我一直在阅读大量使用外部身份验证服务获取基本用户身份验证的指南,并且我无法让这些令人震惊的事情发挥作用。在ASP.NET核心中使用Google +/Facebook身份验证
我开始使用具有用户级安全性的“锅炉板”.NET核心项目。我创建了我的Google和Facebook身份验证密钥,并包含必要的库。我把我的用户类,像这样:
public class ApplicationUser : IdentityUser<Guid>
{
public string FirstName { get; set; }
public string LastName { get; set; }
public string MiddleName { get; set; }
public string Nickname { get; set; }
}
我Startup.cs文件看起来像这样:
public class Startup
{
public Startup(IHostingEnvironment env)
{
var builder =
new ConfigurationBuilder().SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", true, true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", true);
if (env.IsDevelopment())
builder.AddUserSecrets();
builder.AddEnvironmentVariables();
Configuration = builder.Build();
}
public IConfigurationRoot Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddDbContext<ApplicationDbContext>(
options => options.UseNpgsql(Configuration.GetConnectionString("ApplicationDb")));
services.AddIdentity<ApplicationUser, ApplicationRole>(opt =>
{
opt.Password.RequireNonAlphanumeric = false;
opt.Password.RequireUppercase = false;
opt.Password.RequireLowercase = false;
opt.Password.RequireDigit = false;
opt.Password.RequiredLength = 8;
opt.User.RequireUniqueEmail = true;
opt.User.AllowedUserNameCharacters = "abcd[email protected].";
opt.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
opt.Lockout.MaxFailedAccessAttempts = 5;
opt.SignIn.RequireConfirmedEmail = true;
opt.SignIn.RequireConfirmedPhoneNumber = false;
})
.AddEntityFrameworkStores<ApplicationDbContext, Guid>()
.AddDefaultTokenProviders();
services.AddMvc(options => { options.Filters.Add(new RequireHttpsAttribute()); });
// Add application services.
services.AddTransient<IEmailSender, AuthMessageSender>();
services.AddTransient<ISmsSender, AuthMessageSender>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
app.UseIdentity();
//Add external authentication middleware below.To configure them please see http://go.microsoft.com/fwlink/?LinkID=532715
var facebookOptions = new FacebookOptions
{
AppId = Configuration["Authentication:Facebook:AppId"],
AppSecret = Configuration["Authentication:Facebook:AppSecret"]
};
app.UseFacebookAuthentication(facebookOptions);
var googleOptions = new GoogleOptions
{
ClientId = Configuration["Authentication:Google:AppId"],
ClientSecret = Configuration["Authentication:Google:AppSecret"]
};
app.UseGoogleAuthentication(googleOptions);
app.UseMvc(routes =>
{
routes.MapRoute("default", "{controller=Home}/{action=Index}/{id?}");
});
}
}
到目前为止,一切都很好。我启动该项目,点击“登录”链接,我可以选择使用Google或Facebook登录。我选择谷歌,并...我第一次尝试,我得到提示由谷歌的批准,并指出返回注册页面,在这里创建我的本地帐户昵称等
现在,我可以去将本地密码添加到我的帐户。所有人都在游泳。因此,我删除我的cookie后,注销并尝试使用我的Google凭据重新登录。令人惊讶的是,我再次进入了注册页面,但我无法注册,因为我已经注册。我的本地密码也不起作用。
所以我深入了解了这一点。在AccountController
中有一种叫做ExternalLoginCallback
的方法,其中所有的魔法似乎都发生了。我的方法是这样的:
[HttpGet]
[AllowAnonymous]
public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
{
if (remoteError != null)
{
ModelState.AddModelError(string.Empty, $"Error from external provider: {remoteError}");
return View(nameof(Login));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
return RedirectToAction(nameof(Login));
// Sign in the user with this external login provider if the user already has a login.
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, false);
if (result.Succeeded)
{
_logger.LogInformation(5, "User logged in with {Name} provider.", info.LoginProvider);
return RedirectToLocal(returnUrl);
}
if (result.RequiresTwoFactor)
return RedirectToAction(nameof(SendCode), new
{
ReturnUrl = returnUrl
});
if (result.IsLockedOut)
return View("Lockout");
// If the user does not have an account, then ask the user to create an account.
ViewData["ReturnUrl"] = returnUrl;
ViewData["LoginProvider"] = info.LoginProvider;
var email = info.Principal.FindFirstValue(ClaimTypes.Email);
var firstName = info.Principal.FindFirstValue(ClaimTypes.GivenName);
var lastName = info.Principal.FindFirstValue(ClaimTypes.Surname);
return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel
{
Email = email,
FirstName = firstName,
LastName = lastName
});
}
我跟踪代码,因为它穿过_signInManager.GetExternalLoginInfoAsync()
号召,......结果是NotAllowed
?
NotAllowed
是4个可能的结果之一,据我所知,其他3个是Succeeded
,RequiresTwoFactor
和IsLockedOut
。其他3个值发送到其他地方,所以我必须假设NotAllowed
预计没有本地帐户存在时...除了存在本地计数。
有人可以给我这到底是怎么回事的想法?一旦我与Google(或Facebook)签约,就会发生类似的事情,我无法重新登录,并且几乎没有任何有用的反馈来确定实际问题。