DotNetOpenAuth: How to implement a simple OpenId provider?

会有一股神秘感。 提交于 2020-01-22 06:00:25

问题


Every OpenId provider has a provider Url (e.g Google: https://www.google.com/accounts/o8/id)

Using OpenIdRelyingParty.CreateRequest I successfully managed to redirect the user to Google provider Url and receive the provider callback. Everything worked fine.

Now I'm trying to implement my own simple OpenId provider (I want to act as Google on my example). DotNetOpenAuth has a provider demo called OpenIdProviderWebForms. For the last 4 or 5 hours I've been tryng to connect to it using the same demo I managed to connect on Google. First: It's not clear to me what URL should I call. I tried all Urls (server.aspx, provider.ashx...) and all of them trigger an exception "No OpenID endpoint found". All the configurations seems to be just fine.

How do I implement a simple OpenId provider? What URL should I call in the OpenRelyingParty.CreateRequest ?


回答1:


First let's establish some terms:

The User-supplied identifier is the string that the user actually types in (or is triggered by clicking a predefined button at the RP) that triggers OpenID discovery to take place. It is not normalized, and should never be used to represent the user in your database because it is not secure or unique, but it is a necessary starting point. Discovery on this identifier yeilds either a claimed identifier or an OP Identifier. Examples: yahoo.com, myopenid.com, andrewarnott.myopenid.com

The Claimed Identifier is the OpenID Identifier that the user "controls" or uses as his identity. It may or may not be a URL (it may be an XRI). A positive assertion from an OP will always be a claimed identifier (even if discovery started with an OP Identifier). Examples: https://andrewarnott.myopenid.com/

The OP Identifier, or "OpenID Provider Identifier" is the OpenID Identifer that RPs may perform discovery on to begin an identifier select flow where the RP does not yet know what the user's Claimed Identifier will be. Examples: https://me.yahoo.com/, http://www.myopenid.com/ and https://www.google.com/accounts/o8/id

The OP Endpoint is the actual URL that the RP redirects the user to in order to authenticate the user, and is used to establish shared associations or perform direct verification of an assertion that uses an OP private association. Examples: http://localhost/server.aspx, http://localhost/provider.ashx, https://www.google.com/accounts/o8/ud (note the ud ending instead of id)

So with all that background, your OpenIdRelyingParty.CreateRequest call should receive a user-supplied identifier, which may also be a claimed identifier or an OP Identifier. It should not be the OP endpoint. So for example, you might pass in:

openIdRelyingParty.CreateRequest("http://localhost/sampleop/")

or

openIdRelyingParty.CreateRequest("http://localhost/user.aspx?username=bob")



回答2:


For the DotNetOpenAuth MVC examples, the Open Id Identifier url to use is http://localhost:4864/User/Identity (where OpenIdProviderMvc is configured to run on port 4864 on localhost)



来源:https://stackoverflow.com/questions/3557430/dotnetopenauth-how-to-implement-a-simple-openid-provider

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!