Plip's Weblog

Phil Winstanley - British .NET chap based in Lancashire. Enjoys tea and tech. Working for Microsoft.

OpenId in ASP.NET

Just wanted to commit this to my memory and share it with others!

Mads Kristensen recently blogged about his ASP.NET Implementation of OpenId. It seems to be by far the simplest solution I've seen thus far.

http://blog.madskristensen.dk/post/OpenID-implementation-in-Csharp-and-ASPNET.aspx

Some links to help the search engines: -

ASP.NET OpenId

Open Id in ASP.NET

I'll let you know how I get on with it.

Thanks Mads, great work!

UPDATE

This works fantastically well, with a few additions I have it fully implemented inside an existing ASP.NET site: -

Custom Security Principal: -

using System.Security.Principal;

namespace Site.Code.BusinessLogic

{

public class OpenIdPrincipal : IPrincipal

{

public OpenIdPrincipal(IIdentity identity)

{

_identity = identity;

}

public OpenIdPrincipal(IIdentity identity, string[] roles)

{

_identity = identity;

_roles = new string[roles.Length];

roles.CopyTo(_roles, 0);

Array.Sort(_roles);

}

private IIdentity _identity;private string[] _roles;

 

// IPrincipal Implementation

public bool IsInRole(string role)

{

return Array.BinarySearch( _roles, role ) >=0 ? true : false;

}

public IIdentity Identity

{

get

{

return _identity;

}

}

}

}

Global.asax.cs

protected void Application_AuthenticateRequest(object sender, EventArgs e)

{

//http://msdn2.microsoft.com/en-us/library/aa302401.aspx#secnetht06_step4

string cookieName = FormsAuthentication.FormsCookieName;

HttpCookie authCookie = Context.Request.Cookies[cookieName];

if (null == authCookie)

{

return;

}

FormsAuthenticationTicket authTicket = null;

try

{

authTicket = FormsAuthentication.Decrypt(authCookie.Value);

}

catch (Exception ex)

{

return;

}

if (null == authTicket)

{

return;

}

// Create an Identity object

FormsIdentity id = new FormsIdentity(authTicket);if (id.Name.IndexOf("http://") == 0)

{

// This principal will flow throughout the request.

Site.Code.BusinessLogic.OpenIdPrincipal principal = new Site.Code.BusinessLogic.OpenIdPrincipal(id);

Context.User = principal;

}

}

Then once we've got the data back from the OpenId provider: -

//Create the Authentication cookie and redirect the user to their home page

//http://msdn2.microsoft.com/en-us/library/aa302401.aspx#secnetht06_step4

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(data.Identity, false, 60);

string encryptedTicket = FormsAuthentication.Encrypt(authTicket);

HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,encryptedTicket);

Response.Cookies.Add(authCookie);

Response.Redirect("~/Home.aspx");

Then if you need to support both normal user and the OpenId users you can use something like this: -

if (HttpContext.Current.User is OpenIdPrincipal)

{

//Response.Write("OpenId");

//Response.Write(HttpContext.Current.User.Identity.Name);

}

The ASP.NET Membership controls won't work with this - needs a custom provider which recognises the bits and bobs of OpenId. 

 

 

Posted: Feb 02 2008, 11:43 PM by Plip | with 10 comment(s)

Comments

Openid » OpenId in ASP.NET said:

Pingback from  Openid » OpenId in ASP.NET

# February 2, 2008 8:07 PM

Anthony Johnston said:

Where'd it go? The links are dead

# June 15, 2010 2:29 PM

robert said:

try this project instead:

http://www.dotnetopenauth.net/

# November 11, 2010 7:52 AM

Women's ShiRts said:

I like to take a break for the duration of the my day and browse by way of some blogs to view what others are saying. This blog appeared in my search and i couldn't aid but clicking on it. I am glad I did because it was a quite pleasurable learn.

--------------------------------------------

my website is  

http://happykidskaraoke.info

Also welcome you!

# November 23, 2010 5:14 AM

Indian Food Recipes said:

Interesting guide. Have been made you obtained all the details from.!!!.

--------------------------------------------

my website is  

http://howtobbq.org

Also welcome you!

# December 2, 2010 4:12 AM

zero skateboard said:

"I have been reading through your posts throughout my smoke break, and I've to admit the whole write-up has been really useful and quite effectively written. I thought I  would let you recognize that for some cause this website does not display nicely in IE 8. I would like Microsoft would stop upgrading stuff. We have a question to suit your needs. Would  you mind swapping blog roll links? That would be genuinely neat! "

--------------------------------------------

my website is <a href="zeroskateboards.org/">zero skateboarding</a> .Also welcome you!

# December 3, 2010 5:58 AM

cnn ipad app said:

The man who has made up his mind to win will never say "impossible ".

-----------------------------------

# December 22, 2010 3:40 AM

best ipad application said:

-----------------------------------------------------------

A mutual friend said I really should come have a have a look at your website. Glad I clicked around the hyperlink! I like how you genuinely concentrate and get to the bottom line but can  you run by means of that last portion again? Just just a little?

# January 9, 2011 9:32 AM

Paul said:

You're far better off writing it yourself.

# April 13, 2011 2:25 PM

wafa4 said:

dear sir

i want to write a code for Openid login on  a website.Please Provide Full step how to implement this task.

Thank you.

wafaa.wafa@hotmail.com

# May 25, 2011 1:38 AM