我一直在閱讀大量使用外部身份驗證服務獲取基本用戶身份驗證的指南,並且我無法讓這些令人震驚的事情發揮作用。在ASP.NET核心中使用Google +/Facebook身份驗證
我開始使用具有用戶級安全性的「鍋爐板」.NET核心項目。我創建了我的Google和Facebook身份驗證密鑰,幷包含必要的庫。我把我的用戶類,像這樣:
public class ApplicationUser : IdentityUser<Guid>
{
public string FirstName { get; set; }
public string LastName { get; set; }
public string MiddleName { get; set; }
public string Nickname { get; set; }
}
我Startup.cs文件看起來像這樣:
public class Startup
{
public Startup(IHostingEnvironment env)
{
var builder =
new ConfigurationBuilder().SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", true, true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", true);
if (env.IsDevelopment())
builder.AddUserSecrets();
builder.AddEnvironmentVariables();
Configuration = builder.Build();
}
public IConfigurationRoot Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddDbContext<ApplicationDbContext>(
options => options.UseNpgsql(Configuration.GetConnectionString("ApplicationDb")));
services.AddIdentity<ApplicationUser, ApplicationRole>(opt =>
{
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 8;
opt.User.RequireUniqueEmail = true;
opt.User.AllowedUserNameCharacters = "abcd[email protected].";
opt.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
opt.Lockout.MaxFailedAccessAttempts = 5;
opt.SignIn.RequireConfirmedEmail = true;
opt.SignIn.RequireConfirmedPhoneNumber = false;
})
.AddEntityFrameworkStores<ApplicationDbContext, Guid>()
.AddDefaultTokenProviders();
services.AddMvc(options => { options.Filters.Add(new RequireHttpsAttribute()); });
// Add application services.
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseIdentity();
//Add external authentication middleware below.To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715
var facebookOptions = new FacebookOptions
{
AppId = Configuration["Authentication:Facebook:AppId"],
AppSecret = Configuration["Authentication:Facebook:AppSecret"]
};
app.UseFacebookAuthentication(facebookOptions);
var googleOptions = new GoogleOptions
{
ClientId = Configuration["Authentication:Google:AppId"],
ClientSecret = Configuration["Authentication:Google:AppSecret"]
};
app.UseGoogleAuthentication(googleOptions);
app.UseMvc(routes =>
{
routes.MapRoute("default", "{controller=Home}/{action=Index}/{id?}");
});
}
}
到目前爲止,一切都很好。我啓動該項目,點擊「登錄」鏈接,我可以選擇使用Google或Facebook登錄。我選擇谷歌,並...我第一次嘗試,我得到提示由谷歌的批准,並指出返回註冊頁面,在這裏創建我的本地帳戶暱稱等
現在,我可以去將本地密碼添加到我的帳戶。所有人都在游泳。因此,我刪除我的cookie後,註銷並嘗試使用我的Google憑據重新登錄。令人驚訝的是,我再次進入了註冊頁面,但我無法註冊,因爲我已經註冊。我的本地密碼也不起作用。
所以我深入瞭解了這一點。在AccountController
中有一種叫做ExternalLoginCallback
的方法,其中所有的魔法似乎都發生了。我的方法是這樣的:
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
ModelState.AddModelError(string.Empty, $"Error from external provider: {remoteError}");
return View(nameof(Login));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
return RedirectToAction(nameof(Login));
// Sign in the user with this external login provider if the user already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, false);
if (result.Succeeded)
{
_logger.LogInformation(5, "User logged in with {Name} provider.", info.LoginProvider);
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor)
return RedirectToAction(nameof(SendCode), new
{
ReturnUrl = returnUrl
});
if (result.IsLockedOut)
return View("Lockout");
// If the user does not have an account, then ask the user to create an account.
ViewData["ReturnUrl"] = returnUrl;
ViewData["LoginProvider"] = info.LoginProvider;
var email = info.Principal.FindFirstValue(ClaimTypes.Email);
var firstName = info.Principal.FindFirstValue(ClaimTypes.GivenName);
var lastName = info.Principal.FindFirstValue(ClaimTypes.Surname);
return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel
{
Email = email,
FirstName = firstName,
LastName = lastName
});
}
我跟蹤代碼,因爲它穿過_signInManager.GetExternalLoginInfoAsync()
號召,......結果是NotAllowed
?
NotAllowed
是4個可能的結果之一,據我所知,其他3個是Succeeded
,RequiresTwoFactor
和IsLockedOut
。其他3個值發送到其他地方,所以我必須假設NotAllowed
預計沒有本地帳戶存在時...除了存在本地計數。
有人可以給我這到底是怎麼回事的想法?一旦我與Google(或Facebook)簽約,就會發生類似的事情,我無法重新登錄,並且幾乎沒有任何有用的反饋來確定實際問題。