.NoRequest,
Email = DemandLevel.Require,
FullName = DemandLevel.Require
});
Then, when I get back an authenticated response, I look up the username from the e-mail:
然后,当我得到一个经过验证的响应时,我从电子邮件中查找用户名:
case AuthenticationStatus.Authenticated:
ClaimsResponse info = response.GetExtension<ClaimsResponse>();
string username = Membership.GetUserNameByEmail(info.Email);
FormsAuthentication.SetAuthCookie(username, true);
return Redirect(ReturnUrl ?? "/");
Assuming you also have a Membership and Role provider set up, setting the forms Auth cookie for the appropriate username gives you access to all the other Membership and Roles goodness.
假设您还设置了一个成员关系和角色提供者,那么为适当的用户名设置表单Auth cookie将使您能够访问所有其他成员关系和角色。
#4
0
The ASP.NET MVC sample included with DotNetOpenId uses FormsAuthentication to log the user in after they have been authenticated by OpenID. It does not, as far as I can tell, do any integration with the Membership system.
ASP。DotNetOpenId包含的NET MVC示例使用FormsAuthentication在用户通过OpenID进行身份验证后将其记录下来。就我所知,它没有与会员系统进行任何集成。
#5
0
if anyone comes across a good c# janrain example - please let me know.
如果有人遇到一个很好的例子,请告诉我。
i've got dsn pointing to tumblr, then for the login widget it comes back to a subdomain where i have it's path to a folder under the root.
我有dsn指向tumblr,然后是登录小部件,它返回到一个子域,在那里我有它的路径到根目录下的文件夹。
so then i have an app_code folder in there that i am using this c# helper class - i can get the token back just fine and it's taking me to my members.domain.com so the widget is working - just need to get the user details on the provider they used to get to the members area.
所以我有一个app_code文件夹,我使用c#助手类,我可以拿回令牌很好,带我去我的members.domain.com部件是工作,只需要获取用户详细信息的提供者使用到会员区。
http://groups.google.com/group/rpx-developers/web/c-helper-class?_done=/group/rpx-developers%3F
http://groups.google.com/group/rpx-developers/web/c-helper-class?_done=/group/rpx-developers%3F
is the helper class
是辅助类
error
错误
Server Error in '/' Application. Unexpected API error Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
“/”应用程序中的服务器错误。意外API错误描述:在执行当前web请求期间发生了一个未处理的异常。请查看堆栈跟踪,以获得关于错误的更多信息,以及错误起源于代码的何处。
Exception Details: System.Exception: Unexpected API error
异常详细信息:系统。例外:意想不到的API错误
Source Error:
源错误:
Line 22: Line 23: Rpx feedit = new Rpx("apikey", "https://learnbartending.rpxnow.com/"); Line 24: feedit.AuthInfo(justoken); Line 25: XmlElement xmlstuff = feedit.AuthInfo(justoken); Line 26:
第22行:第23行:Rpx feedit = new Rpx(“apikey”,“https://learnbartending.rpxnow.com/”);24行:feedit.AuthInfo(justoken);第25行:XmlElement xmlstuff = feedit.AuthInfo(justoken);26行:
Source File: c:\Inetpub\vhosts\learnbartending.com\httpdocs\members\Default.aspx.cs Line: 24
源文件:c:\Inetpub\vhosts\learnbartending.com\httpdocs\成员\Default.aspx.cs Line: 24
Stack Trace:
堆栈跟踪:
#6
0
If you need to leverage the userID(guid)
from your Membership database then you are going to have to create a skeleton account when they first login, then figure out some mechanism of rotating a fresh password on subsequent logins. This password would obviously be for your Membership provider and would be transparent.
如果您需要从您的会员数据库中利用userID(guid),那么您将不得不在第一次登录时创建一个框架帐户,然后找出一些机制,在后续登录时旋转一个新的密码。这个密码显然是为您的会员提供程序设置的,并且是透明的。
Now the fun part is finding metadat that is common? HMM e-mail address maybe?
有趣的是找到常见的元数据?嗯也许电子邮件地址?
I am working on this dilemma as well with facebook connect. I have to have a userid to tie them to the classified postings in my database.
我也在研究facebook connect的困境。我必须有一个用户名才能将它们与我数据库中的机密信息联系起来。
Fun stuff.
有趣的东西。
Just an update. I got this working nicely.
只是一个更新。我做得很好。
I created a table
我创建了一个表
CREATE TABLE [dbo].[OAuthUsers]
(
[OuthUserID] [int] IDENTITY(1,1) NOT NULL,
[UserID] [uniqueidentifier] NOT NULL,
[access_token] [varchar](150) NULL,
[expires_in] [datetime2](7) NULL,
[refresh_token] [varchar](150) NULL,
[issued_at] [datetime2](7) NULL,
[user_id] [varchar](50) NOT NULL,
[domain] [varchar](50) NULL,
[scope] [varchar](150) NULL,
CONSTRAINT [PK_OAuthUsers] PRIMARY KEY CLUSTERED
)
Store the access_token
for facebook or openid. OpenID has a refresh token you can ask for, so store it as well
存储facebook或openid的access_token。OpenID有一个可以请求的refresh token,所以也要存储它
I have an ashx handler as my redirect_url. In that handler you can do all of the processing for each case, user already has an account in provider database, user does not have an account in provider database so we create one. All that neat crap :)
我有一个ashx处理程序作为我的redirect_url。在这个处理程序中,你可以为每个案例做所有的处理,用户已经在提供者数据库中有一个帐户,用户在提供者数据库中没有帐户,所以我们创建一个。所有那些乱七八糟的东西:)
Have fun with it.
玩得开心。