Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OAuthWebSecurity create account - how does it work?

Tags:

c#

asp.net

asp.net-mvc

asp.net-mvc-4

dotnetopenauth

I'm confused and concerned with the following line because it seems like the API for the OAuthWebSecurity has its own authentication store. 

        // If the current user is logged in add the new account
        OAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, User.Identity.Name);

If I'm reading the above correctly, it seems to indicate that the API saves relationship locally.

Please tell me this is not the case, and explain what exactly does it do? I need my web application to be as stateless as possible, I cannot have API storing local values like this.

like image 288
Alwyn Avatar asked Mar 18 '26 17:03

Alwyn

1 Answers

It uses the SimpleMembershipProvider which is the default provider in ASP.NET MVC 4 to create or update the association between the public provider user id and a local user. Basically it will add a record to the webpages_OAuthMembership table.

Here's the corresponding code from the WebSecurity.CreateOrUpdateOAuthAccount that gets called:

public override void CreateOrUpdateOAuthAccount(string provider, string providerUserId, string userName)
{
    this.VerifyInitialized();
    if (userName.IsEmpty())
    {
        throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
    }
    int userId = this.GetUserId(userName);
    if (userId == -1)
    {
        throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
    }
    int userIdFromOAuth = this.GetUserIdFromOAuth(provider, providerUserId);
    using (IDatabase database = this.ConnectToDatabase())
    {
        if (userIdFromOAuth == -1)
        {
            if (database.Execute("INSERT INTO [" + OAuthMembershipTableName + "] (Provider, ProviderUserId, UserId) VALUES (@0, @1, @2)", new object[] { provider, providerUserId, userId }) != 1)
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
            }
        }
        else if (database.Execute("UPDATE [" + OAuthMembershipTableName + "] SET UserId = @2 WHERE UPPER(Provider)=@0 AND UPPER(ProviderUserId)=@1", new object[] { provider, providerUserId, userId }) != 1)
        {
            throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
        }
    }
}
like image 80
Darin Dimitrov Avatar answered Mar 20 '26 08:03

Darin Dimitrov
Sign in to Comment

Related questions

C# - web service with aspx page
Entity Framework Code First: How can I cast a set of entities returned from the database?
C# Linq question GROUP BY?
how to program to integrate with filezilla in C#.[sftp]
P4.NET - How to list user's workspaces?
Ajax request via form in ASP.NET Core
Open application from Universal Windows(UWP)
NUnit Assert event .Any suggestions?
Bind MVC DropDownlistFor() to Navigation Property of model

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!