我想在我的網站中使用DotNetOpenAuth進行身份驗證+授權(gmail)。我應該從Gmail中獲取DotNetOpenAuth?
但是,我想問:我應該堅持什麼?
心想:
- 在DB:爲每個用戶保存一個GUID和他的Gmail(取)
- 在formAuthentication餅乾的GUID我已經分配給該用戶。
其他建議?
public bool Login()
{
IAuthenticationResponse authResponse = GoogleConsumerHandler.RelyingParty.GetResponse();
if (authResponse != null)
{
HandleAuthResponse(authResponse);
}
else
{
HandleAuthNullResponse(authResponse);
}
return false;
}
#region private methods
private void HandleAuthResponse(IAuthenticationResponse authResponse)
{
switch (authResponse.Status)
{
case AuthenticationStatus.Authenticated:
State.FetchResponse = authResponse.GetExtension<FetchResponse>();
var consumer = new WebConsumer(GoogleConsumerHandler.ServiceDescription, mConsumerTokenManager);
AuthorizedTokenResponse accessToken = consumer.ProcessUserAuthorization(authResponse);
if (accessToken != null)
{
var email = authResponse.ClaimedIdentifier;
//existing or new
Guid userId = mCRMService.GetUserId(email, accessToken.AccessToken);
State.GoogleAccessToken = accessToken.AccessToken;
FormsAuthentication.SetAuthCookie(userId.ToString(), false);
//authenticat and authorized
//Response.Redirect("~/Browser.htm");
}
else
{
//authenticated and not authorized
//MultiView1.SetActiveView(AuthorizationDenied);
}
break;
case AuthenticationStatus.Canceled:
break;
case AuthenticationStatus.Failed:
break;
default:
//not authenticated
//this.MultiView1.SetActiveView(this.AuthenticationFailed);
break;
}
}
private void HandleAuthNullResponse(IAuthenticationResponse authResponse)
{
// Google requires that the realm and consumer key be equal,
// so we constrain the realm to match the realm in the web.config file.
// This does mean that the return_to URL must also fall under the key,
// which means this sample will only work on a public web site
// that is properly registered with Google.
// We will customize the realm to use http or https based on what the
// return_to URL will be (which will be this page).
var consumer = new WebConsumer(GoogleConsumerHandler.ServiceDescription, mConsumerTokenManager);
//Realm realm = "http://localhost:8976/";
Realm realm = System.Web.HttpContext.Current.Request.Url.Scheme + Uri.SchemeDelimiter + consumer.ConsumerKey + "/";
IAuthenticationRequest authReq = GoogleConsumerHandler.RelyingParty.CreateRequest(GoogleConsumerHandler.GoogleOPIdentifier, realm);
// Prepare the OAuth extension
string scope = GoogleConsumerHandler.GetScopeUri(GoogleConsumerHandler.Applications.Gmail);
consumer.AttachAuthorizationRequest(authReq, scope);
// We also want the user's email address
var fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
authReq.AddExtension(fetch);
authReq.RedirectToProvider();
}
「我應該堅持什麼?」這很大程度上取決於你想要完成什麼。你需要授權什麼? – 2012-03-09 06:29:03
Gmail應用程序。我想閱讀郵件元數據。我認爲kepp accesstoken with last_update_date – 2012-03-09 08:59:03
爲什麼downvote?我認爲這是一個有效的問題。所以,從我+1。 – Beyers 2012-03-09 12:11:36