问题
Every OpenId provider has a provider Url (e.g Google: https://www.google.com/accounts/o8/id)
Using OpenIdRelyingParty.CreateRequest
I successfully managed to redirect the user to Google provider Url and receive the provider callback. Everything worked fine.
Now I'm trying to implement my own simple OpenId provider (I want to act as Google on my example). DotNetOpenAuth has a provider demo called OpenIdProviderWebForms. For the last 4 or 5 hours I've been tryng to connect to it using the same demo I managed to connect on Google. First: It's not clear to me what URL should I call. I tried all Urls (server.aspx, provider.ashx...) and all of them trigger an exception "No OpenID endpoint found". All the configurations seems to be just fine.
How do I implement a simple OpenId provider? What URL should I call in the OpenRelyingParty.CreateRequest
?
回答1:
First let's establish some terms:
The User-supplied identifier
is the string that the user actually types in (or is triggered by clicking a predefined button at the RP) that triggers OpenID discovery to take place. It is not normalized, and should never be used to represent the user in your database because it is not secure or unique, but it is a necessary starting point. Discovery on this identifier yeilds either a claimed identifier
or an OP Identifier
. Examples: yahoo.com, myopenid.com, andrewarnott.myopenid.com
The Claimed Identifier
is the OpenID Identifier that the user "controls" or uses as his identity. It may or may not be a URL (it may be an XRI). A positive assertion from an OP will always be a claimed identifier (even if discovery started with an OP Identifier). Examples: https://andrewarnott.myopenid.com/
The OP Identifier
, or "OpenID Provider Identifier" is the OpenID Identifer that RPs may perform discovery on to begin an identifier select
flow where the RP does not yet know what the user's Claimed Identifier will be. Examples: https://me.yahoo.com/, http://www.myopenid.com/ and https://www.google.com/accounts/o8/id
The OP Endpoint
is the actual URL that the RP redirects the user to in order to authenticate the user, and is used to establish shared associations or perform direct verification of an assertion that uses an OP private association. Examples: http://localhost/server.aspx, http://localhost/provider.ashx, https://www.google.com/accounts/o8/ud (note the ud ending instead of id)
So with all that background, your OpenIdRelyingParty.CreateRequest
call should receive a user-supplied identifier, which may also be a claimed identifier or an OP Identifier. It should not be the OP endpoint. So for example, you might pass in:
openIdRelyingParty.CreateRequest("http://localhost/sampleop/")
or
openIdRelyingParty.CreateRequest("http://localhost/user.aspx?username=bob")
回答2:
For the DotNetOpenAuth MVC examples, the Open Id Identifier url to use is http://localhost:4864/User/Identity
(where OpenIdProviderMvc is configured to run on port 4864 on localhost)
来源:https://stackoverflow.com/questions/3557430/dotnetopenauth-how-to-implement-a-simple-openid-provider