我正在运行.NET Core v3.1和Blazor,并且已经使用Google在Google G Suite中实现了授权,仅限于我们的域,如下所述:https://www.jerriepelser.com/blog/forcing-users-sign-in-gsuite-domain-account/
登录/注销工作正常,但是当登录的用户在 Google G Suite 中被阻止或删除时,用户将保持登录我的应用程序,直到他从应用程序注销为止。当他不注销时,他可以继续使用该应用程序。
我正在寻找每小时刷新一次。
这是我的登录名.cshtml.cs:
public async Task<IActionResult> OnGetCallbackAsync(string returnUrl = null, string remoteError = null)
{
// Get the information about the user from the external login provider
var GoogleUser = User.Identities.FirstOrDefault();
if (GoogleUser.IsAuthenticated)
{
var authProperties = new AuthenticationProperties
{
IsPersistent = true,
RedirectUri = Request.Host.Value,
IssuedUtc = System.DateTime.UtcNow,
ExpiresUtc = System.DateTime.UtcNow.AddHours(1)
};
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(GoogleUser), authProperties);
}
return LocalRedirect("/");
}
我已经添加了IssuedUtc和ExpiresUtc但这并没有改变任何东西。
您必须启用调用 Google API(https://www.googleapis.com/auth/admin.directory.user、https://www.googleapis.com/auth/admin.directory.group(才能获取此信息的功能,但是,在您执行此操作之前,G-Suite 域管理员必须使用 https://developers.google.com/admin-sdk/directory/v1/guides/authorizing 授权该访问权限
这解释了该过程: https://developers.google.com/admin-sdk/directory/v1/guides/delegation
你将希望看到此 GitHub 存储库以获取代码示例: https://github.com/googleapis/google-api-dotnet-client
下面是一些 psudo 代码:
string[] Scopes = {
DirectoryService.Scope.AdminDirectoryGroup,
DirectoryService.Scope.AdminDirectoryUser
};
GoogleCredential credential;
//redirectUrl = this.Request.Host.Value;
string keyfilepath = "yourKeyFile.json";
using (var stream = new FileStream(keyfilepath, FileMode.Open, FileAccess.Read))
{
// As we are using admin SDK, we need to still impersonate user who has admin access
// https://developers.google.com/admin-sdk/directory/v1/guides/delegation
credential = GoogleCredential.FromStream(stream)
.CreateScoped(Scopes).CreateWithUser(EmailOfGoogleDomainAdmin);
}
// Create Directory API service.
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "ApplicationName",
});
// G Suite User to get information about
// This test user should be suspended
var gs_email = UserToCHeck;
var request = service.Users.Get(gs_email);
var result = request.Execute();
Console.WriteLine("Full Name: {0}", result.Name.FullName);
Console.WriteLine("Email: {0}", result.PrimaryEmail);
Console.WriteLine("ID: {0}", result.Id);
Console.WriteLine("Is Admin: {0}", result.IsAdmin);
Console.WriteLine("Is Suspended: {0}", result.Suspended);