dotnetopenauth

问题 I'm implementing an OAuth2 provider, and I would like to have an area somewhere in my web site where developers log on and register third party apps. But I'm having doubts on how to generate the apps's client identifier and client secret. Should they be unique random codes, or do they have to have some meaningful information to the client? I guess they could be random. Well I've been looking for best practices on how to do this, but haven't found that much. So any answers will be appreciated.

问题 I'm building an ASP.NET MVC site where I want to use DotNetOpenAuth to implement OpenID login (I'm completely dropping username/password-based login). So far, I've been writing my code for the default username/password system with the ASP.NET Membership Provider, utilizing the roles system, the profile system, and the basic registration system. Now, in my migration to OpenID, I'm foreseeing some issues, specifically with interfacing with membership controls provided by the ASP.NET Membership

问题 I am running an issue with google openid identifier. I am using dotnetopenauth library (successor of dotnetopenid) in simple asp.net mvc project. During tests on localhost I noticed that from time to time google generates new claimed identifier. Why is that? Is it just with localhost? Everything looks okay with different providers (like Yahoo) 回答1: Google OP creates a unique and "anonymous"-looking Claimed Identifier for each user-RP Realm combination. (it is not based on the domain, but the

问题 I am running an issue with google openid identifier. I am using dotnetopenauth library (successor of dotnetopenid) in simple asp.net mvc project. During tests on localhost I noticed that from time to time google generates new claimed identifier. Why is that? Is it just with localhost? Everything looks okay with different providers (like Yahoo) 回答1: Google OP creates a unique and "anonymous"-looking Claimed Identifier for each user-RP Realm combination. (it is not based on the domain, but the

问题 I'm having a lot of difficulty finding answers to a scenario I have to implement using DotNetOpenAuth and a particular flow I have to deal with. In the graphic below I am in control of both the MVC site and API. The API is both my Authorisation server and my Resource Server. Username and Password Flow The process is fairly obvious in a case where the user has created a local account on my system as I'm dealing with user name and password credetials to log them into the site which I can then

问题 I want to integrate Open ID, Google and Yahoo login in my site, So please anyone can tell me the process of integration in ASP.NET. 回答1: You may be interested in free OpenID library for .NET: Extereme Swank OpenID Consumer for .NET 2.0 回答2: Google and Yahoo support OpenID, so you just need to OpenID enable your website. This is a great article which tells you step by step of what you need to do. You will still need an OpenID library for .NET in order to do that. 回答3: I have actually written a

问题 I am trying to use the CTP to connect with Facebook over OAuth 2.0. I can get the initial request to Facebook working OK, but when it comes back and we call: // Where null will become an HttpRequestInfo object client.ProcessUserAuthorization(null); I get: The remote server returned an error: (400) Bad Request. I haven't really done much with the initial codebase; merely set the optional values to null (we're still on .NET 3.5). Any clues would be much appreciated. Also, and i guess this is

问题 I am using Dotnetopenid for login. I am logs in my application by using dotnetopenid provider suppose google. At the time of logout I am ending the my application user's session by FormsAuthentication.SignOut(); but if I am not closing the browser and logs in using google it will not ask me for id-password and land me on secured page of my apllication. Also, if i will try gmail.com it will directly lands me user account without asking id-password. So how could I logout completely from my

问题 How can I make my desktop application into an OpenID relying party? 回答1: Since OpenID has a specified protocol, it will either work all the time (assuming providers are conforming) or not at all. Additionally, since the OpenID protocol (at least the authentication bits, see the specification) consists of simple HTTP requests, you could implement the protocol in a desktop application assuming you know how to make such requests. It is generally considered a bad idea though, since there are

问题 I've created an OAuth2 authorization server using DotNetOpenAuth, which is working fine - I'm using the resource owner password flow, and successfully exchanging user credentials for an access token. I now want to use that access token to retrieve data from secure endpoints in a ServiceStack API, and I can't work out how to do so. I've examined the Facebook, Google, etc. providers included with ServiceStack but it's not clear whether I should be following the same pattern or not. What I'm