大佬教程收集整理的这篇文章主要介绍了WebApi ASP.NET身份Facebook登录,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
我的问题是,我的客户是一个移动应用程序使用的facebook sdk,直接给我一个访问令牌。 Facebook说使用sdk总是给你一个访问令牌,@R_467_9447@直接给web API访问令牌。我明白这不是很安全,但它是可能的?
显然,所有WebAPI Owin OAuth选项都是基于浏览器的,也就是说他们需要大量的浏览器重定向请求,不适合本地移动应用程序(我的情况)。
我仍然在调查和实验,但正如Hongye Sun在他的博客文章http://blogs.msdn.com/b/webdev/archive/2013/09/20/understanding-security-features-in-spa-template.aspx?PageIndex=2#comments的一个评论中所简要描述的,使用Facebook登录访问令牌可以直接通过API进行验证,通过图形调用/ me端点。
通过使用图形调用返回的信息,您可以检查用户是否已经注册。
最后,我们需要登录用户,也许使用Authentication.SignIn Owin方法,返回一个将用于所有后续API调用的承载令牌。
编辑:
实际上我错了,承载令牌是发出呼叫“/ Token”端点,其上输入接受类似grant_type =密码&用户名=爱丽丝&密码=密码123
这里的问题是我们没有密码(这是OAuth机制的整个要点),那么我们还能如何调用“/ Token”端点呢?
更新:
我终于找到一个工作的解决方案,以下是我不得不添加到现有的类,使其工作:
Startup.Auth.cs
public partial class Startup { /// <sumMary> /// This part has been added to have an API endpoint to authenticate users that accept a Facebook access token /// </sumMary> static Startup() { PublicClientId = "self"; //UseRMANagerFactory = () => new UseRMANager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())); UseRMANagerFactory = () => { var useRMANager = new UseRMANager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())); useRMANager.UserValidator = new UserValidator<ApplicationUser>(useRMANager) { AllowOnlyAlphanumericUserNames = false }; return useRMANager; }; OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"),Provider = new ApplicationOauthprovider(PublicClientId,UseRMANagerFactory),AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),AllowInsecurehttp = true }; OAuthBearerOptions = new OAuthBearerAuthenticationOptions(); OAuthBearerOptions.AccessTokenFormat = OAuthOptions.AccessTokenFormat; OAuthBearerOptions.AccessTokenProvider = OAuthOptions.AccessTokenProvider; OAuthBearerOptions.AuthenticationMode = OAuthOptions.AuthenticationMode; OAuthBearerOptions.AuthenticationType = OAuthOptions.AuthenticationType; OAuthBearerOptions.Description = OAuthOptions.Description; OAuthBearerOptions.Provider = new CustomBearerAuthenticationProvider(); OAuthBearerOptions.SystemClock = OAuthOptions.SystemClock; } public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; } public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; } public static Func<UseRMANager<ApplicationUser>> UseRMANagerFactory { get; set; } public static String PublicClientId { get; private set; } // For more information on configuring authentication,please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { [Initial boilerplate code] OAuthBearerAuthenticationExtensionS.UseOAuthBearerAuthentication(app,OAuthBearerOptions); [More boilerplate code] } } public class CustomBearerAuthenticationProvider : OAuthBearerAuthenticationProvider { public override Task ValidatEIDentity(OAuthValidatEIDentityContext context) { var claims = context.Ticket.Identity.Claims; if (claims.Count() == 0 || claims.Any(claim => claim.Issuer != "Facebook" && claim.Issuer != "LOCAL_AUTHORITY" )) context.Rejected(); return Task.FromResult<object>(null); } }
进入AccountController,我添加了以下操作
[httpPost] [AllowAnonymous] [Route("FacebookLogin")] public async Task<IhttpActionResult> FacebookLogin(String token) { [Code to validate input...] var tokenExpirationTimeSpan = TimeSpan.FromDays(14); ApplicationUser user = null; // Get the fb access token and make a graph call to the /me endpoint // check if the user is already registered // If yes retrieve the user // If not,register it // Finally sign-in the user: this is the key part of the code that creates the bearer token and authenticate the user var identity = new ClaimsIdentity(Startup.oAuthBearerOptions.AuthenticationTypE); identity.AddClaim(new Claim(ClaimTypes.Name,user.Id,null,"Facebook")); // This claim is used to correctly populate user id identity.AddClaim(new Claim(ClaimTypes.NamEIDentifier,"LOCAL_AUTHORITY")); AuthenticationTicket ticket = new AuthenticationTicket(identity,new AuthenticationProperties()); var currentUtc = new Microsoft.owin.Infrastructure.SystemClock().UtcNow; ticket.Properties.IssuedUtc = currentUtc; ticket.Properties.ExpiresUtc = currentUtc.Add(tokenExpirationTimeSpan); var accesstoken = Startup.oAuthBearerOptions.AccessTokenFormat.Protect(ticket); Authentication.SignIn(identity); // Create the response JObject blob = new JObject( new JProperty("userName",user.UserName),new JProperty("access_token",accesstoken),new JProperty("token_type","bearer"),new JProperty("expires_in",tokenExpirationTimeSpan.@R_947_10586@lSeconds.ToString()),new JProperty(".issued",ticket.Properties.IssuedUtc.ToString()),new JProperty(".expires",ticket.Properties.ExpiresUtc.ToString()) ); var json = Newtonsoft.Json.JsonConvert.serializeObject(blob); // Return OK return Ok(blob); }
而已。我发现与经典/令牌端点响应的唯一的区别是承载令牌稍短,过期和发布日期在UTC,而不是在GMT(至少在我的机器上)。
我希望这有帮助!
以上是大佬教程为你收集整理的WebApi ASP.NET身份Facebook登录全部内容,希望文章能够帮你解决WebApi ASP.NET身份Facebook登录所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。