将范围"wl.emails"添加到 Startup.Auth 中的 MicrosoftAccountAuthenticationOptions .cs会导致问题

请告诉我出了什么问题。

    public void ConfigureAuth(IAppBuilder app)
    {
        var mo = new MicrosoftAccountAuthenticationOptions();
        mo.ClientId = "xxxxxxxxxxxxxxxxx";
        mo.ClientSecret = "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy";
        mo.Scope.Add("wl.basic"); // No effect if this commented out
        mo.Scope.Add("wl.emails");
        // IF I COMMENT NEXT TWO PROPERTIES, USER IS AUTHENTICATED, BUT THE DB IS NOT
        // UPDATED. LEAVE THEM AND THE REDIRECT FROM MSLIVE ENDS ON LOGIN PAGE
        mo.SignInAsAuthenticationType = "External";
        mo.Provider = new MicrosoftAccountAuthenticationProvider()
        {
            OnAuthenticated = (context) =>
                {
         // Set breakpoint here to see the context.Identity.Claims HAS CLAIMS DESIRED.
         // SO IT APPEARS TO ME Nothing to do here but verify they exist in the debugger.
         //(context.Identity.Claims).Items  ARE:  
         //{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: xxxxxxxxx}
         //{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: yyyy yyyyy} 
         //{urn:microsoftaccount:id: xxxxxxxx}  
         //{urn:microsoftaccount:name: yyyy yyyyy}  
         //{http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: xxxxxxxx@hotmail.com}
                return Task.FromResult(0);
                }
        };
        // Enable the application to use a cookie to store information for the signed in user
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });
        // Use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
        app.UseMicrosoftAccountAuthentication(mo);
    }

合理的预期是框架工作将透明地处理向默认*AuthenticationOptions添加Scope的操作。随后，编写MVC5模板，开发人员可以在ExternalLoginConfirmation代码中提取并持久化Claims。另一个合理的预期是，该框架将把传入的标准ClaimTypes转换为该框架公开的ClaimsIdentity中的声明。

我很高兴源代码是可用的MicrosoftAccountAuthetitionHandler.cs，我会检查它来解决这个问题；缺乏回应。在文件和框架日趋成熟之际，向卡塔纳致以最良好的祝愿。框架是否有办法帮助开发人员发现配置问题？。

如果我们没有遇到相同的逻辑推理砖墙，我会同意你的看法。。。。我认为这与一个分离的Owin安全上下文有关，而web应用程序在一个单独的上下文中运行，你必须"播种"web应用程序。所以我推断出：

在Startup.Auth.cs 中

var microsoftOptions =
            new Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationOptions
            {
                CallbackPath = new Microsoft.Owin.PathString("/Callbacks/External"),//register at oAuth provider
                ClientId = "xxxx",
                ClientSecret = "yyyyyyyyyyyyyyyyy",
                Provider = new Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationProvider
                {
                    OnAuthenticated = (context) =>
                        {
                            context.Identity.AddClaim(new Claim(providerKey, context.Identity.AuthenticationType));
                            context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Identity.FindFirstValue(ClaimTypes.Name)));
                            return System.Threading.Tasks.Task.FromResult(0);
                        }
                }
            };
        microsoftOptions.Scope.Add("wl.basic");
        microsoftOptions.Scope.Add("wl.emails");
        app.UseMicrosoftAccountAuthentication(microsoftOptions);

和在AccountController中：

    [AllowAnonymous]
    public async Task<ActionResult> oAuthCallback(string returnUrl)
    {
        var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
        if (loginInfo == null)
        {
            if (User.Identity.IsAuthenticated)
                return RedirectToAction("Index", "Manage");
            else
                return RedirectToAction("Login");
        }
        var currentUser = await UserManager.FindAsync(loginInfo.Login);
        if (currentUser != null)
        {
            await StoreExternalTokensOnLocalContext(currentUser);
        }
        //.... rest as same as per AspNet Sample project.
    }

    private async Task StoreExternalTokensOnLocalContext(ApplicationUser user)
    {
        if (user == null)
            return;
        var externalIdentity = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
        if (externalIdentity != null)
        {
            // Retrieve the existing claims for the user and add the FacebookAccessTokenClaim 
            var currentClaims = await UserManager.GetClaimsAsync(user.Id);
            //var providerClaim = externalIdentity.FindFirstValue("provider") ?? string.Empty;
            await StoreClaim("provider", user.Id, externalIdentity);
            await StoreClaim("FacebookId", user.Id, externalIdentity);
            await StoreClaim("image", user.Id, externalIdentity);
            await StoreClaim("link", user.Id, externalIdentity);
            await StoreClaim(ClaimTypes.Name, user.Id, externalIdentity);
            await StoreClaim(ClaimTypes.Email, user.Id, externalIdentity);
            var addedClaims = await UserManager.GetClaimsAsync(user.Id);
        }
    }
    private async Task StoreClaim(string typeName, string userId, ClaimsIdentity externalIdentity)
    {
        var providerClaim = externalIdentity.Claims.FirstOrDefault(c => c.Type.Equals(typeName));
        if (providerClaim == null)
            return;
        var previousClaims = await UserManager.GetClaimsAsync(userId);
        if (previousClaims.IndexOf(providerClaim) >= 0)
            return;
        var idResult = await UserManager.AddClaimAsync(userId, providerClaim);
    }

相关内容

最新更新

热门标签：