将“wl.emails”作用域添加到Startup.Auth.cs中的MicrosoftAccountAuthenticationOptions会导致问题

时间:2013-11-21 09:18:01

标签: visual-studio-2013 claims-based-identity asp.net-mvc-5 asp.net-identity owin

请告诉我有什么问题。

    public void ConfigureAuth(IAppBuilder app)
    {
        var mo = new MicrosoftAccountAuthenticationOptions();
        mo.ClientId = "xxxxxxxxxxxxxxxxx";
        mo.ClientSecret = "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy";
        mo.Scope.Add("wl.basic"); // No effect if this commented out
        mo.Scope.Add("wl.emails");

        // IF I COMMENT NEXT TWO PROPERTIES, USER IS AUTHENTICATED, BUT THE DB IS NOT
        // UPDATED. LEAVE THEM AND THE REDIRECT FROM MSLIVE ENDS ON LOGIN PAGE

        mo.SignInAsAuthenticationType = "External";
        mo.Provider = new MicrosoftAccountAuthenticationProvider()
        {
            OnAuthenticated = (context) =>
                {
         // Set breakpoint here to see the context.Identity.Claims HAS CLAIMS DESIRED.
         // SO IT APPEARS TO ME Nothing to do here but verify they exist in the debugger.
         //(context.Identity.Claims).Items  ARE:  
         //{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: xxxxxxxxx}
         //{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: yyyy yyyyy} 
         //{urn:microsoftaccount:id: xxxxxxxx}  
         //{urn:microsoftaccount:name: yyyy yyyyy}  
         //{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: xxxxxxxx@hotmail.com}
                return Task.FromResult(0);
                }
        };
        // Enable the application to use a cookie to store information for the signed in user
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });
        // Use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        app.UseMicrosoftAccountAuthentication(mo);
    }

合理的期望断言,framwework将透明地处理将范围添加到默认*AuthenticationOptions。随后,使用ExternalLoginConfirmation代码中的MVC5模板,开发人员can extract and persist Claims。另一个合理的期望是框架会将传入的标准 ClaimTypes转换为框架公开的ClaimsIdentity中的声明。

我很高兴源代码可用MicrosoftAccountAutheticationHandler.cs,我会检查它来解决这个问题;缺乏回应。祝愿Katana随着文档和框架的成熟而受到欢迎。有没有办法让框架帮助开发人员发现配置问题?

1 个答案:

答案 0 :(得分:0)

如果我们两个都没有达到推理的逻辑砖墙,我会同意你的意见.... 我认为它与分离的Owin安全上下文有关,而Web应用程序在单独的上下文中运行,您必须“播种”Web。所以我推断的是:

在Startup.Auth.cs 

var microsoftOptions =
            new Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationOptions
            {
                CallbackPath = new Microsoft.Owin.PathString("/Callbacks/External"),//register at oAuth provider
                ClientId = "xxxx",
                ClientSecret = "yyyyyyyyyyyyyyyyy",
                Provider = new Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationProvider
                {
                    OnAuthenticated = (context) =>
                        {
                            context.Identity.AddClaim(new Claim(providerKey, context.Identity.AuthenticationType));
                            context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Identity.FindFirstValue(ClaimTypes.Name)));
                            return System.Threading.Tasks.Task.FromResult(0);
                        }
                }
            };
        microsoftOptions.Scope.Add("wl.basic");
        microsoftOptions.Scope.Add("wl.emails");
        app.UseMicrosoftAccountAuthentication(microsoftOptions);

并在AccountController中:

    [AllowAnonymous]
    public async Task<ActionResult> oAuthCallback(string returnUrl)
    {
        var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
        if (loginInfo == null)
        {
            if (User.Identity.IsAuthenticated)
                return RedirectToAction("Index", "Manage");
            else
                return RedirectToAction("Login");
        }

        var currentUser = await UserManager.FindAsync(loginInfo.Login);
        if (currentUser != null)
        {
            await StoreExternalTokensOnLocalContext(currentUser);
        }
        //.... rest as same as per AspNet Sample project.
    }


    private async Task StoreExternalTokensOnLocalContext(ApplicationUser user)
    {
        if (user == null)
            return;

        var externalIdentity = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
        if (externalIdentity != null)
        {
            // Retrieve the existing claims for the user and add the FacebookAccessTokenClaim 
            var currentClaims = await UserManager.GetClaimsAsync(user.Id);
            //var providerClaim = externalIdentity.FindFirstValue("provider") ?? string.Empty;
            await StoreClaim("provider", user.Id, externalIdentity);
            await StoreClaim("FacebookId", user.Id, externalIdentity);
            await StoreClaim("image", user.Id, externalIdentity);
            await StoreClaim("link", user.Id, externalIdentity);
            await StoreClaim(ClaimTypes.Name, user.Id, externalIdentity);
            await StoreClaim(ClaimTypes.Email, user.Id, externalIdentity);

            var addedClaims = await UserManager.GetClaimsAsync(user.Id);
        }
    }

    private async Task StoreClaim(string typeName, string userId, ClaimsIdentity externalIdentity)
    {
        var providerClaim = externalIdentity.Claims.FirstOrDefault(c => c.Type.Equals(typeName));
        if (providerClaim == null)
            return;
        var previousClaims = await UserManager.GetClaimsAsync(userId);
        if (previousClaims.IndexOf(providerClaim) >= 0)
            return;
        var idResult = await UserManager.AddClaimAsync(userId, providerClaim);
    }
相关问题
最新问题