OpenAuth .Net Claims Request 始终为空

Question

我一直在使用 DoNetOpenAuth 库并遵循示例here

身份验证正在运行，但即使我需要电子邮件，claimresponse 也是空的。 事实上，我需要什么并不重要，claimresponse 始终为空。不知道我做错了什么，非常感谢您的帮助。

提前致谢。

这是我的登录按钮代码

protected void btnSubmit_Click( object sender, EventArgs e )
    {
        //Login button has been pushed. Add an extension and redirect
        using (OpenIdRelyingParty openId = new OpenIdRelyingParty())
        {
            IAuthenticationRequest request = openId.CreateRequest( txtOpenID.Text );

            request.AddExtension( new ClaimsRequest
                                    {
                                        Email = DemandLevel.Require,
                                        Country = DemandLevel.Request,
                                        TimeZone = DemandLevel.Request
                                    } );

            request.RedirectToProvider();

        }
    }

这是页面加载代码。但 ClaimsResponse 变量始终为空。

protected void Page_Load( object sender, EventArgs e )
    {
        OpenIdRelyingParty openId = new OpenIdRelyingParty();
        var response = openId.GetResponse();

        //check if we're processing a request
        if(response != null)
        {
            switch ( response.Status )
            {
                case AuthenticationStatus.Authenticated:

                    //authentication worked. grab our required fields
                    var claimsResponse = response.GetExtension<ClaimsResponse>();

                    //TODO enter required fields into the database

                    break;
                case AuthenticationStatus.Canceled:
                    //TODO handle cancel
                    break;

                case AuthenticationStatus.Failed:
                    //TODO handle failed
                    break;
            }
        }
    }

Answer 1

最后： 问题出在 web.config 中

添加

&ltsection name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true"/> &lt/configSections> &lt/配置> &ltopenid> &ltrelying派对> &lt行为> &ltadd type="DotNetOpenAuth.OpenId.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth"/> &lt/行为> &lt/依赖方> &lt/openid> &lt/dotNetOpenAuth>

就是这样，它应该可以工作。

Answer 2

雅虎和谷歌都面临同样的问题。 但是这个 MVC 示例在这个示例中效果很好working Sample....当我尝试将此解决方案转换为普通 ASP.NET 2 时遇到了这个问题

protected void Page_Load(object sender, EventArgs e) 
{
    if (this.Request.HttpMethod == "POST")
    {
        var openid = new OpenIdRelyingParty();
        string openid_identifier = this.openid_identifier.Text;
        IAuthenticationRequest request = Openid.CreateRequest(Identifier.Parse(openid_identifier));
        var fields = new ClaimsRequest();
        fields.Email = DemandLevel.Require;
        fields.FullName = DemandLevel.Require;               
        request.AddExtension(fields);
        this.Response.ContentType = "text/html";
        request.RedirectingResponse.Send();
        return;
    }
    else
    {
        OpenIdRelyingParty openid = new OpenIdRelyingParty();
        IAuthenticationResponse response = openid.GetResponse();
        if (Request.Params["ReturnUrl"] != null)
            Session["ReturnUrl"] = Request.Params["ReturnUrl"];
        if (response != null && response.Status == AuthenticationStatus.Authenticated)
        {
            var claimUntrusted = response.GetUntrustedExtension<ClaimsResponse>();
            var claim = response.GetExtension<ClaimsResponse>();
            UserData userData = null;
            if (claim != null)
            {
                userData = new UserData();
                userData.Email = claim.Email;
                userData.FullName = claim.FullName;
            }
            //now store Forms Authorisation cookie 
            IssueAuthTicket(userData, true);
            //store ClaimedIdentifier it in Session 
            //(this would more than likely be something you would store in a database I guess
            Session["ClaimedIdentifierMessage"] = response.ClaimedIdentifier;
            //If we have a ReturnUrl we MUST be using forms authentication, 
            //so redirect to the original ReturnUrl
            if (Session["ReturnUrl"] != null)
            {
                string url = Session["ReturnUrl"].ToString();
                this.Response.Redirect(url,true);
                return;
            }
            //This should not happen if all controllers have [Authorise] used on them
            else
                throw new InvalidOperationException("There is no ReturnUrl");
        }
    }
}

Answer 3

Scott Hanselman 最近有一个podcast on DoNetOpenAuth。在播客中，DotNetOpenAuth 的作者 Scott Arnott 声称 Google 的 OAuth 实现不符合规范，并表示它应该失败而不是返回 null。

Answer 4

事实证明，Google 不会发回您请求的任何信息。他们将进行身份验证，仅此而已。希望这可以帮助其他人解决这个问题。