我决定尝试添加新的Google Oauth2中间件,它几乎破坏了一切。这是我的提供者配置从startup.auth.cs ..打开时,所有的提供程序,包括谷歌提供商获得一个500内部服务器在挑战。然而,内部服务器错误的细节是不可用的,我不知道如何打开任何调试或跟踪的Katana中间件。似乎像我们一样急于把谷歌的Oauth中间件送到门外。
//// GOOGLE var googleOptions = new GoogleOAuth2AuthenticationOptions { ClientId = "228",ClientSecret = "k",CallbackPath = new PathString("/users/epsignin") SignInAsAuthenticationType = DefaultAuthenticationTypes.ExternalCookie,Provider = new GoogleOAuth2AuthenticationProvider { OnAuthenticated = context => { foreach (var x in context.User) { string claimType = string.Format("urn:google:{0}",x.Key); string claimValue = x.Value.ToString(); if (!context.Identity.HasClaim(claimType,claimValue)) context.Identity.AddClaim(new Claim(claimType,claimValue,XmlSchemaString,"Google")); } return Task.FromResult(0); } } }; app.UseGoogleAuthentication(googleOptions);
ActionMethod代码:
[AllowAnonymous] public ActionResult ExternalProviderSignIn(string provider,string returnUrl) { var ctx = Request.GetOwinContext(); ctx.Authentication.Challenge( new AuthenticationProperties { RedirectUri = Url.Action("EPSignIn",new { provider }) },provider); return new HttpUnauthorizedResult(); }
解决方法
这花了我几个小时才弄清楚,但问题是由@CrazyCoder提到的CallbackPath。我意识到CallbackPath在public void ConfigureAuth(IAppBuilder app)中必须与在ChallengeResult中设置时不同。如果它们相同,则在OWIN中抛出500个错误。
我的代码是用于ConfigureAuth(IAppBuilder app)的
var googleOptions = new Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationOptions { ClientId = "xxx",ClientSecret = "yyy",CallbackPath = new PathString("/callbacks/google"),//this is never called by MVC,but needs to be registered at your oAuth provider Provider = new GoogleOAuth2AuthenticationProvider { OnAuthenticated = (context) => { context.Identity.AddClaim(new Claim("picture",context.User.GetValue("picture").ToString())); context.Identity.AddClaim(new Claim("profile",context.User.GetValue("profile").ToString())); return Task.FromResult(0); } } }; googleOptions.Scope.Add("email"); app.UseGoogleAuthentication(googleOptions);
我的’回调’控制器代码是:
// GET: /callbacks/googlereturn - callback Action [AllowAnonymous] public async Task<ActionResult> googlereturn() { return View(); } //POST: /Account/GooglePlus public ActionResult GooglePlus() { return new ChallengeResult("Google",Request.Url.GetLeftPart(UriPartial.Authority) + "/callbacks/googlereturn",null); //Needs to be a path to an Action that will handle the oAuth Provider callback } private class ChallengeResult : HttpUnauthorizedResult { public ChallengeResult(string provider,string redirectUri) : this(provider,redirectUri,null) { } public ChallengeResult(string provider,string redirectUri,string userId) { LoginProvider = provider; RedirectUri = redirectUri; UserId = userId; } public string LoginProvider { get; set; } public string RedirectUri { get; set; } public string UserId { get; set; } public override void ExecuteResult(ControllerContext context) { var properties = new AuthenticationProperties() { RedirectUri = RedirectUri }; if (UserId != null) { properties.Dictionary[XsrfKey] = UserId; } context.HttpContext.GetOwinContext().Authentication.Challenge(properties,LoginProvider); } }
>回调/谷歌似乎由OWIN处理
回调/ googlereturn似乎由MVC处理
它现在都在工作,虽然很想知道发生在帽子下的事情
除非另有要求,否则我的建议是让OWIN使用默认的重定向路径,并确保不要自己使用它们。