但是,当我尝试将OpenID添加到我自己的项目时,ClaimResponse总是返回null.我想知道是否存在我缺少的项目或环境设置?
这是我的Authenticate方法:
public ActionResult Authenticate(string returnUrl) { var response = openid.GetResponse(); if (response == null) { // Stage 2: user submitting Identifier Identifier id; if (Identifier.TryParse(Request.Form["openid_identifier"],out id)) { try { IAuthenticationRequest req = openid.CreateRequest(Request.Form["openid_identifier"]); req.AddExtension(new ClaimsRequest { Email = DemandLevel.Require }); return req.RedirectingResponse.AsActionResult(); } catch (ProtocolException ex) { ViewData["Message"] = ex.Message; return View("Login"); } } else { ViewData["Message"] = "Invalid identifier"; return View("Login"); } } else { // Stage 3: OpenID Provider sending assertion response switch (response.Status) { case AuthenticationStatus.Authenticated: ClaimsResponse sreg = response.GetExtension<ClaimsResponse>(); if (sreg != null) { var email = sreg.Email; Session["Email"] = email; } Session["FriendlyIdentifier"] = response.FriendlyIdentifierFordisplay; FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier,false); if (!string.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); } else { return RedirectToAction("Index","Home"); } case AuthenticationStatus.Canceled: ViewData["Message"] = "Canceled at provider"; return View("Login"); case AuthenticationStatus.Failed: ViewData["Message"] = response.Exception.Message; return View("Login"); } } return new EmptyResult(); }
}
解决方法
<configuration> <configSections> <section name="dotNetopenAuth" type="DotNetopenAuth.Configuration.DotNetopenAuthSection" requirePermission="false" allowLocation="true"/> </configSections> <dotNetopenAuth> <openid> <relyingParty> <behaviors> <!-- The following OPTIONAL behavior allows RPs to use SREG only,but be compatible with OPs that use Attribute Exchange (in varIoUs formats). --> <add type="DotNetopenAuth.OpenId.Behaviors.AXFetchAsSregTransform,DotNetopenAuth" /> </behaviors> </relyingParty> </openid> </dotNetopenAuth> </configuration>
http://dotnetopenauth.net:8000/wiki/CodeSnippets/OpenIDRP/AXFetchAsSregTransform
Google has one unique trait,in that it ignores all attribute requests marked as ‘optional’. You must request the user’s email address as ‘required’ in order to ever get an email address from Google. Be wary though,that by marking the attribute as required,Google will refuse to authenticate the user unless the user is willing to give up their email address. So if you don’t actually require the email address,it may be best to mark it as optional,and just forego getting it from your Google users in order to avoid chasing your users away by forcing them to give up their email address if they don’t want to.