Clever Geek Handbook

OAuthWebSecurity create account - how does it work?

I'm confused and worried about the next line because it looks like the API for OAuthWebSecurity has its own authentication store.

        // If the current user is logged in add the new account
        OAuthWebSecurity.CreateOrUpdateAccount(result.Provider, result.ProviderUserId, User.Identity.Name);

If I read this correctly, it looks like the API is storing relationships locally.

Please tell me it is not, and explain what exactly he does? I need to keep my web application as independent as possible, I cannot have an API storing local values ​​like this.

+3


source to share


1 answer


It uses SimpleMembershipProvider

which is the default provider in ASP.NET MVC 4 to create or update the association between the user id of the public provider and the local user. This will basically add a record to the table webpages_OAuthMembership

.

Here's the relevant code from WebSecurity.CreateOrUpdateOAuthAccount

that is called:



public override void CreateOrUpdateOAuthAccount(string provider, string providerUserId, string userName)
{
    this.VerifyInitialized();
    if (userName.IsEmpty())
    {
        throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
    }
    int userId = this.GetUserId(userName);
    if (userId == -1)
    {
        throw new MembershipCreateUserException(MembershipCreateStatus.InvalidUserName);
    }
    int userIdFromOAuth = this.GetUserIdFromOAuth(provider, providerUserId);
    using (IDatabase database = this.ConnectToDatabase())
    {
        if (userIdFromOAuth == -1)
        {
            if (database.Execute("INSERT INTO [" + OAuthMembershipTableName + "] (Provider, ProviderUserId, UserId) VALUES (@0, @1, @2)", new object[] { provider, providerUserId, userId }) != 1)
            {
                throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
            }
        }
        else if (database.Execute("UPDATE [" + OAuthMembershipTableName + "] SET UserId = @2 WHERE UPPER(Provider)=@0 AND UPPER(ProviderUserId)=@1", new object[] { provider, providerUserId, userId }) != 1)
        {
            throw new MembershipCreateUserException(MembershipCreateStatus.ProviderError);
        }
    }
}
+5


source






More articles:


All Articles