【问题标题】：Environmental Variables not accepted for Startup.Auth.csStartup.Auth.cs 不接受环境变量
【发布时间】：2015-06-12 11:27:46
【问题描述】：

这是所有感兴趣的人的完整来源： https://github.com/josephmcasey/me/blob/master/JosephMCasey/App_Start/Startup.Auth.cs

我正在使用带有 C# 的 ASP.Net 构建个人网站组合。目前我收到以下错误，我知道这些错误与我的 Startup.Auth.cs 类文件有关。

    [ArgumentException: The 'ClientId' option must be provided.]
    Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationMiddleware..ctor(OwinMiddleware next, IAppBuilder app, GoogleOAuth2AuthenticationOptions options) +280
   lambda_method(Closure , OwinMiddleware , IAppBuilder , GoogleOAuth2AuthenticationOptions ) +83
    [TargetInvocationException: Exception has been thrown by the target of an invocation.]
    [HttpException (0x80004005): Exception has been thrown by the target of an invocation.]

如何在不手动将它们键入源代码的情况下从 azure 应用程序的设置中正确调用这些客户端密码字符串？

        app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
        {
            ClientId = Environment.GetEnvironmentVariable("APPSETTING_Google-clientId"),
            ClientSecret = Environment.GetEnvironmentVariable("APPSETTING_Google-clientSecret")
        });

【问题讨论】：

云配置管理器
blogs.msdn.com/b/subodhpatil/archive/2013/08/02/…
@MatíasFidemraizer 你不想正式回答吗？
@JosephCasey 现在我要去吃晚饭了……如果还没有人做的话，也许明天吧:(
请在this链接查看我的回答。

标签： c# asp.net azure environment-variables

【解决方案1】：

要详细说明接受的答案，这并不能解释问题 - 您的开发者客户端 ID 需要作为中间件身份验证设置的一部分添加。

（我在使用 Facebook 身份验证时遇到了同样的问题，刚刚意识到我在使用新机器时忘记设置密钥）。

根据接受的配置使用答案，提醒不要对密钥进行硬编码，因此请使用 CloudConfigurationManager，或通过 使用 ASP.Net6“用户密码”存储>Microsoft.Extensions.SecretManager.

使用机密管理器的一个很好的演练是： http://docs.asp.net/en/latest/security/authentication/sociallogins.html

【讨论】：

您能告诉我您在哪里为 Facebook 添加了 clientId 吗？所有教程只提到添加 AppId 和 AppSecret。我收到一条错误消息，提示必须提供 ClientId 选项。我去了 facebook 开发者页面，找不到 ClientId 设置。

【解决方案2】：

固定来源

using System;
using Microsoft.Azure;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.DataProtection;
using Owin.Security.Providers.Yahoo;
using Owin.Security.Providers.LinkedIn;
using Owin.Security.Providers.GitHub;
using Owin.Security.Providers.Steam;
using Owin.Security.Providers.StackExchange;
using Microsoft.Owin.Security.Google;
using Microsoft.Owin.Security.OAuth;
using Owin;
using JosephMCasey.Models;
using JosephMCasey.Providers;
using Microsoft.WindowsAzure.Management;

namespace JosephMCasey
{
    public partial class Startup
    {
        // Enable the application to use OAuthAuthorization. You can then secure your Web APIs
        static Startup()
        {
            PublicClientId = "web";

            OAuthOptions = new OAuthAuthorizationServerOptions
            {
                TokenEndpointPath = new PathString("/Token"),
                AuthorizeEndpointPath = new PathString("/Account/Authorize"),
                Provider = new ApplicationOAuthProvider(PublicClientId),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
                AllowInsecureHttp = true
            };
        }

        public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }

        public static string PublicClientId { get; private set; }

        // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
        public void ConfigureAuth(IAppBuilder app)
        {
            // Configure the db context, user manager and signin manager to use a single instance per request
            app.CreatePerOwinContext(ApplicationDbContext.Create);
            app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
            app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

            // Enable the application to use a cookie to store information for the signed in user
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(20),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                }
            });
            // Use a cookie to temporarily store information about a user logging in with a third party login provider
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
            app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

            // Enables the application to remember the second login verification factor such as phone or email.
            // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
            // This is similar to the RememberMe option when you log in.
            app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);

            // Enable the application to use bearer tokens to authenticate users
            app.UseOAuthBearerTokens(OAuthOptions);

            // Uncomment the following lines to enable logging in with third party login providers

            app.UseMicrosoftAccountAuthentication(
                clientId: CloudConfigurationManager.GetSetting("Microsoft-clientId"),
                clientSecret: CloudConfigurationManager.GetSetting("Microsoft-clientSecret"));

            app.UseTwitterAuthentication(
                consumerKey: CloudConfigurationManager.GetSetting("Twitter-consumerKey"),
                consumerSecret: CloudConfigurationManager.GetSetting("Twitter-consumerSecret"));

            app.UseFacebookAuthentication(
                appId: CloudConfigurationManager.GetSetting("Facebook-appId"),
                appSecret: CloudConfigurationManager.GetSetting("Facebook-appSecret"));

            app.UseYahooAuthentication(
                CloudConfigurationManager.GetSetting("Yahoo-clientId"),
                CloudConfigurationManager.GetSetting("Yahoo-clientSecret"));

            app.UseGitHubAuthentication(
            clientId: CloudConfigurationManager.GetSetting("Github-clientId"),
            clientSecret: CloudConfigurationManager.GetSetting("Github-clientSecret"));

            app.UseLinkedInAuthentication(CloudConfigurationManager.GetSetting("LinkedIn-clientId"), CloudConfigurationManager.GetSetting("LinkedIn-clientSecret"));

            app.UseSteamAuthentication(CloudConfigurationManager.GetSetting("Steam-key"));

            app.UseStackExchangeAuthentication(
            clientId: CloudConfigurationManager.GetSetting("StackExchange-clientId"),
            clientSecret: CloudConfigurationManager.GetSetting("StackExchange-clientSecret"),
            key: CloudConfigurationManager.GetSetting("StackExchange-key"));

            app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
            {
                ClientId = CloudConfigurationManager.GetSetting("Google-clientId"),
                ClientSecret = CloudConfigurationManager.GetSetting("Google-clientSecret")
            });
        }
    }
}

【讨论】：