前端之家

  1. 首页
  2. 问答

如何验证使用Google登录的用户是否仍然有效?

问答

我正在运行.NET Core v3.1和Blazor,并已使用仅限于我们在Google G Suite中的域的Google实现了授权,如下所述:https://www.jerriepelser.com/blog/forcing-users-sign-in-gsuite-domain-account/

登录/注销工作正常,但是当登录的用户在Google G Suite中被阻止或删除时,该用户将保持登录状态,直到他从该应用程序注销为止。当他不注销时,他可以继续使用该应用程序。

我正在寻找每小时的更新。

这是我的login.cshtml.cs:

        public async Task<IactionResult> OngetcallbackAsync(string returnUrl = null,string remoteError = null)
        {
            // Get the information about the user from the external login provider
            var GoogleUser = User.Identities.FirstOrDefault();
            if (GoogleUser.IsAuthenticated)
            {
                var authProperties = new AuthenticationProperties
                {
                    IsPersistent = true,Redirecturi = Request.Host.Value,IssuedUtc = System.DateTime.UtcNow,ExpiresUtc = System.DateTime.UtcNow.AddHours(1)
                };
                await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,new ClaimsPrincipal(GoogleUser),authProperties);
            }
            return LocalRedirect("/");
        }

我已经添加了IssuedUtcExpiresUtc,但没有任何改变。

i530151196 回答:如何验证使用Google登录的用户是否仍然有效?

您必须启用调用Google API(https://www.googleapis.com/auth/admin.directory.userhttps://www.googleapis.com/auth/admin.directory.group)的功能才能获取此信息,但是在执行此操作之前,G-Suite域管理员必须授权该访问权限使用https://developers.google.com/admin-sdk/directory/v1/guides/authorizing

这说明了过程: https://developers.google.com/admin-sdk/directory/v1/guides/delegation

您将希望看到此GitHub回购中的代码示例: https://github.com/googleapis/google-api-dotnet-client

这是一些伪代码:

string[] Scopes = {
DirectoryService.Scope.AdminDirectoryGroup,DirectoryService.Scope.AdminDirectoryUser
};

GoogleCredential credential;

//redirectUrl = this.Request.Host.Value;
string keyfilepath = "yourKeyFile.json";

using (var stream = new FileStream(keyfilepath,FileMode.Open,FileAccess.Read))
{
    // As we are using admin SDK,we need to still impersonate user who has admin access
    //  https://developers.google.com/admin-sdk/directory/v1/guides/delegation
    credential = GoogleCredential.FromStream(stream)
            .CreateScoped(Scopes).CreateWithUser(EmailOfGoogleDomainAdmin);
}

// Create Directory API service.
var service = new DirectoryService(new BaseClientService.Initializer()
{
    HttpClientInitializer = credential,ApplicationName = "ApplicationName",});

// G Suite User to get information about
// This test user should be suspended
var gs_email = UserToCHeck;

var request = service.Users.Get(gs_email);

var result = request.Execute();

Console.WriteLine("Full Name: {0}",result.Name.FullName);
Console.WriteLine("Email:     {0}",result.PrimaryEmail);
Console.WriteLine("ID:        {0}",result.Id);
Console.WriteLine("Is Admin:  {0}",result.IsAdmin);
Console.WriteLine("Is Suspended:  {0}",result.Suspended);
asp.net-core-3.1authenticationgoogle-authenticationrefresh-token
本文链接:https://www.f2er.com/2970665.html

大家都在问