DotNetOpenAuth 和 ajax
您好,我创建了一个可以使用 OpenId 登录的网站。 当您按下登录按钮时,我调用一个 ajax 方法,该方法基本上通过 ajax 调用来调用此方法:
[WebMethod]
public static LoginResult Login(string url)
{
Identifier id;
LoginResult result = new LoginResult();
if (Identifier.TryParse(url, out id))
{
try
{
//request openid_identifier
FetchRequest fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Alias);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.FullName);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.First);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Last);
string rootUrl = "http://" + HttpContext.Current.Request.Headers["Host"] + "/";
IAuthenticationRequest request = openid.CreateRequest(url, new Realm(rootUrl), new Uri(rootUrl + "?action=verify"));
request.AddExtension(fetch);
result.RedirectUrl = request.RedirectingResponse.Headers["Location"];
}
catch (ProtocolException ex)
{
result.ErrorMessage = ex.Message;
}
}
else
{
result.ErrorMessage = "Could not parse identifier!";
}
return result;
}
这非常有效,javascript 获取“RedirectUrl”并重定向到它,在开放 ID 提供程序的验证完成后,我会被发送回像这样的事情
但是当我调用 openid.GetResponse() 并检查其状态时 失败的。 如果我检查异常,它包含以下消息
openid.return_to 参数 (http://localhost:33386/?action=verify&dnoa.userSuppliedIdentifier=https:%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid) 与实际网址不符 (http://localhost:33386/default.aspx?action=verify&dnoa.userSuppliedIdentifier=https:%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http:%2F%2Fspecs.openid .net%2Fauth........
我在这里做错了什么
? 我尝试指定 returnUrl 的原因是我的 Web 服务位于 ~\WebApi.aspx 这不是我在执行请求时想要登陆的位置。 我尝试使用 ILSpy 查看程序集,但“CreateRequest”方法或多或少是空的。
Hi i have created a site where i have a OpenId login.
When you press the login button i call a ajax method that basically calls this with a ajax call:
[WebMethod]
public static LoginResult Login(string url)
{
Identifier id;
LoginResult result = new LoginResult();
if (Identifier.TryParse(url, out id))
{
try
{
//request openid_identifier
FetchRequest fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Alias);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.FullName);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.First);
fetch.Attributes.AddRequired(WellKnownAttributes.Name.Last);
string rootUrl = "http://" + HttpContext.Current.Request.Headers["Host"] + "/";
IAuthenticationRequest request = openid.CreateRequest(url, new Realm(rootUrl), new Uri(rootUrl + "?action=verify"));
request.AddExtension(fetch);
result.RedirectUrl = request.RedirectingResponse.Headers["Location"];
}
catch (ProtocolException ex)
{
result.ErrorMessage = ex.Message;
}
}
else
{
result.ErrorMessage = "Could not parse identifier!";
}
return result;
}
this works great the javascript gets the "RedirectUrl" and redirects to it, after the verification at the open id provider is done i get sent back to some thing like this
But when i call openid.GetResponse() and check the Status its failed.
If i check the Exception its contains the following message
The openid.return_to parameter
(http://localhost:33386/?action=verify&dnoa.userSuppliedIdentifier=https:%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid)
does not match the actual URL
(http://localhost:33386/default.aspx?action=verify&dnoa.userSuppliedIdentifier=https:%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http:%2F%2Fspecs.openid.net%2Fauth........
What am i doing wrong here?
Note:
The reason i try to specify returnUrl is that my webservice is located at ~\WebApi.aspx this is not where i want to land when i do the request..
I tried to look at the assembly with ILSpy but the "CreateRequest" methods are more or less empty..
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果仔细查看错误消息中的两个 URL,您会发现其中一个明确提及了
default.aspx,而另一个则没有。这就是破坏它的原因。尝试调整您自己的显式 return_to 以包含页面名称,它可能会开始为您工作。另一方面,从响应中获取 Location HTTP 标头并将其发送到 Javascript 是不可靠的。某些 OpenID 请求太大,无法放入单个 URL,并且 Location 标头将为空。相反,响应对象具有自我提交 HTML 表单的有效负载。如果您的代码碰巧超过了最大大小阈值,则会失败。但在这里探索您的选择值得专门提出一个 Stackoverflow 问题。 :)
If you look carefully at the two URLs in the error message, you'll see that one mentions
default.aspxexplicitly and the other does not. That's what's breaking it. Try adjusting your own explicit return_to to include the page name and it may start working for you.On another point, fetching the Location HTTP header from the response and sending that to Javascript is unreliable. Some OpenID requests are so large they don't fit into a single URL and the Location header will be empty. Instead, the response object has a payload of a self-submitting HTML form. Your code would fail if it ever happened to cross the max size threshold. But exploring your option here merits a dedicated Stackoverflow question. :)