gfw.aspnetcore.authentication

1.说明 1）Gfw.AspNetCore.Authentication.xxx.Models下有一些帮助模型，可按实际需要使用。 2）某些平台会提供一些特有的参数，这些参数可通过Options设置。其中display参数比较特别，这个参数除了可以在Options设置外，还可以通过AuthenticationProperties动态指定。

2.特别说明：微信很奇葩 1）普通开发者开放的接口和为公众号开放的接口不同，在这两者之间切换需要根据官方文档同时修改WeChatOptions.Scope和WeChatOptions.AuthorizationEndpoint，也可以调用我写的WeChatOptions.ChangeScope(string scope)方法来修改。默认使用公众号snsapi_base。 2）默认使用openid作为用户的NameIdentifier，如果需要使用unionid可订阅WeChatOptions.Events.OnCreatingTicket事件修改。 3）因为公众号接口对state参数有128个字符的奇葩限制，所以本项目将state参数编码到了CallbackPath里，如果你的服务器URL长度限制值较小，可能会发生请求错误。

3.示例(使用 个人用户账户-身份验证模板)

Startup.cs

public void ConfigureServices(IServiceCollection services) { services.AddDbContext(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));

        services.AddIdentity<ApplicationUser, IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders()
            .AddBaidu(options =>
             {
                 options.ClientId = "";
                 options.ClientSecret = "";
             })
            .AddWeibo(options =>
            {
                options.ClientId = "";
                options.ClientSecret = "";
            })
            .AddWeChat(options =>
            {
                options.ClientId = "";
                options.ClientSecret = "";
            })
            .AddQQ(options =>
            {
                options.ClientId = "";
                options.ClientSecret = "";
            });

        // Add application services.
        services.AddTransient<IEmailSender, EmailSender>();

        services.AddMvc();
    }

AccountController.cs

    /// <summary>
    /// 
    /// </summary>
    /// <param name="provider">BaiduDefaults.AuthenticationScheme、WeiboDefaults.AuthenticationScheme.....</param>
    /// <param name="returnUrl"></param>
    /// <returns></returns>
	[HttpPost]
    [AllowAnonymous]
    [ValidateAntiForgeryToken]
    public IActionResult ExternalLogin(string provider, string returnUrl = null)
    {
        // Request a redirect to the external login provider.
        var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { returnUrl });
        var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
        //properties.Items.Add("display", "mobile"); //<--百度、微博等平台的display参数可在此动态指定。
        return Challenge(properties, provider);
    }


	[HttpGet]
    [AllowAnonymous]
    public async Task<IActionResult> ExternalLoginCallback(string returnUrl = null, string remoteError = null)
    {
        if (remoteError != null)
        {
            ErrorMessage = $"Error from external provider: {remoteError}";
            return RedirectToAction(nameof(Login));
        }
        var info = await _signInManager.GetExternalLoginInfoAsync();
        if (info == null)
        {
            return RedirectToAction(nameof(Login));
        }

		//<!------------在此处可从info.Principal属性获取用户身份标志--------------->

        // Sign in the user with this external login provider if the user already has a login.
        var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor: true);
        if (result.Succeeded)
        {
            _logger.LogInformation("User logged in with {Name} provider.", info.LoginProvider);
            return RedirectToLocal(returnUrl);
        }
        if (result.IsLockedOut)
        {
            return RedirectToAction(nameof(Lockout));
        }
        else
        {
            // If the user does not have an account, then ask the user to create an account.
            ViewData["ReturnUrl"] = returnUrl;
            ViewData["LoginProvider"] = info.LoginProvider;
            var email = info.Principal.FindFirstValue(ClaimTypes.Email);
            return View("ExternalLogin", new ExternalLoginViewModel { Email = email });
        }
    }