使用 OpenID(通过 DotNetOpenAuth)以及用户角色和其他会员提供者功能

发布于 2024-09-08 17:59:06 字数 996 浏览 5 评论 0原文

我正在构建一个 ASP.NET MVC 站点,我想在其中使用 DotNetOpenAuth 来实现 OpenID 登录(我完全放弃基于用户名/密码的登录)。

到目前为止,我一直在使用角色系统、配置文件系统和基本注册系统为 ASP.NET 会员提供程序的默认用户名/密码系统编写代码。现在,在迁移到 OpenID 的过程中,我预见到了一些问题,特别是与 ASP.NET 成员资格提供程序提供的成员资格控件接口方面的问题。

查看 DotNetOpenAuth MVC 示例,我发现对 FormsAuthentication 系统的唯一引用是创建 AuthCookie,然后调用 FormsAuthentication.SignOut()。因此,我不确定是否可以在此 OpenID 系统中使用 ASP.NET 成员资格提供程序函数,尽管示例代码的另一部分调用 User.Identity.IsAuthenticated


此 OpenID 系统会与 ASP.NET 会员提供程序连接吗?如果没有,我可以通过某种方式解决这个问题吗?

如果上述情况完全不可能,我认为我的下一步行动就是滚动我自己的数据库表并手动编写代码以从我的帐户控制器使用它们。我注意到 Stack Exchange 数据资源管理器 采用这种方法,但是这是正确的做法吗?


编辑:为了确保我使用了正确的术语,“ASP.NET 成员资格提供程序”是指使用 aspnet_regsql.exe 工具。

I'm building an ASP.NET MVC site where I want to use DotNetOpenAuth to implement OpenID login (I'm completely dropping username/password-based login).

So far, I've been writing my code for the default username/password system with the ASP.NET Membership Provider, utilizing the roles system, the profile system, and the basic registration system. Now, in my migration to OpenID, I'm foreseeing some issues, specifically with interfacing with membership controls provided by the ASP.NET Membership Provider.

Looking at the DotNetOpenAuth MVC sample, I see that the only references to the FormsAuthentication system are to create an AuthCookie and later to call FormsAuthentication.SignOut(). Thus, I'm not sure whether I can use ASP.NET Membership Provider functions with this OpenID system, although another part of the sample code calls User.Identity.IsAuthenticated.


Will this OpenID system interface with the ASP.NET Membership Provider? If not, can I somehow fix that?

If the above is completely impossible, I think my next course of action would be to just roll my own database tables and manually write the code to use them from my Account controller. I noticed that the Stack Exchange Data Explorer takes this approach, but would this be the right course of action?


EDIT: Just to be sure I'm using the correct terminology, by "ASP.NET Membership Provider", I mean the provider that uses the tables generated by the aspnet_regsql.exe tool.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

时光暖心i 2024-09-15 17:59:06

它们的接口很好,但您需要做一些自定义工作。

我过去所做的是:

首先,我假设您有一个半工作的 openid 实现,这意味着您可以从 openid 提供商处接收实际身份,但不确定如何处理它。

我继续使用 FormsAuthentication 作为后端,即使不使用它进行身份验证。

您将需要一个数据库表,允许您将 FormsAuthentication 用户绑定到一个或多个 openid。您可以简单地将 FormsAuthentication 用户名(尚不存在)与您从 openid 提供商收到的身份 URL 一起存储。我们将此表称为 AUTH

当有人使用 openid 对您的站点进行身份验证时,请检查它是否存在于 AUTH 表中。如果没有,你需要做两件事。调用 Membership.CreateUser() 并传入您想要的任何生成的用户名(或电子邮件地址(如果由 openid 提供))。我使用 GUID 作为密码,因为它不会被使用。同时在 AUTH 表中放入一个条目,将会员用户名映射到 openid 声明的身份。

当有人使用 open id 对您的站点进行身份验证并且该站点已存在时,请使用与 openid 关联的用户名调用 FormsAuthentication.RedirectFromLoginPage ,并且将设置所有适当的身份验证票证。

现在您可以使用所有内置的安全对象,就像在实现 openid 之前一样。

编辑:
作为此设置的另一个好处,您将来可以选择允许用户名/密码登录。

您还可以随时更换您的会员提供商。

此外,AUTH 表的多对一性质使您可以轻松关联多个 openid。

They will interface just fine, but you will need to do a bit of custom work.

What I have done in the past is this:

First I'm assuming you have a semi working openid implementation, meaning you can receive the actual identity from an openid provider but just not sure what to do with it.

I continue to use FormsAuthentication as a back end even without using it for Authentication.

You will need a database table that allows you to tie a FormsAuthentication user to one or more openids. You can simply store the FormsAuthentication username (which doesn't exist yet) with the identity URL you receive from the openid provider. We'll call this table AUTH

When someone authenticates to your site with an openid check whether it exists in the AUTH table. If not you need to do two things. Call Membership.CreateUser() passing in whatever generated username you want (or the email address if provided by openid). I user a GUID for the password since it won't be used. At the same time put an entry in the AUTH table mapping the Membership username to the openid claimed identity.

When someone authenticates to your site with an open id and it already exists call FormsAuthentication.RedirectFromLoginPage with the username associated with the openid and all the appropriate authentication tickets will be set.

Now you can use all the nice built in security objects just like you always could before implementing openid.

EDIT:
As an added benefit of this setup you have the option in the future of allowing username/password logins.

You can also swap out your membership provider at any time.

Also, the many to one nature of the AUTH table allows you to easily associate multiple openids.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文