asp.net-mvc – 为什么我的ClaimsRequest返回null？

发布时间：2020-12-16 03:56:40 所属栏目：asp.Net 来源：网络整理

导读：我刚刚开始尝试DotNetOpenAuth项目.修改示例OpenIdRelyingPartyMvc项目,我能够获得ClaimRequest for Email以与Google合作. 但是,当我尝试将OpenID添加到我自己的项目时,ClaimResponse总是返回null.我想知道是否存在我缺少的项目或环境设置？这是我的Authent

我刚刚开始尝试DotNetOpenAuth项目.修改示例OpenIdRelyingPartyMvc项目,我能够获得ClaimRequest for Email以与Google合作.

但是,当我尝试将OpenID添加到我自己的项目时,ClaimResponse总是返回null.我想知道是否存在我缺少的项目或环境设置？

这是我的Authenticate方法：

public ActionResult Authenticate(string returnUrl)
{
    var response = openid.GetResponse();
    if (response == null)
    {
        // Stage 2: user submitting Identifier
        Identifier id;
        if (Identifier.TryParse(Request.Form["openid_identifier"],out id))
        {
            try
            {
                IAuthenticationRequest req = openid.CreateRequest(Request.Form["openid_identifier"]);
                req.AddExtension(new ClaimsRequest { Email = DemandLevel.Require });
                return req.RedirectingResponse.AsActionResult();
            }
            catch (ProtocolException ex)
            {
                ViewData["Message"] = ex.Message;
                return View("Login");
            }
        }
        else
        {
            ViewData["Message"] = "Invalid identifier";
            return View("Login");
        }
    }
    else
    {
        // Stage 3: OpenID Provider sending assertion response
        switch (response.Status)
        {
            case AuthenticationStatus.Authenticated:
                ClaimsResponse sreg = response.GetExtension<ClaimsResponse>();
                if (sreg != null)
                {
                    var email = sreg.Email;
                    Session["Email"] = email;
                }
                Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay;
                FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier,false);
                if (!string.IsNullOrEmpty(returnUrl))
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction("Index","Home");
                }
            case AuthenticationStatus.Canceled:
                ViewData["Message"] = "Canceled at provider";
                return View("Login");
            case AuthenticationStatus.Failed:
                ViewData["Message"] = response.Exception.Message;
                return View("Login");
        }
    }
    return new EmptyResult();
}

}

解决方法

<configuration>
       <configSections>
          <section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true"/>
       </configSections>
       <dotNetOpenAuth>
          <openid>
             <relyingParty>
                <behaviors>
                   <!-- The following OPTIONAL behavior allows RPs to use SREG only,but be compatible
                        with OPs that use Attribute Exchange (in various formats). -->
                   <add type="DotNetOpenAuth.OpenId.Behaviors.AXFetchAsSregTransform,DotNetOpenAuth" />
                </behaviors>
             </relyingParty>
          </openid>
       </dotNetOpenAuth>
    </configuration>

http://dotnetopenauth.net:8000/wiki/CodeSnippets/OpenIDRP/AXFetchAsSregTransform

将配置信息添加到web.config.

Google has one unique trait,in that it ignores all attribute requests marked as ‘optional’. You must request the user’s email address as ‘required’ in order to ever get an email address from Google. Be wary though,that by marking the attribute as required,Google will refuse to authenticate the user unless the user is willing to give up their email address. So if you don’t actually require the email address,it may be best to mark it as optional,and just forego getting it from your Google users in order to avoid chasing your users away by forcing them to give up their email address if they don’t want to.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!