asp.net-mvc - 为什么我的 ClaimsRequest 返回 null？

Question

我刚刚开始试验 DotNetOpenAuth 项目。修改样本 OpenIdRelyingPartyMvc 项目，我得到了一个 ClaimRequest为 邮箱 与谷歌合作。

但是，当我尝试将 OpenID 添加到我自己的项目时，ClaimResponse 总是返回 null。我想知道是否有我遗漏的项目或环境设置？

这是我的 Authenticate方法:

public ActionResult Authenticate(string returnUrl)
{
    var response = openid.GetResponse();
    if (response == null)
    {
        // Stage 2: user submitting Identifier
        Identifier id;
        if (Identifier.TryParse(Request.Form["openid_identifier"], out id))
        {
            try
            {
                IAuthenticationRequest req = openid.CreateRequest(Request.Form["openid_identifier"]);
                req.AddExtension(new ClaimsRequest { Email = DemandLevel.Require });
                return req.RedirectingResponse.AsActionResult();
            }
            catch (ProtocolException ex)
            {
                ViewData["Message"] = ex.Message;
                return View("Login");
            }
        }
        else
        {
            ViewData["Message"] = "Invalid identifier";
            return View("Login");
        }
    }
    else
    {
        // Stage 3: OpenID Provider sending assertion response
        switch (response.Status)
        {
            case AuthenticationStatus.Authenticated:
                ClaimsResponse sreg = response.GetExtension<ClaimsResponse>();
                if (sreg != null)
                {
                    var email = sreg.Email;
                    Session["Email"] = email;
                }
                Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay;
                FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
                if (!string.IsNullOrEmpty(returnUrl))
                {
                    return Redirect(returnUrl);
                }
                else
                {
                    return RedirectToAction("Index", "Home");
                }
            case AuthenticationStatus.Canceled:
                ViewData["Message"] = "Canceled at provider";
                return View("Login");
            case AuthenticationStatus.Failed:
                ViewData["Message"] = response.Exception.Message;
                return View("Login");
        }
    }
    return new EmptyResult();
}

}

Answer 1

<configuration>
       <configSections>
          <section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true"/>
       </configSections>
       <dotNetOpenAuth>
          <openid>
             <relyingParty>
                <behaviors>
                   <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
                        with OPs that use Attribute Exchange (in various formats). -->
                   <add type="DotNetOpenAuth.OpenId.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth" />
                </behaviors>
             </relyingParty>
          </openid>
       </dotNetOpenAuth>
    </configuration>

http://dotnetopenauth.net:8000/wiki/CodeSnippets/OpenIDRP/AXFetchAsSregTransform

将配置信息添加到您的 web.config。

Google has one unique trait, in that it ignores all attribute requests marked as 'optional'. You must request the user's email address as 'required' in order to ever get an email address from Google. Be wary though, that by marking the attribute as required, Google will refuse to authenticate the user unless the user is willing to give up their email address. So if you don't actually require the email address, it may be best to mark it as optional, and just forego getting it from your Google users in order to avoid chasing your users away by forcing them to give up their email address if they don't want to.