OAuthWebSecurity create account - how does it work?
I'm confused and worried about the next line because it looks like the API for OAuthWebSecurity has its own authentication store.
// If the current user is logged in add the new account
OAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, User.Identity.Name);
If I read this correctly, it looks like the API is storing relationships locally.
Please tell me it is not, and explain what exactly he does? I need to keep my web application as independent as possible, I cannot have an API storing local values like this.
source to share
It uses SimpleMembershipProvider
which is the default provider in ASP.NET MVC 4 to create or update the association between the user id of the public provider and the local user. This will basically add a record to the table webpages_OAuthMembership
.
Here's the relevant code from WebSecurity.CreateOrUpdateOAuthAccount
that is called:
public override void CreateOrUpdateOAuthAccount(string provider, string providerUserId, string userName)
{
this.VerifyInitialized();
if (userName.IsEmpty())
{
throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
}
int userId = this.GetUserId(userName);
if (userId == -1)
{
throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
}
int userIdFromOAuth = this.GetUserIdFromOAuth(provider, providerUserId);
using (IDatabase database = this.ConnectToDatabase())
{
if (userIdFromOAuth == -1)
{
if (database.Execute("INSERT INTO [" + OAuthMembershipTableName + "] (Provider, ProviderUserId, UserId) VALUES (@0, @1, @2)", new object[] { provider, providerUserId, userId }) != 1)
{
throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
}
}
else if (database.Execute("UPDATE [" + OAuthMembershipTableName + "] SET UserId = @2 WHERE UPPER(Provider)=@0 AND UPPER(ProviderUserId)=@1", new object[] { provider, providerUserId, userId }) != 1)
{
throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
}
}
}
source to share