C# - How To Use OpenID
Jan 11, 2010I would like to create a site that authenticates using Google's OpenID. How would I do this? Also, how would I use roles with custom tables?
View 3 RepliesI would like to create a site that authenticates using Google's OpenID. How would I do this? Also, how would I use roles with custom tables?
View 3 RepliesI would like to know if is possible to use DotNet OpenID together with ASP.NET membership. Or other way or allow OpenId account in ASP.NET membership.
View 1 RepliesWhen I run in visual studio I am able to connect to openid provider, But if I host app in IIS ,I am not able to connect to openid provider. (I am getting error at CreateRequest)
what settings has to be done in IIS so that I can connect to the Openid Provider. Below is the error I am getting
[InvalidOperationException: Sequence
contains no elements]
System.Linq.Enumerable.First(IEnumerable`1
source) +336
DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.CreateRequest(Identifier
userSuppliedIdentifier)
[ProtocolException: No OpenID endpoint
found.]
DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.CreateRequest(Identifier
userSuppliedIdentifier)
I'm wanting to save some OpenId fields to a localdatabase table, such as
-Full Name
-openid url
-passworg
how to get those attributes from openid server? send me some example code in asp.net, c#...
There are sample codes on the net for OpenId Client but none for OpenId Server. Do you know some? I know about dotnetopenAuth but there seem to be no tut on how to use as OpenId Provider. I don't even know if it can do that. Maybe it can just be used to create openid consumer app.
View 1 Repliesi have implemented the the openid in my page using dotnet open id when i get authenticated iam storing the details provided by openid provider in my database and creating a session of that username and redirecting the user to login protected page it is working fine but some time if i left the page idle for some time and then do any kind of postback then the session is lost and my page do not allows me to do any thing as it is login protected some time it is working fine without any problem. can you suggest me why is it so.
View 1 RepliesI'm looking to implement a membership system using OpenID for my ASP.NET application, similar to the system used here on StackOverflow. I'm aware that the OpenAuth library is generally recognized as the way to go, but I'm having trouble figuring out how to implement it.
I use NHibernate to persist my domain objects. I have a Users table with a username column, email column, etc. I'm not sure how to integrate OpenID with my own users table, and I haven't found any good tutorials on this. Does anyone have any experience with this? What is the best way to go about doing it?
I need to know how we can add OpenID Authentication in asp.net. For example, in some web site we can login using gmail account or wordpress account or twitter account some other public sites. I want know how we can add that in our site too. Let me know the code for that or can you give me more details where I can get that information or sample code.
View 1 RepliesI am still reading on using dotnetopenauth and google openid. In the google docs they mention some parameters that need to be passed like:
"openid.ns", "openid.claimed_id", "openid.identity", "openid.ax.type.email" etc ...
Does DotNetOpenAuth send all those params on its own seamlessly?
create web application to connect to MySpace Offsite App and I want to authenticate I used the following code
var openid = new OpenIdRelyingParty();
IAuthenticationRequest request = openid.CreateRequest("http://www.myspace.com/thabet084");
[code]...
Firstly, This question may be asked. But I could not get the information i am looking for.
I am creating a website which should take to [URL] where the user enters his account information and it redirect back to my website similar to how stack over flow is doing when we click on gmail image.
I am trying to implement a website in .net.
list a step by step procedure to implement it or suggest some documentation to follow.
I clearly dont want other types of openID implemention where u enter the open id and pick ur open id provider.
I am storing response from opeid provider using
NameValueCollection query = HttpContext.Current.Request.QueryString;
I am sending request for emailid as
"&openid.ax.type.email=" +
HttpUtility.UrlEncode("http://schema.openid.net/contact/email"))
but receiving emailid in openid.ext1.value.email in some case and openid.ax.value.email in others.
Coding Platform: ASP.NET 4.0 with C#
Building a website using ASP.NET membership(forms authentication) and options to link Open IDs to it. I would like to have Microsoft Live as an OpenID option in this website. Well I have not seen Login using Windows Live ID except at forums.asp.net, but then both are Microsoft websites.
Today, I stumbled upon a website that seems to be using Microsoft Live Connect or whatever. I tried searching for it but I couldn't get any documentation regarding an API for Live Connect.
Here's the URL: http://messengerconnectidentity.mslivelabs.com/
I am currently playing with DotNetOpenAuth to make an ASP.NET (C#) website use OpenID instead of the normal login-password routine for user and session handling. Up till now, I have added the DotNetOpenAuth.dll into my project and tried a test login page with the following: <rp:OpenIdLogin ID="OpenIdLogin1" runat="server" />
When I run the page, I enter a valid myopenid url and the website redirects to the myopenid page, where I enter my password, and upon success, it returns back to my default.aspx, due to the following in my web.config:
<authentication mode="Forms">
<forms defaultUrl="/Default.aspx" loginUrl="~/Login.aspx"/>
</authentication>
Now that the user is "logged in", how can handle my session? At the moment, I don't know how I can, for example, check if the session is still alive or how to terminate the session. My basic question is, how can I manage the session once the user is authenticated with OpenID ?
[Update]
I am now using the following to check for authentication: HttpContext.Current.User, and with that I can now check if a user is authenticated with a session. Now is there a possible way on how I can "link" user details that are stored in my database with an openid account?
I would like to use the OpenID selector found here The problem is that i would like to use it in a content page, which is child of a master page.
So what modifications should i make?
I mean my master page contains the form already
<form id="form1" runat="server">
...
</form>
but so does the OpenID selector page
<form class="openid" method="post" action="/Login.xhtml?ReturnUrl=">
</form>
together with post and ReturnUrl... which is something that i need only in the login page... Right?
I have signed up with Janrain Engage to incorporate its free widget based openID. But i can't figure out what values to put in the C# code behind. They have provided with a C# helper class, the one below:
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
[code]...
Forgive me but i'm not a master of C#, but i can't figure out where to put the values for the apiKey and the token_url. Also if a user signs in how to display the username as derived from the accounts he is using to sign up, Google or Yahoo! for example.Also there is no sign out option provided.
I'm using DotNetOpenAuth as my membership system, and the way I have it working now seems to be working quite well. What I'd like to do however is build into my website the ability to check user credentials against the AuthCookie rather than a session. In the membership provider, I can check for the username like this
string UserName = System.Web.HttpContext.Current.User.Identity.Name;
''# which returns the OpenId ClaimedIdentifier
What I'm wondering is if there is a way to extend this so that I can retrieve custom properties from the AuthCookie rather than having to create my own session object. Currently I have this setup.
UserSessionModal
Namespace Domain
Public Class UserSessionModel
Public Property ID As Integer
Public Property RegionID As Integer
Public Property Username As String
Public Property Slug As String
Public Sub New(ByVal user As User)
_ID = user.ID
_RegionID = user.RegionID
_Username = user.UserName
_Slug = Replace(user.UserName, " ", "-")
End Sub
End Class
End Namespace
BaseController (inherited by all controllers)
Protected Overrides Function CreateActionInvoker() As System.Web.Mvc.IActionInvoker
''# Create a UserInfo object for the logged in user
''# and store it in a session state.
If Session("UserInfo") Is Nothing AndAlso User.Identity.IsAuthenticated Then
Dim user As Domain.UserSessionModel = New Domain.UserSessionModel(OpenIdService.GetOpenId(HttpContext.User.Identity.Name).User)
Session("UserInfo") = user
End If
Return MyBase.CreateActionInvoker()
End Function
Then in my views I do something like this
<%
Dim user As MyApp.Core.Domain.UserSessionModel = DirectCast(Session("UserInfo"), MyApp.Core.Domain.UserSessionModel)
%>
<%: Html.ActionLink(user.UserName, "Details", "Users", New With {.id = user.ID, .slug = user.Slug}, Nothing)%>
What I really need to be able to do is remove the Session stuff all together and just simply check the AuthCookie for my custom properties ID, RegionID, Username, and Slug. I can already get the "ClaimedIdentifier" out of the AuthCookie using HttpContext.User.Identity.Name... I just need to be able to extend it.
In my asp.net application, users are created by the administrators & those users need to log-in into the system using their own email/password or openid. So what is the best option to implement in this scenario?
I mean, as users can't register them self,do administrator required to associate each openid with the users & what kind of table structure do I need?
And do I also need the log-in interface like that of [URL] showing multiple types of authentication(default & openid from various providers)?
I am trying to implement OpenId for an internal web app. Our college is on Google Apps for Edu, so we have the suite of Google OpenID and OAuth exposed to us.
I would like my login page to have the standard username and password, and additionally a button on the side that will authenticate internal users to our app domain.
I have followed the example here [URL] but it seems that the rules are different for the google apps id than a general google id.
I have some trouble using the openid check_authentication. The answer from the openid providers (I tried with google and myopenid) is always: is_valid:false I do already get the openid.sig and openid.identity but when I try to verify my data with the check_authentication call it always returns is_valid:false. What I have done so far (authentication with google openid in this example, but for myopenid it was the same): I redirect the web user from my page to the following: [URL]
(Without the line breaks of course, I put them in this post only to keep it readable. localhost:104/evalgoogle.aspx is my local test environment) I will then get redirected to the google login page where I can sign in and accept that I will login at Localhost. I unchecked the remember checkbox though. After logging in I will get redirected to the return_to page I set and get the following data in the request:
openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
&openid.mode=id_res
&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud
&openid.response_nonce=2010-02-12T14%3A46%3A52Z1PDyxBssEN9p5g
&openid.return_to=http%3A%2F%2Flocalhost%3A104%2Fevalgoogle.aspx
&openid.assoc_handle=AOQobUfpVnBFYzFO15z92rru88nWjEnw0u8ethVscpjDwkssp8GjVc0u
&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to
%2Cresponse_nonce%2Cassoc_handle
&openid.sig=24Hetky5HrNwrY3%2B%2B2vtIGnvmnI%3D
&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D{SOMEID}
&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D{SOMEID}
(where {SOMEID} is my google id) To verify this signature and google id, I composed a webrequest calling the check_authentication as described in openid.net/specs/openid-authentication-1_1.html#mode_check_authentication. My problem now is that this always returned is_valid:false To eliminate possible problems in my webrequest, I now create just a html form with the data I get back from google like this:
<form method="post" action="<%=Request.Params["openid.op_endpoint"] %>">
<div>
<input type="text" name="openid.mode" value="check_authentication" />
<input type="text" name="openid.assoc_handle" value="<
%=Request.Params["openid.assoc_handle"] %>" />
" />
" />
" />
" />
" />
" />
But this also just yields the is_valid:false