我正在尝试将 DotNetOpenAuth 示例设置为具有自定义提供程序的有效 SSO 解决方案。我正在使用似乎工作正常的 OpenIdProviderMvc 示例项目。
我的问题是设置“消费者”,在本例中是 OpenIdRelyingPartyMvc 示例项目,我无法将其配置为使用 OpenIdProvider。
我试图在消费者的 web.config 上设置一个端点,如下所示:
<trustedProviders rejectAssertionsFromUntrustedProviders="true">
<add endpoint="http://localhost:4864/OpenID/Provider" />
</trustedProviders>
但我得到的只是“未找到 OpenID 端点”。错误(实际上,我不太确定在 OpenID 框上放什么...)
这个项目实际上是无证的。有人可以指出我正确的方向吗?
至少让提供者和消费者互相工作和交谈?
让我们开始吧:
1- 打开 Visual Studio 2010 转到文件 > 新建 > 项目 > Web > ASP.NET MVC 3 应用程序:
然后选择 Internet 应用程序,确保将 Razor 作为您的视图引擎,然后单击确定:
2-下载 Assets 文件夹,它包含我们将使用的DotNetOpenAuth dll 和 OpenID-Selector 文件,
如果你想去这些项目并更详细地发现它们,请随意。
解压到你想要的文件夹
a - Add the DotNetOpenAuth.dll to references in your site.
b- Delete all files/folders in Site Content folder.
c- Copy Assets Content files/folders to the site Content .
d- Copy the Assets Script files to the site Script.
.
您的项目将如下所示:
3- 转到 Views > Shared > _Layout.cshtml 并用这个新的 head 替换 ,我们刚刚添加了新的样式和脚本:
<head>
<title>@ViewBag.Title</title>
<link href="@Url.Content("~/Content/Site.css")"
rel="stylesheet" type="text/css" />
<script src="@Url.Content("~/Scripts/jquery-1.4.4.min.js")"
type="text/javascript"></script>
<link href="@Url.Content("~/Content/openid-shadow.css")"
rel="stylesheet" type="text/css" />
<link href="@Url.Content("~/Content/openid.css")"
rel="stylesheet" type="text/css" />
<script src="@Url.Content("~/Scripts/openid-en.js")"
type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/openid-jquery.js")"
type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function () {
openid.init('openid_identifier');
});
</script>
</head>
4- 转到 Models > AccountModels.cs ,导航到公共类 LogOnModel
并添加 OpenID 属性,我们将使用它来保存从 OpenID-Selector 返回的 OpenID
您的课程将如下所示:
public class LogOnModel
{
[Display(Name = "OpenID")]
public string OpenID { get; set; }
[Required]
[Display(Name = "User name")]
public string UserName { get; set; }
[Required]
[DataType(DataType.Password)]
[Display(Name = "Password")]
public string Password { get; set; }
[Display(Name = "Remember me?")]
public bool RememberMe { get; set; }
}
导航到公共类 RegisterModel 并添加 OpenID 属性
public class RegisterModel
{
[Display(Name = "OpenID")]
public string OpenID { get; set; }
[Required]
[Display(Name = "User name")]
public string UserName { get; set; }
[Required]
[DataType(DataType.EmailAddress)]
[Display(Name = "Email address")]
public string Email { get; set; }
[Required]
[ValidatePasswordLength]
[DataType(DataType.Password)]
[Display(Name = "Password")]
public string Password { get; set; }
[DataType(DataType.Password)]
[Display(Name = "Confirm password")]
[Compare("Password", ErrorMessage =
"The password and confirmation password do not match.")]
public string ConfirmPassword { get; set; }
}
然后转到 AccountModels.cs 中的服务部分
并修改 CreateUser 和 Add GetUser 以通过 OpenID 获取用户,您的界面
将如下所示:
public interface IMembershipService
{
int MinPasswordLength { get; }
bool ValidateUser(string userName, string password);
MembershipCreateStatus CreateUser(string userName, string password,
string email, string OpenID);
bool ChangePassword(string userName, string oldPassword, string newPassword);
MembershipUser GetUser(string OpenID);
}
将这些添加到 AccountModels.cs
using System.Security.Cryptography;
using System.Text;
然后将此函数添加到 AccountModels.cs 中,该函数将用于将 OpenID 转换为 GUID
注意:随意对您的系统使用更好的散列,MD5 有一些冲突问题。
public Guid StringToGUID(string value)
{
// Create a new instance of the MD5CryptoServiceProvider object.
MD5 md5Hasher = MD5.Create();
// Convert the input string to a byte array and compute the hash.
byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(value));
return new Guid(data);
}
还将 CreateUser 函数修改为如下所示:
public MembershipCreateStatus CreateUser(string userName, string password,
string email , string OpenID)
{
if (String.IsNullOrEmpty(userName)) throw
new ArgumentException("Value cannot be null or empty.", "userName");
if (String.IsNullOrEmpty(password)) throw
new ArgumentException("Value cannot be null or empty.", "password");
if (String.IsNullOrEmpty(email)) throw
new ArgumentException("Value cannot be null or empty.", "email");
MembershipCreateStatus status;
_provider.CreateUser(userName, password, email, null, null, true,
StringToGUID(OpenID), out status);
return status;
}
在这里,我们使用 MemberShip ProviderUserKey 来存储 OpenID 以及将 OpenID 字符串转换为 GUID 以供 CreateUser 和 GetUser 方法使用的技巧。
现在让我们将此函数添加到 AccountModels.cs 中,它将通过 OpenID 获取用户:
public MembershipUser GetUser(string OpenID)
{
return _provider.GetUser(StringToGUID(OpenID), true);
}
5- 转到视图 > 帐户 > LogOn.cshtml
用这个替换所有标记,我们正在将 OpenID-Selector 集成到 LogOn View:
@model OpenIDMVC3.Models.LogOnModel
@{
ViewBag.Title = "Log On";
}
<h2>
Log On</h2>
<p>
Please enter your username and password. @Html.ActionLink("Register", "Register")
if you don't have an account.
</p>
<script src="@Url.Content("~/Scripts/jquery.validate.min.js")" type="text/javascript">
</script>
<script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.min.js")"
type="text/javascript"></script>
<form action=
"Authenticate?ReturnUrl=@HttpUtility.UrlEncode(Request.QueryString["ReturnUrl"])"
method="post" id="openid_form">
<input type="hidden" name="action" value="verify" />
<div>
<fieldset>
<legend>Login using OpenID</legend>
<div class="openid_choice">
<p>
Please click your account provider:</p>
<div id="openid_btns">
</div>
</div>
<div id="openid_input_area">
@Html.TextBox("openid_identifier")
<input type="submit" value="Log On" />
</div>
<noscript>
<p>
OpenID is service that allows you to log-on to many different websites
using a single indentity. Find out <a href="http://openid.net/what/">
more about OpenID</a>and <a href="http://openid.net/get/">
how to get an OpenID enabled account</a>.</p>
</noscript>
<div>
@if (Model != null)
{
if (String.IsNullOrEmpty(Model.UserName))
{
<div class="editor-label">
@Html.LabelFor(model => model.OpenID)
</div>
<div class="editor-field">
@Html.DisplayFor(model => model.OpenID)
</div>
<p class="button">
@Html.ActionLink("New User ,Register", "Register",
new { OpenID = Model.OpenID })
</p>
}
else
{
//user exist
<p class="buttonGreen">
<a href="@Url.Action("Index", "Home")">Welcome , @Model.UserName,
Continue..." </a>
</p>
}
}
</div>
</fieldset>
</div>
</form>
@Html.ValidationSummary(true, "Login was unsuccessful. Please correct the errors
and try again.")
@using (Html.BeginForm())
{
<div>
<fieldset>
<legend>Or Login Normally</legend>
<div class="editor-label">
@Html.LabelFor(m => m.UserName)
</div>
<div class="editor-field">
@Html.TextBoxFor(m => m.UserName)
@Html.ValidationMessageFor(m => m.UserName)
</div>
<div class="editor-label">
@Html.LabelFor(m => m.Password)
</div>
<div class="editor-field">
@Html.PasswordFor(m => m.Password)
@Html.ValidationMessageFor(m => m.Password)
</div>
<div class="editor-label">
@Html.CheckBoxFor(m => m.RememberMe)
@Html.LabelFor(m => m.RememberMe)
</div>
<p>
<input type="submit" value="Log On" />
</p>
</fieldset>
</div>
}
6- 现在让我们运行项目,然后点击 [Log On] 链接,你会得到这样的页面:
7- 转到 Controllers > AccountController.cs 并使用以下命令添加这些:
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.RelyingParty;
using DotNetOpenAuth.OpenId.Extensions.AttributeExchange;
然后将此属性添加到 AccountController.cs:
private static OpenIdRelyingParty openid = new OpenIdRelyingParty();
然后将此函数添加到 AccountController.cs:
[ValidateInput(false)]
public ActionResult Authenticate(string returnUrl)
{
var response = openid.GetResponse();
if (response == null)
{
//Let us submit the request to OpenID provider
Identifier id;
if (Identifier.TryParse(Request.Form["openid_identifier"], out id))
{
try
{
var request = openid.CreateRequest(
Request.Form["openid_identifier"]);
return request.RedirectingResponse.AsActionResult();
}
catch (ProtocolException ex)
{
ViewBag.Message = ex.Message;
return View("LogOn");
}
}
ViewBag.Message = "Invalid identifier";
return View("LogOn");
}
//Let us check the response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
LogOnModel lm = new LogOnModel();
lm.OpenID = response.ClaimedIdentifier;
// check if user exist
MembershipUser user = MembershipService.GetUser(lm.OpenID);
if (user != null)
{
lm.UserName = user.UserName;
FormsService.SignIn(user.UserName, false);
}
return View("LogOn", lm);
case AuthenticationStatus.Canceled:
ViewBag.Message = "Canceled at provider";
return View("LogOn");
case AuthenticationStatus.Failed:
ViewBag.Message = response.Exception.Message;
return View("LogOn");
}
return new EmptyResult();
}
8 - 现在运行项目点击 [Log On] 链接并点击像谷歌这样的供应商
它可能会要求您登录或要求您允许访问您的信息
你会得到一个这样的页面:
如您所见,它显示了您的 OpenID 和一个按钮,表明这是一个尚未注册的新用户,
在点击 [New User ,Register] 按钮之前,我们需要修改 Register 视图和控制器以访问 OpenID 信息。
9- 转到控制器 > AccountController.cs 将 [ActionResult Register ()] 替换为:
public ActionResult Register(string OpenID)
{
ViewBag.PasswordLength = MembershipService.MinPasswordLength;
ViewBag.OpenID = OpenID;
return View();
}
并修改 [ActionResult Register(RegisterModel model)] 时使用 OpenID
创建用户:
[HttpPost]
public ActionResult Register(RegisterModel model)
{
if (ModelState.IsValid)
{
// Attempt to register the user
MembershipCreateStatus createStatus =
MembershipService.CreateUser(model.UserName, model.Password,
model.Email,model.OpenID);
if (createStatus == MembershipCreateStatus.Success)
{
FormsService.SignIn(model.UserName, false);
return RedirectToAction("Index", "Home");
}
else
{
ModelState.AddModelError("",
AccountValidation.ErrorCodeToString(createStatus));
}
}
// If we got this far, something failed, redisplay form
ViewBag.PasswordLength = MembershipService.MinPasswordLength;
return View(model);
}
10- 转到 Views > Account > Register.cshtml ,将标记替换为:
@model OpenIDMVC3.Models.RegisterModel
@{
ViewBag.Title = "Register";
}
<h2>Create a New Account</h2>
<p>
Use the form below to create a new account.
</p>
<p>
Passwords are required to be a minimum of @ViewBag.PasswordLength
characters in length.
</p>
<script src="@Url.Content("~/Scripts/jquery.validate.min.js")"
type="text/javascript"></script>
<script src="@Url.Content("~/Scripts/jquery.validate.unobtrusive.min.js")"
type="text/javascript"></script>
@using (Html.BeginForm()) {
@Html.ValidationSummary(true, "Account creation was unsuccessful.
Please correct the errors and try again.")
<div>
<fieldset>
<legend>Account Information</legend>
@if (ViewData["OpenID"] != null)
{
<div class="editor-label">
@Html.Label("OpenID")
</div>
<div class="editor-label">
@Html.Label((string)ViewBag.OpenID)
</div>
}
<div class="editor-label">
@Html.LabelFor(m => m.UserName)
</div>
<div class="editor-field">
@Html.TextBoxFor(m => m.UserName)
@Html.ValidationMessageFor(m => m.UserName)
</div>
<div class="editor-label">
@Html.LabelFor(m => m.Email)
</div>
<div class="editor-field">
@Html.TextBoxFor(m => m.Email)
@Html.ValidationMessageFor(m => m.Email)
</div>
<div class="editor-label">
@Html.LabelFor(m => m.Password)
</div>
<div class="editor-field">
@Html.PasswordFor(m => m.Password)
@Html.ValidationMessageFor(m => m.Password)
</div>
<div class="editor-label">
@Html.LabelFor(m => m.ConfirmPassword)
</div>
<div class="editor-field">
@Html.PasswordFor(m => m.ConfirmPassword)
@Html.ValidationMessageFor(m => m.ConfirmPassword)
</div>
<p>
<input type="submit" value="Register" />
</p>
</fieldset>
</div>
}
11- 转到第 8 步,让我们点击 [New User ,Register] 按钮,你会得到这个:
12-注册您想要的任何帐户,您将获得如下页面:
13-点击[注销]并使用相同的OpenID再次登录,你会得到这样的页面:
如您所见,欢迎绿色按钮检测到该用户已注册。
14-单击绿色按钮,您将获得如下页面:
恭喜!,现在您已将 OpenID 集成到您的项目中。