最小的Owin OAuth外部登录

时间:2015-05-08 18:07:26

标签: asp.net-mvc oauth-2.0 google-oauth owin

我正在尝试使用owin实现谷歌外部登录,我不需要将用户保存在Db中,我发现的所有演示都与EntityFramework相关联,所以我试图将其剥离并进入这是一个有效的实施方案:

public partial class Startup
{
    public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });

        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        app.UseGoogleAuthentication("myid00000000000.apps.googleusercontent.com", "mysecret");
    }
}

和控制器:

public class AccountController : Controller
{
    private const string XsrfKey = "XsrfId";

    [HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public ActionResult ExternalLogin(string provider, string returnUrl)
    {
        // Request a redirect to the external login provider
        return new ChallengeResult(provider, Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl }));
    }

    //
    // GET: /Account/ExternalLoginCallback
    [AllowAnonymous]
    public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        var loginInfo = await HttpContext.GetOwinContext().Authentication.GetExternalLoginInfoAsync();
        if (loginInfo == null)
        {
            return Content("failed");
        }

        return Content("logged in");
    }

internal class ChallengeResult : HttpUnauthorizedResult 
...

现在我不确定这是否足够,如果我没有错过一些用户验证步骤, 当我调用Authentication.GetExternalLoginInfoAsync()并且我得到非空结果时,这意味着我可以确定loginInfo中的信息实际上是来自谷歌还是我需要做一些额外的请求来谷歌检查这个信息?

1 个答案:

答案 0 :(得分:0)

假设您将Authentication.GetExternalLoginInfoAsync()的输出存储在变量“loginInfo”中

现在,检查loginInfo.Result.Login.LoginProvider的值。如果值为“Google”,则您收到的信息来自Google。