All geek questions in one place

Can Amazon.com be used as an authentication provider?

I thought I could find information on this topic, but it looks like my google-fu is weak today. I am creating a Silverlight application that consumes the Amazon.com product advertising API. I want to add authentication to my application, but instead of using basic authentication by default, I would like to implement OpenId. I see many attractions that use Yahoo or Google for their provider. And I remember at least one sight, but I don’t remember what kind of sight that Amazon.com used as a provider.

If someone can point me in the right direction for the documentation for this, that would be great.

EDIT: Now I remember that it is Target.com that allows you to use the Amazon.com login.

+3
source share
1 answer

I don't know much about OpenID, but you really need to write a custom authentication service, which is not so bad. (by the way, he will still use form authentication, which is actually convienent)

If you know how to check with code .....

On the server side, you need three parts. a class for storing your user data, a class that inherits auth .. forms, and a class that handles login exceptions.

here is an example server code (sorry minus checking open id)

using System.ServiceModel.DomainServices.Server.ApplicationServices;

public class UserDTO : UserBase
{
    public string Email { get; set; }

    //Must be string since will be included in HTTP Headers
    public string Id { get; set; }

    public bool CanCreateSomething { get; set;}
}

using System; using System.Data.Objects; using System.ServiceModel.DomainServices.Hosting;

[EnableClientAccess]
public class CustomAuthenticationService : FormsAuthenticationService<UserDTO>
{


    protected override UserDTO ValidateCredentials(string name, string password, string customData,
                                                   out string userData)
    {
        UserDTO user = null;
        userData = null;

        OpenIDUser OIDusr;

        if OIDusr != null)
        {
            user = new UserDTO { Name = OIDusr.Description, Email = OIDusr.PrimaryEmail, Id= OIDusr.Id.ToString() };
        }

        if (user != null)
        {
            //Set custom data fields for HTTP session  
            userData = user.PartyId + ":" + user.Email;
        }


        return user;
    }

}

[Serializable]
public class FormsAuthenticationLogonException : Exception
{
    public FormsAuthenticationLogonException(string message) : base(message){}
}

public abstract class FormsAuthenticationService<TUser> : DomainService, IAuthentication<TUser>
    where TUser : UserBase
{
    #region IAuthentication<TUser> Members

    public TUser GetUser()
    {
        var currentUser = ServiceContext.User;
        if ((currentUser != null) && currentUser.Identity.IsAuthenticated)
        {
            var userIdentity = currentUser.Identity as FormsIdentity;
            if (userIdentity != null)
            {
                var ticket = userIdentity.Ticket;
                if (ticket != null)
                {
                    return GetCurrentUser(currentUser.Identity.Name, ticket.UserData);
                }
            }
        }
        return GetDefaultUser();
    }


    public TUser Login(string userName, string password, bool isPersistent, string customData)
    {
        string userData;
        TUser user = ValidateCredentials(userName, password, customData, out userData);
        if (user != null)
        {
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( /* version */
                1, userName, DateTime.Now, DateTime.Now.AddMinutes(30),
                isPersistent, userData, FormsAuthentication.FormsCookiePath);
            string encryptedTicket = FormsAuthentication.Encrypt(ticket);
            HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);
            HttpContextBase httpContext = (HttpContextBase) ServiceContext.GetService(typeof (HttpContextBase));
            httpContext.Response.Cookies.Add(authCookie);
        }
        else
        {
            HttpContextBase httpContext = (HttpContextBase) ServiceContext.GetService(typeof (HttpContextBase));
            httpContext.AddError(new FormsAuthenticationLogonException("Username or password is not correct."));
        }
        return user;
    }

    public TUser Logout()
    {
        FormsAuthentication.SignOut();
        return GetDefaultUser();
    }

    public void UpdateUser(TUser user)
    {
        throw new NotImplementedException();
    }

    #endregion

    protected abstract TUser GetCurrentUser(string name, string userData);

    protected virtual TUser GetDefaultUser()
    {
        return null;
    }

    protected abstract TUser ValidateCredentials(string name, string password, string customData,
                                                 out string userData);
}

On the client side .....

    LoginParameters loginParameters = new LoginParameters(UserName, Password);

        WebContextBase.Current.Authentication.Login(loginParameters, 
            delegate(LoginOperation operation)      
            {                     
                if (operation.HasError)    
                {
                    App.IsBusy = false;
                    operation.MarkErrorAsHandled();
                    UserName = string.Empty;
                    Password = string.Empty;
                    MessageBox.Show("Username or Password is incorrect!");
                    return;                 
                }

                //Login Success
                CustomAuthenticationContext authContext = new CustomAuthenticationContext();
                authContext.Load(authContext.GetUserQuery(), UserLoaded, false);
            }, null);
0

Source: https://habr.com/ru/post/1739462/

More articles:


All Articles