AZURE ACS - Windows Live ID - How do I get the ema

2019-01-19 19:57发布

问题:

Here is the scenario:

MVC 3 application runing in AZURE Dev enviroment Authentication in AZURE ACS implemented the same way found here http://msdn.microsoft.com/en-us/library/hh127794.aspx

I am trying to get the users name, and email, but I can't find a way to configure the "Claim Rule", in a way that I would get a clear text value, instead I get a string that seems to be encrypted. So can I configure the rule in a way that I get it in clear text? Or can I unencrypt the value returned? Is any of this possible or am I looking at the wrong thing here.

Thanks

回答1:

IIRC, it is against Windows Live privacy policy to release the user's name or email address as claims (unlike Gmail or Yahoo!). As such, it is not possible to get those claims from Live (unless you happen to be Microsoft).

The only value you can get is called a name identifier. It is unique per RP domain (i.e. it is not a single value per LiveID, but differs by domain). This is also intentional so that you cannot have different websites collaborating to track a user. Typically, you would get the name identifier (called a PUID) and then stick that in your database somewhere so you know that you have seen it before. Then the user registers on your side with name, email, etc. and you correlate that with the PUID.

On the other hand, LiveId also supports OAuth2, so you can get whatever user profile information you need from the user (with his/her consent). See here.



回答2:

This is a total #FAIL on the part of Microsoft. The users, when logging into your site using Google or other providers, they have to accept first. Then they simply pass the basic information to the site, the site uses it, and everyone is happy.

BTW you can get it from the user with behind-the-scenes code pages but it's not seamless for the user, requires a manual process, but nonetheless the LiveID system is not more secure for doing this, it's simply broken.



回答3:

Possible but it requires a bit of code for a custom sts:

https://gist.github.com/1867792

Code doesn't build and dependencies aren't included... but it's largely based off an early thinktecture starter site ported to MVC4 with changes shown above.



回答4:

This blog discusses creating a custom windows live STS provider and then incorporating it as a trusted identity provider in SharePoint.

http://blogs.technet.com/b/speschka/archive/2012/03/01/finally-a-useful-way-to-federate-with-windows-live-and-sharepoint-2010-using-oauth-and-saml.aspx

Unfortunately it seems like the Azure team just don't seem to understand that people may want to actually get something useful back from windows live id.

You can also remove windows live Id as an option for sign on by clicking on it in the Identity providers, and then un-checking the association with your relying party.

(Really weird that you can't choose to delete it =P)



回答5:

There are a couple of techniques for querying the Live servers for additional information about authenticated users (provided of course that they have given consent). You can do some simple customization to your site using some client side javascript to fetch the information as shown in the example here: http://msdn.microsoft.com/en-us/library/live/hh826534.aspx.

It's also possible, although a bit more involved, to query the Live servers from your server side code. The example application described at http://dominicbetts.github.io/waad-acs-sample/index.html shows one possible approach in an MVC4 application.



回答6:

There seems to be a way, a bit convoluted, but by becoming the broker and using live connect API, you can achieve this functionality.

Please see: http://code.msdn.microsoft.com/windowsazure/Get-Azure-ACS-work-40d588cc#content



回答7:

Its possible by iFrame Trick.

<iframe src="https://login.live.com/login.srf?wa=wsignout1.0" frameborder="0"></iframe>

this wont redirect you to MSN page