用于身份验证的 DotNetOpenAuth OP 定制
我正在使用 DotNetOpenAuth 编写自己的 OpenId 提供程序。该提供程序将仅由我自己的每个站点的依赖方使用。换句话说,它是一个封闭的提供商。因此,我想自定义 OP,以便它仅在某些情况下进行身份验证,如下所示。
当站点/依赖方 #1 进行身份验证时,用户只需通过身份验证质询。
当站点/依赖方 #2 进行身份验证时,用户必须通过身份验证质询,但还必须已经存在 OP 检索到的一些其他数据。
RP 可以将需求告诉 OP。我应该如何实施这个?
我应该使用某种自定义 PAPE(我该怎么做?)或者通过属性交换(我该怎么做?)或其他方式(我该怎么做?)
I'm writing my own OpenId provider using DotNetOpenAuth. This provider will only be used by a Relying Party from each of my own sites. In other words it's a closed provider. As such I want to customise the OP so that it only authenticates under certain circumstances as follows.
When site/relying party #1 authenticates the user has to merely pass the authentication challenge.
When site/relying party #2 authenticates the user has to pass the authentication challenge but also has to already have some other data existing as retrieved by the OP.
It's fine for the RP to tell the OP about the requirement. How should I implement this?
Should I use some sort of custom PAPE (how do I do that?) or perhaps through Attribute Exchange (how do I do that?) or some other way (how do I do that?)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
RP 可以通过 AX 向 OP 询问有关身份验证用户的附加信息。这可能是最简单、最合适的方法。 DotNetOpenAuth 中使用 AX 执行此操作的相关类是 FetchRequest 和 FetchResponse。
您可以通过检查 OP 上的
IHostProcessedRequest.Realm
属性,让您的 OP 仅响应来自列入白名单的 RP 的身份验证请求,并通过检查IHostProcessedRequest.IsReturnUrlDiscoverable()
添加额外保证。 code> 方法返回RelyingPartyDiscoveryResult.Success
。The RP may ask of the OP for additional information about the authenticating user via AX. That's probably the simplest and most appropriate way to do it. The relevant classes in DotNetOpenAuth to use AX for this is
FetchRequest
andFetchResponse
.You can cause your OP to only respond to auth requests from your whitelisted RPs by checking the
IHostProcessedRequest.Realm
property at the OP, and adding additional assurance by checking theIHostProcessedRequest.IsReturnUrlDiscoverable()
method returnsRelyingPartyDiscoveryResult.Success
.