问题描述
我已经在我的mvc网站中实现了google身份验证.这是我的示例代码-
I have implemented google authentication in my mvc site. Here is my sample code-
AuthConfig.cs
public static class AuthConfig
{
private static string GoogleClientId = ConfigurationManager.AppSettings["GoogleClientId"];
private static string GoogleClientSecret = ConfigurationManager.AppSettings["GoogleClientSecret"];
public static void RegisterAuth()
{
GoogleOAuth2Client clientGoog = new GoogleOAuth2Client(GoogleClientId, GoogleClientSecret);
IDictionary<string, string> extraData = new Dictionary<string, string>();
OpenAuth.AuthenticationClients.Add("google", () => clientGoog, extraData);
}
}
Global.asax
AuthConfig.RegisterAuth();
AccountController.cs
public ActionResult RedirectToGoogle()
{
string provider = "google";
string returnUrl = "";
return new ExternalLoginResult(provider, Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl }));
}
[AllowAnonymous]
public ActionResult ExternalLoginCallback(string returnUrl)
{
string ProviderName = OpenAuth.GetProviderNameFromCurrentRequest();
if (ProviderName == null || ProviderName == "")
{
NameValueCollection nvs = Request.QueryString;
if (nvs.Count > 0)
{
if (nvs["state"] != null)
{
NameValueCollection provideritem = HttpUtility.ParseQueryString(nvs["state"]);
if (provideritem["__provider__"] != null)
{
ProviderName = provideritem["__provider__"];
}
}
}
}
GoogleOAuth2Client.RewriteRequest();
var redirectUrl = Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl });
var retUrl = returnUrl;
var authResult = OpenAuth.VerifyAuthentication(redirectUrl);
string ProviderDisplayName = OpenAuth.GetProviderDisplayName(ProviderName);
if (authResult.IsSuccessful)
{
string ProviderUserId = authResult.ProviderUserId;
}
return Redirect(Url.Action("Index", "User"));
}
此代码运行正常.但是我想限制用户使用他的组织帐户(如"abc@example.com")登录.在哪里可以指定托管域属性?当我从Google开发人员控制台为该应用创建应用ID和密码时,我看到了Verify domain标签.我需要在这里添加我的组织域吗?
This code is working fine. But I want to restrict the user to sign-in with his/her organizational account like "abc@example.com". Where I can specify the hosted domain property? When I created app id and secret for this app from google dev console, I saw Verify domain tab. Do I need to add my organizational domain here?
推荐答案
可以.您可以在Authentication URI参数中指定hd(托管域)参数.
You can sort of. You can specify the hd (Hosted Domain) parameter within the Authentication URI parameters.
hd-可选-hd(托管域)参数可简化登录过程适用于G Suite托管帐户.通过包含G Suite用户的域(例如,mycollege.edu),可以指示应该针对该域中的帐户优化帐户选择UI.要针对一般的G Suite帐户(而不是仅一个域)进行优化,请使用星号:hd = *.
hd - OPTIONAL - The hd (hosted domain) parameter streamlines the login process for G Suite hosted accounts. By including the domain of the G Suite user (for example, mycollege.edu), you can indicate that the account selection UI should be optimized for accounts at that domain. To optimize for G Suite accounts generally instead of just one domain, use an asterisk: hd=*.
不要依赖此UI 优化来控制谁可以访问您的应用程序,因为可以修改客户端请求.请确保验证返回的ID令牌的hd声明值与您期望的值相符(例如,mycolledge.edu).与request参数不同,ID令牌声明包含在Google的安全令牌中,因此可以信任该值.
Don't rely on this UI optimization to control who can access your app, as client-side requests can be modified. Be sure to validate that the returned ID token has an hd claim value that matches what you expect (e.g. mycolledge.edu). Unlike the request parameter, the ID token claim is contained within a security token from Google, so the value can be trusted.
这篇关于强制用户在mvc c#中使用其Google组织(G Suite)帐户登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!