Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
143 views
in Technique[技术] by (71.8m points)

oAuth ASP.NET Membership Provider

Are there any recommended resources for implementing a custom membership provider that uses oAuth? The goal would be to have users to log into my ASP.NET MVC application using their existing oAuth credentials. After the user is authenticated, I'd then like to leverage the built-in ASP.NET authorization features.

Thanks.

question from:https://stackoverflow.com/questions/1209031/oauth-asp-net-membership-provider

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I'm not sure what you're looking for is OAuth.

OAuth is for delegating authorization, through the use of tokens. Depending on what you're doing you have two scenarios either:

  1. Your application wants to use some of the users data, hosted by a provider (say twitter or google). In which case your application would be a consumer - in short, the user would need to log-in and agree to authorizing your application to have access to the their data on the provider, and you would be given an access token which can be used to gain access to those protected resources.
  2. Alternatively, you have an application, with users who have log-ins etc. And you want to provide (i.e. you're the provider) access to some restricted information of your users to 3rd party applications (consumers) without exposing your users credentials to those services.

For more info on OAuth - check out the OAuth.Net website. There are currently 3 implementations of OAuth available for .Net.

Because of the way OAuth works, I can't really imagine how you could have an "OAuth" membership provider - It's really intended for securing API's, and often the goal is to delegate authorization at a more granular level i.e. giving a consumer application access to just a users address book data, without letting them access email archives, their calendar etc. - which doesn't fit well with a membership / role based security model.

I'm guessing what you're really looking for is OpenId i.e. the way you authenticate yourself with Stackoverflow itself. I would suggest reading the Stackoverflow OpenId case study here and probably the best OpenId implementation for .Net is currently part of DotNetOpenAuth project (this was formally called DotNetOpenId, the google code site for the project is here).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...