Google Auth 在 Visual studio 中运行,但在部署到 IIS 时挂起
Google Auth runs in Visual studio but hangs when deployed to IIS
我正在使用 Google .Net client library。它的工作方式是当用户想要对 Google 进行身份验证时,库会生成一个新网页供用户进行身份验证。
System.Diagnostics.Process.Start(authorizationUrl);
我的代码使用库
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
scopes,
userName,
CancellationToken.None).Result;
如果我通过 Visual studio 在本地 运行 它工作正常。但是,如果我尝试部署它就会挂起。如果 运行 它使用 Visual studio 使用本地 IIS。我收到以下错误。
System.Exception: CreateServiceAccountAnalyticsReportingFailed --->
System.AggregateException: One or more errors occurred. --->
System.ComponentModel.Win32Exception: Access is denied at
System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo
startInfo) at
Google.Apis.Auth.OAuth2.LocalServerCodeReceiver.d__6.MoveNext() in
C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth.DotNet4\OAuth2\LocalServerCodeReceiver.cs:line
89 --- End of stack trace from previous location where exception was
thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Google.Apis.Auth.OAuth2.AuthorizationCodeInstalledApp.d__8.MoveNext()
in
C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth\OAuth2\AuthorizationCodeInstalledApp.cs:line
77 --- End of stack trace from previous location where exception was
thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Google.Apis.Auth.OAuth2.GoogleWebAuthorizationBroker.d__4.MoveNext()
in
C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth.DotNet4\OAuth2\GoogleWebAuthorizationBroker.cs:line
134 --- End of stack trace from previous location where exception was
thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Google.Apis.Auth.OAuth2.GoogleWebAuthorizationBroker.d__1.MoveNext()
in
C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth.DotNet4\OAuth2\GoogleWebAuthorizationBroker.cs:line
60 --- End of inner exception stack trace --- at
System.Threading.Tasks.Task`1.GetResultCore(Boolean
waitCompletionNotification) at
WebApplication1.WebForm1.AuthenticateOauth(String clientSecretJson,
String userName) in C:\Users\daimto\Documents\Visual Studio
2015\Projects\WebApplication1\WebApplication1\index.aspx.cs:line 69
--- End of inner exception stack trace --- at WebApplication1.WebForm1.AuthenticateOauth(String clientSecretJson,
String userName) in C:\Users\daimto\Documents\Visual Studio
2015\Projects\WebApplication1\WebApplication1\index.aspx.cs:line 83 at
WebApplication1.WebForm1.Page_Load(Object sender, EventArgs e) in
C:\Users\daimto\Documents\Visual Studio
2015\Projects\WebApplication1\WebApplication1\index.aspx.cs:line 31
C:\inetpub\wwwroot\App_Data\MyGoogleStorage
我不是系统管理员类型的人,我对 IIS 了解甚少。我的猜测是 IIS 没有生成进程的权限?这只是一个猜测。我尝试过将应用程序池设置为使用我自己的个人帐户,我也尝试过网络系统。
客户端库上以下问题的链接
该库支持另一种用于 Web 应用程序的身份验证方式。
using System;
using System.Web.Mvc;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Auth.OAuth2.Flows;
using Google.Apis.Auth.OAuth2.Mvc;
using Google.Apis.Drive.v2;
using Google.Apis.Util.Store;
namespace Google.Apis.Sample.MVC4
{
public class AppFlowMetadata : FlowMetadata
{
private static readonly IAuthorizationCodeFlow flow =
new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = "PUT_CLIENT_ID_HERE",
ClientSecret = "PUT_CLIENT_SECRET_HERE"
},
Scopes = new[] { DriveService.Scope.Drive },
DataStore = new FileDataStore("Drive.Api.Auth.Store")
});
public override string GetUserId(Controller controller)
{
// In this sample we use the session to store the user identifiers.
// That's not the best practice, because you should have a logic to identify
// a user. You might want to use "OpenID Connect".
// You can read more about the protocol in the following link:
// https://developers.google.com/accounts/docs/OAuth2Login.
var user = controller.Session["user"];
if (user == null)
{
user = Guid.NewGuid();
controller.Session["user"] = user;
}
return user.ToString();
}
public override IAuthorizationCodeFlow Flow
{
get { return flow; }
}
}
}
中窃取
我正在使用 Google .Net client library。它的工作方式是当用户想要对 Google 进行身份验证时,库会生成一个新网页供用户进行身份验证。
System.Diagnostics.Process.Start(authorizationUrl);
我的代码使用库
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
scopes,
userName,
CancellationToken.None).Result;
如果我通过 Visual studio 在本地 运行 它工作正常。但是,如果我尝试部署它就会挂起。如果 运行 它使用 Visual studio 使用本地 IIS。我收到以下错误。
System.Exception: CreateServiceAccountAnalyticsReportingFailed ---> System.AggregateException: One or more errors occurred. ---> System.ComponentModel.Win32Exception: Access is denied at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at Google.Apis.Auth.OAuth2.LocalServerCodeReceiver.d__6.MoveNext() in C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth.DotNet4\OAuth2\LocalServerCodeReceiver.cs:line 89 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Google.Apis.Auth.OAuth2.AuthorizationCodeInstalledApp.d__8.MoveNext() in C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth\OAuth2\AuthorizationCodeInstalledApp.cs:line 77 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Google.Apis.Auth.OAuth2.GoogleWebAuthorizationBroker.d__4.MoveNext() in C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth.DotNet4\OAuth2\GoogleWebAuthorizationBroker.cs:line 134 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Google.Apis.Auth.OAuth2.GoogleWebAuthorizationBroker.d__1.MoveNext() in C:\Apiary\v1.22\google-api-dotnet-client\Src\Support\GoogleApis.Auth.DotNet4\OAuth2\GoogleWebAuthorizationBroker.cs:line 60 --- End of inner exception stack trace --- at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification) at WebApplication1.WebForm1.AuthenticateOauth(String clientSecretJson, String userName) in C:\Users\daimto\Documents\Visual Studio 2015\Projects\WebApplication1\WebApplication1\index.aspx.cs:line 69 --- End of inner exception stack trace --- at WebApplication1.WebForm1.AuthenticateOauth(String clientSecretJson, String userName) in C:\Users\daimto\Documents\Visual Studio 2015\Projects\WebApplication1\WebApplication1\index.aspx.cs:line 83 at WebApplication1.WebForm1.Page_Load(Object sender, EventArgs e) in C:\Users\daimto\Documents\Visual Studio 2015\Projects\WebApplication1\WebApplication1\index.aspx.cs:line 31 C:\inetpub\wwwroot\App_Data\MyGoogleStorage
我不是系统管理员类型的人,我对 IIS 了解甚少。我的猜测是 IIS 没有生成进程的权限?这只是一个猜测。我尝试过将应用程序池设置为使用我自己的个人帐户,我也尝试过网络系统。
客户端库上以下问题的链接
该库支持另一种用于 Web 应用程序的身份验证方式。
using System;
using System.Web.Mvc;
using Google.Apis.Auth.OAuth2;
using Google.Apis.Auth.OAuth2.Flows;
using Google.Apis.Auth.OAuth2.Mvc;
using Google.Apis.Drive.v2;
using Google.Apis.Util.Store;
namespace Google.Apis.Sample.MVC4
{
public class AppFlowMetadata : FlowMetadata
{
private static readonly IAuthorizationCodeFlow flow =
new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = "PUT_CLIENT_ID_HERE",
ClientSecret = "PUT_CLIENT_SECRET_HERE"
},
Scopes = new[] { DriveService.Scope.Drive },
DataStore = new FileDataStore("Drive.Api.Auth.Store")
});
public override string GetUserId(Controller controller)
{
// In this sample we use the session to store the user identifiers.
// That's not the best practice, because you should have a logic to identify
// a user. You might want to use "OpenID Connect".
// You can read more about the protocol in the following link:
// https://developers.google.com/accounts/docs/OAuth2Login.
var user = controller.Session["user"];
if (user == null)
{
user = Guid.NewGuid();
controller.Session["user"] = user;
}
return user.ToString();
}
public override IAuthorizationCodeFlow Flow
{
get { return flow; }
}
}
}