Scott Hanselman

The Weekly Source Code 25 - OpenID Edition

April 30, 2008 Comment on this post [161] Posted in ASP.NET | ASP.NET MVC | DasBlog | Identity | Source Code
Sponsored By

OpenID Logo We spent a lot of time at Corillian (my last job) thinking about Identity, and a few months before I left I started getting into Cardspace and OpenID. This was a little over a year ago. We did a podcast on OpenID as well.

At that time, I tried to take the only .NET implementation at the time of OpenID which was written in in Boo written originally by Grant Monroe and port it to C# causing me to go through the Programmer Phases of Grief. Andrew Arnott and Jason Alexander took the reins and we spend a number of late nights trying to get a good OpenID library working. I gave up, but they soldiered on and created dotnetopenid (downloads), including a client and server as well as Andrew's excellent ASP.NET controls .

Fast-forward to now. My new friend Aaron Hockley decided to a stands and promote OpenID. He said:

Effective immediately, I will no longer comment on tech blogs that don’t support OpenID for comment authentication.

He's just one guy, but his heart is in the right place. He points out that:

Google offers it as a Blogger option. It’s available as a super-easy-to-install WordPress plugin. Movable Type has it as a built-in feature.

OpenID is a good thing and it's Growing. You may already have an OpenID if, for example, you have a Yahoo! account. More on this soon.

How to turn your blog into an OpenID

Simon Willison wrote How to turn your blog into an OpenID and it's very easy.

STEP 1: Get an OpenID. There a lots of servers and services out there you can use. I use http://www.myopenid.com for two reasons. One, I know the CEO (they're in Portland), and two, they support optionally using CardSpace to authenticate yourself (as well as the standard way with password).

STEP 2: Add these two lines to your blog's main template in-between the <HEAD></HEAD> tags at the top of your template. Most all blog engines support editing your template so this should be an easy and very possible thing to do.

Example:

<link rel="openid.server" href="http://www.myopenid.com/server" />
<link rel="openid.delegate" href=
http://YOURUSERNAME.myopenid.com/ />

This will let you use your domain/blog  as your OpenID. Now, I can log in with "http://www.hanselman.com" when I see an OpenID Login option - and so can you! Go do it now!

Making OpenID Logins Easier

If you have a blog or site with OpenID support, you should go get this little snippet of JavaScript and install an OpenID ID Selector on your blog from http://www.idselector.com/.

virgin-3

One of the things that is slowing OpenID adoption is that many people don't realize that they may already have one. That's what this little Javascript is trying to do by showing folks sites that they recognize. This way my Dad could login using Yahoo and it would make sense to him. It's a little busy, but it's a start. I've added an http://www.idselector.com/ to my blog for comments.

Adding OpenID Support to DasBlog

A year ago, I originally tried to port the Boo code to C# in an attempt to enable OpenID in DasBlog but eventually gave up. However, last night, I re-familiarized myself with the OpenID spec (it's on 2.0 now) and started reading the source for http://code.google.com/p/dotnetopenid/.

In a word, it's a joy. I was able to get OpenID running OK in two hours and working well and up on my blog in two more. I have to give credit to the fantastic work that Andrew Arnott and Jason Alexander and team are doing. It's come far and you should know about it, Dear Reader.

I had two scenarios in DasBlog (again, in case you didn't know, it's the C# and XML-based blog that runs this site and others) to handle.

First, I wanted to support OpenID for Comments which wouldn't actually "log a user in" in the stateful FormsAuthentication sense. I think this isn't a very common scenario, and I'd describe it as One-Time Occasional Authentication. In this case, I used the dotnetopenid classes directly in a moderately complex scenario.

Second, I wanted to support OpenID to login as the Administrator for my site. This would, in fact, log me in via FormsAuthentication. This would be a common scenario that you'd probably care about as it's very typical. In this case, I used the dotnetopenid ASP.NET Controls, which were about as easy as falling off a log. (That's pretty easy.)

Here's the first, harder, scenario.

If you've entered your OpenID and hit Submit Comment then we'll store the current entry and the comment you're submitting. We'll be redirecting away to get authenticated and we'll need them when we get back. If you're running in a WebFarm, you'll want to store these temporary variables in a database or somewhere that doesn't have node-affinity.

Session["pendingComment"] = comment.Text;
Session["pendingEntryId"] = ViewState["entryId"] as string;
OpenIdRelyingParty openid = new OpenIdRelyingParty();
IAuthenticationRequest req = openid.CreateRequest(openid_identifier.Text);
ClaimsRequest fetch = new ClaimsRequest();
fetch.Email = DemandLevel.Require;
fetch.Nickname = DemandLevel.Require;
req.AddExtension(fetch);
SaveCookies();
req.RedirectToProvider();
return;

What I think of as an "OpenID Client" is called a "Relying Party" or "RP" in the parlance of the OpenID folks. In this code we create an AuthenticationRequest and add some additional claims. There's a nice interface-based extension model in this lower-level library that lets you Request or Require information from the user's profile. For comments on the blog, I just need your email for your Gravatar and your Nickname for Display.

I then call RedirectToProvider, and that's if for the request side. Remember I said this was the hard scenario! Not so hard. ;)

Next, we're redirected to an OpenIDProvider, we authenticate (or not) and are redirected BACK with additional information encoded on the GET. On the way back in, in our Page_Load (or an HttpHandler if you like) we check the Response status.  If we're Authenticated, we grab the info we requested and add the comment. Bam. Sprinkle in a little error handling and we're all set.

OpenIdRelyingParty openid = new OpenIdRelyingParty();
if (openid.Response != null)
{
// Stage 3: OpenID Provider sending assertion response
switch (openid.Response.Status)
{
case AuthenticationStatus.Authenticated:
ClaimsResponse fetch = openid.Response.GetExtension(typeof(ClaimsResponse)) as ClaimsResponse;
string nick = fetch.Nickname;
string homepage = openid.Response.ClaimedIdentifier;
string email = fetch.Email;
string comment = Session["pendingComment"] as string;
string entryId = Session["pendingEntryId"] as string;
if (String.IsNullOrEmpty(comment) == false && String.IsNullOrEmpty(entryId) == false)
{
AddNewComment(nick, email, homepage, comment, entryId, true);
}
break;
}
}

Here's the second scenario where we'll log in as the Administrator of the blog. I just register the DotNetOpenId assembly in my ASPX page and put an <openidlogin> control on the page. Notice that even the claims I created in the manual scenario above are just properties on this control. There's also events like OnLoggedIn to handle the results.

<%@ Register Assembly="DotNetOpenId" Namespace="DotNetOpenId.RelyingParty" TagPrefix="cc1" %>
<cc1:openidlogin id="OpenIdLogin1"
RequestEmail="Require" RequestNickname="Request" RegisterVisible="false"
RememberMeVisible="True" PolicyUrl="~/PrivacyPolicy.aspx" TabIndex="1"
OnLoggedIn="OpenIdLogin1_LoggedIn"/></cc1:openidlogin>

This controls renders nicely as seen in the screenshot below.

image

In the OnLoggedIn event, I call my existing security APIs (Thanks to Tony Bunce and Anthony Bouch) and set the AuthCookie from FormsAuthentication.

protected void OpenIdLogin1_LoggedIn(object sender, OpenIdEventArgs e)
{
UserToken token = SiteSecurity.Login(e.Response);
if (token != null)
{
FormsAuthentication.SetAuthCookie(userName, rememberCheckbox.Checked);
Response.Redirect(SiteUtilities.GetAdminPageUrl(), true);
}
}

Poof. I love using well designed libraries and just work. At this point all that was left was adding some CSS and tidying up.

OpenID and ASP.NET WebForms and MVC

The dotnetopenid source includes source for sample sites. It actually includes three samples, two WebForms and one ASP.NET MVC.

The MVC implementation is very clean, even though (or because?) it doesn't use controls. Here's the Authenticate Controller Action:

public void Authenticate() {
var openid = new OpenIdRelyingParty();
if (openid.Response == null) {
// Stage 2: user submitting Identifier
openid.CreateRequest(Request.Form["openid_identifier"]).RedirectToProvider();
} else {
// Stage 3: OpenID Provider sending assertion response
switch (openid.Response.Status) {
case AuthenticationStatus.Authenticated:
FormsAuthentication.RedirectFromLoginPage(openid.Response.ClaimedIdentifier, false);
break;
case AuthenticationStatus.Canceled:
ViewData["Message"] = "Canceled at provider";
RenderView("Login");
break;
case AuthenticationStatus.Failed:
ViewData["Message"] = openid.Response.Exception.Message;
RenderView("Login");
break;
}
}
}

What about CardSpace?

Infocard LogoOpenID is a spec for a protocol that "eliminates the need for multiple usernames across different websites, simplifying your online experience."  What's cool is that it's open, so you (the consumer) gets to pick your Provider. It's not owned by anyone, so it's ours to screw up (or succeed with).

CardSpace is built into Vista and installed on XP when you put .NET 3.0 on your system. There are also Identity Selectors for Safari and Firefox in the works. It's different than OpenID in that it's concerned with strong authentication. Therefore, they are very complimentary.

Here's my CardSpace login as I'm getting ready to log into this blog...

image

...because my chosen OpenID provider at http://www.myopenid.com (it's free) also supports both InfoCards and SSL Certificates for authentication as well as strong passwords.

Notice the "Sign into Information Card" icon below next to the IconCard purple icon.

image

An OpenID provider can choose to use anything available with which to authenticate you. Here's a video of a Belgian using an eID to authenticate against an OpenID provider at http://openid.trustbearer.com/ that supports biometric devices, USB keys, and smart cards.

So What?

Get involved and give it a try! Here's some things you can do.

  1. Sign up for a Free OpenID at MyOpenID or one of the many public OpenID providers out there.
  2. Go use your new OpenID at one of the many sites that supports OpenID.
    • Come back to this post and leave your first comment using OpenID!
  3. Watch Simon Willison talk about the case for OpenID (video)

And, if you're a developer, get an OpenID library like dotnetopenid and consider enabling your app. Consider using the Javascript ID Selector to make for a nicer User Experience.

Technorati Tags: ,,

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
April 30, 2008 12:21
Sorry for meaningless comment using OpenId
KAE
April 30, 2008 12:50
Looks like it works from a blackberry
April 30, 2008 13:12
I have nothing useful to say but will be jolly pleased if this works!
April 30, 2008 13:35
Yet another meaningless OpenID Comment
April 30, 2008 13:43
Also, there's the the MVC Membership Starter Kit which show how to authenticate with the dotnetOpenId assembly, Windows Live ID and of course the traditional forms authentication.

+1 for MVC and OpenId :)
PK
April 30, 2008 21:15
I've tried both from work and at home, on Firefox and on IE6/7 to post a comment using my OpenID from Blogspot. It continues to throw an error, so if you are looking through the error logs and notice a few, that's what is causing it.
April 30, 2008 21:20
Hm..nothing in the logs...do you have a screenshot?
April 30, 2008 21:31
test
April 30, 2008 21:32
test2
April 30, 2008 21:32
Test while "stay signed in" == true.
April 30, 2008 21:32
Test3
April 30, 2008 21:34
I like the OpenID Selector.

What do you think about letting the user enter a OpenID and a homepage? Not everyone has delegation setup so linking to their OpenID URL isn't always the best action.
April 30, 2008 21:35
I also get an error with OpenId, stating:

An error has been encountered while processing the page. We have logged the error condition and are working to correct the problem. We apologize for any inconvenience.
April 30, 2008 21:35
Honestly I'm not the biggest fan of the OpenID javascript thingy, but I guess it is good for getting people to realize that they might already have an OpenID. I personally prefer to use a website that I know I'll use forever (like my own) and delegate the authentication to whatever OpenID provider I'm using at the time.

Nice work and looking forward to see you at DevTeach!

Scott
April 30, 2008 21:36
Working well Scott. Great to see your support for OpenID.
April 30, 2008 21:39
James, can you check your OpenID Provider to see if your Nickname or FullName are set?
April 30, 2008 21:40
Mucman. Yes, I understand your concern about the Javascript thingy, but just set Allow Forever and you'll never worry about it again. ;)
April 30, 2008 21:40
This is weird. It's the 3rd time I try to comment with openID. The other two times the comment showed on your page. Then when I did a refresh, the comment was gone! That happened two times already, any ideas?
April 30, 2008 21:41
I've been trying to get more synergy between my IT resources of late. Adding the OpenID link tags in the header is perfect. I'll be adding the OpenID comment support to my blog as soon as I can.

Thanks for the tip.
April 30, 2008 21:43
Test with no Email
April 30, 2008 21:48
OpenId to the rescue
April 30, 2008 21:52
Ramiro - That may be my fault, I'm slapping bugs as fast as I can and I may have been updating the site while you were submitting.
April 30, 2008 21:52
Hi Scott,

Great post and good walk-through.
April 30, 2008 22:05
Being a lemming and posting using my openid :)
April 30, 2008 22:05
Thanks for the help on Open ID. I just picked up the new book on Cardspace and am looking to implement it myself. I think this might be the year Open ID gains traction.
April 30, 2008 22:17
Would it make more sense for Task 2, to instead of use OpenID to login to dasBlog, instead make dasBlog an OpenID provider, so you don't need a service like myopenid?
April 30, 2008 22:19
One other thing I noticed after I just left this comment. It appears that you use as a link back to me in the comment section the URL for my OpenID provider (in this case nickschweitzer.net which redirects to nickschweitzer.myopenid.com). However, when I setup MyOpenID, I created multiple "personas", and for this comment, I asked that my "Coding Monkey" persona be used. That personal links to www.thecodingmonkey.net. Is there a way for you to determine that in the response and use that URL for linking purposes instead?
April 30, 2008 22:27
Nothing to see here..testing new OpenID provider
April 30, 2008 22:29
Nick - From my point of view, if we make DasBlog a Provider, then we suddenly are out of the blog business and we're chasing cool futures like all the OpenID providers. I don't want to implement SmartCard support. ;) Let the providers push the envelope and I'll pick the one I like. My OpenID won't change.
April 30, 2008 22:31
Very cool - I'll have to switch my personal site over to OpenID.

What are your thoughts on using this in place of new account creation? Maybe use this in forum software and just have them enter any additional profile info and have that mapped to their openID?
April 30, 2008 22:32
Heh. Looked into OpenID a while back, but was waiting for Blogger to roll out its support for it a bit better. After the reminder of this post, here I am using your blog as a test :D
April 30, 2008 22:37
So, my blog is now setup as my OpenID identity. Been meaning to do that for a while. It is amazing how effective a gentle reminder can be. Great blog.
April 30, 2008 22:38
Dave - Exactly. Most good OpenID-using sites don't actually ask you to *create* an account.

The idea is that it turns folks off..."create ANOTHER account?" So you offer "Create" and "Login with OpenID" and it's all automatic. You don't even need to store profile details because you can get them from the OpenID provider by requesting them.
April 30, 2008 22:43
Great post! I still wish that the Cardspace integration in Firefox were better. I'm trying out http://www.codeplex.com/IdentitySelector because it uses the same UI as IE does with Cardspace.

I have to admit, though, that Cardspace usage still doesn't make a ton of sense to me (from an end-user's perspective). Like, if I should be storing my cards on my flash drive so that I can use them between computers, etc.

(not that you have to use Cardspace with OpenID)
April 30, 2008 22:48
Scott - However it is not unreasonable to expect that many sites may ask you to fill in additional profile details that are not covered in the OpenID spec or that are not approved for transfer by the OpenID provider. A great example of this is the age check that is required on many ecommerce sites in order to meet certain laws in the US.
April 30, 2008 22:51
David, CardSpace is a *system level service* so I think that I'd like my infocards managed in the same way regardless of browser. The fact that the Identity Selector is the same for FireFox and IE is a GOOD thing. Why would I want a different one? That said, there's this older proof of concept in Java: http://xmldap.org/

Again, as you said not that you have to use Cardspace with OpenID.
April 30, 2008 22:53
Joe Brinkman - Yes, and that's why there are extensions to OpenID to request things that aren't cover by the spec (see my ClaimsRequest example). If folks want height or weight or whatever, they can still host it at the Provider and it can still be requested by the Client (RP) as I understand it.
April 30, 2008 22:54
test
April 30, 2008 23:09
Test
April 30, 2008 23:24
Test post, OpenID-Blogspot, Firefox 2.0.0.14
April 30, 2008 23:55
Test from Norway with OpenID
April 30, 2008 23:59
Ignore this. Just testing ...
May 01, 2008 0:10
Checkity check.
May 01, 2008 0:35
worst.. comment.. ever...
May 01, 2008 0:36
Test
May 01, 2008 0:36
test2
May 01, 2008 0:38
test3
May 01, 2008 0:41
test4
May 01, 2008 0:42
test5
May 01, 2008 0:47
I just started looking into this, the website I use frequently for development (www.unfuddled.com) just started supporting it which ROCKS!

On another note, it's fun to see my friend Aaron getting the world straightened out about blog comment authentication and things. I too find it very frustrating trying to login or not login, or maybe setup a whole different account to login and comment on blogs. Very frustrating.
May 01, 2008 1:17
Did you ever fix the code for the gravatar to force to lowercase before computing the MD5? Let's see :)
May 01, 2008 1:17
Yes, you did :)
May 01, 2008 1:58
test
May 01, 2008 2:09
test
May 01, 2008 2:15
Sorry, just a test.
May 01, 2008 2:16
Sorry, but since there is no "preview", this is the only way to test what happens when I select OpenID.
May 01, 2008 2:17
Don't apologize! Test on testers!
May 01, 2008 2:28
Test again.
May 01, 2008 2:29
Thanks Scott, it works now!
May 01, 2008 2:46
test
May 01, 2008 2:59
test. using my blog url.
May 01, 2008 3:40
I like the idea that you can cname a subdomain to openid, e.g. openid.hanselman.com/scott
May 01, 2008 4:01
Excellent post, glad Aaron made the post when he did, sure has stirred up some excellent discussion. Lets all demand OpenID!
May 01, 2008 5:24
test
May 01, 2008 7:00
Comment using OpenID :)
May 01, 2008 8:47
yay test to see if this works.
May 01, 2008 9:46
Here's another OpenID test.
May 01, 2008 9:52
Yet another test!
May 01, 2008 12:17
Just a test!
May 01, 2008 17:44
And another
May 01, 2008 20:17
Just a few thoughts -- when you have two methods of login for leaving a comment, I was left questioning which pieces of information were going to be pulled from where...

For instance, I have previously commented on your blog, so my "details" are pre-populated. I can now put in my openId. Is it going to pull my email from the openId or the E-mail field? If my OpenId profile website field has no value, does it pull the "Home Page" value from the details section?

Anyway, I've been struggling with issues like this on a project that I've been working on. Whenever there is a new paradigm, figuring out the optimal way to go about things is a challenge.

I implemented auto-sign-up using dotnetopenid and I have a method for signing in if you don't have an openId -- but I did some user testing and people were putting in their openId and then additionally filling out the info for the other type of login as well.

Basically, it seems that the lowest friction method for setting up a non openId account is to ask for a username / password, send an opt-in email, and confirm the account when they return to your site via an email link.

OpenId is cool and it is really strong from the perspective of low friction for the initial sign-up process.

Still, it would be a good idea for the community to come up with some sort of consensus of how to integrate OpenId with the flow of a normal "username / password / email confirm" login process since not everyone jumps on the hayride at the same time. You would probably lose a lot of users if you only allowed authentication with OpenId.
May 01, 2008 21:16
I like Thomas Freudenberg's idea about using a subdomain.
May 01, 2008 21:22
Another test
May 01, 2008 21:23
OpenID I Like
May 01, 2008 21:46
One thing that bothers me in the OpenID space is that while Yahoo and Google both act as OpenID providers they themselves don't allow logging in using OpenID. I'd love to log into Flickr or Google Analytics using OpenID vs. yet another set of logins.

Another OpenID area that needs developing is new signups. A lot of places offer OpenID authentication only *after* you've gone through a lenghty signup process when most of that information could have been pre-populated via OpenID. The same even goes for your comment authentication, it seems an AJAX call could be made that shows the Name, EMail and Homepage once the user tabs away from the OpenID box.

So many ideas, so little time :)

May 01, 2008 22:37
Timothy: Great point! Currently, if you use OpenID I pull from OpenID *only*. If you use the other form, I'll pull from there, just like before. At some point in the next few years, I'll remove the ability to leave unauthenticated comments, I think, but only after like at least 75% of folks have OpenIDs (like if Google or LiveID jumps in). I thought about graying out the other controls if you have something in the OpenID field, but I'm not good at JavaScript.
* Any volunteers want to write me a JQuery that disables the 3 fields of the OpenID is filled out? and vice versa?

Shawn: Dude, preach on. The big players don't *get it* yet.


May 01, 2008 22:43
I see the advantage of openid and want to use it on my latest solution.

Benny
May 01, 2008 22:49
Awesome. Testing.
May 01, 2008 22:54
Yay, Open Id!
May 01, 2008 23:05
Another comment
May 01, 2008 23:27
Scott - While the OpenID 2.0 spec added support via the OpenID Attribute Exchange spec this is still a problem since that spec is not widely implemented by the OPs or RPs. As a result there are still a large number of common properties that are not provided for in the original OpenID 1.1 spec and that are requested by many websites. Also, it should be noted that the user may or may not have provided all of their profile details to the OP or may have denied the request to provide the profile data to the RP. In this scenario, the RP still needs to have a mechanism in place on how to deal with some profile attributes which are not provided by the OP for whatever reason.
May 01, 2008 23:41
Ok, you ask for tests but how many tests can one man handle.
May 02, 2008 0:08
Can it actually work?
Eef
May 02, 2008 0:25
Just a test :)
May 02, 2008 0:51
I have had an open ID forever. The thing is that on blog comments, I had really liked the Gravatar option, and it would be cool to see an integration somehow...
May 02, 2008 0:53
I just wanted to test what would happen if I entered all the details above (my openid as well as the usual details).
May 02, 2008 0:54
Sorry to spam your blog with comments Scott, but it's disappointing that neither my OpenID Persona image, nor my gravatar shows if I use OpenId.
May 02, 2008 1:12
Vaibhav - Your Gravatar isn't showing because you haven't entered your email in your default persona on your OpenID provider's site. The Gravatar will display if you have set your email, as I request your email when you login. You also haven't set your "Nickname."
May 02, 2008 1:20
Test
May 02, 2008 1:36
Well, looks like I have tied Vaibhav in terms of spam. Sorry for the bother :( but testing is fun!
May 02, 2008 3:00
Got it!
dws
May 02, 2008 3:17
Thanks for introducing me to OpenID! I had heard about both Cardspace and OpenID in passing but had never really investigated either technology too deeply.

Hoping this works,
-- Stu
Stu
May 02, 2008 4:03
Nothing to add, just testing like everyone else :)
May 02, 2008 7:26
Let's see if IE times out...
May 02, 2008 9:22
Testing blog openid url... The first post linked to myopenid page instead.
May 02, 2008 9:41
Does this really work? Do I still remember my OpenID?
May 02, 2008 9:42
nnn
May 02, 2008 12:06
Testing my newly created openid account...
May 02, 2008 15:29
Nice work. Now I *really* do need to upgrade to the latest build of Das Blog.
May 02, 2008 18:09
The selector isn't providing a good default for yahoo IDs. The template should be https://me.yahoo.com/ .
May 03, 2008 0:02
Testing openID... Hopefully now I can leave comments :)
May 03, 2008 1:24
Testing?
May 03, 2008 1:37
One last thought -- you might ask JitBit to add OpenId authentication to their forum software.

Cheers,
Timothy
May 03, 2008 2:37
Testing
May 03, 2008 6:50
test
May 03, 2008 8:55
Nice post. I wonder how hard it would be to add this to BlogEngine.NET...
May 03, 2008 15:02
Testing if you re-pull details after my persona is altered
May 03, 2008 15:14
Either you didn't update or you are ignoring my webpage in favour of my openid
May 03, 2008 15:22
Ok.... Did I set my Blog up correctly?
May 03, 2008 22:12
-Rory = According to MyOpenID they aren't sending the Persona's Webpage yet (see comment above).
May 04, 2008 4:42
testing
May 05, 2008 3:09
Just trying out openid!
May 05, 2008 7:32
It Woiks!
May 05, 2008 10:06
Works :) .. one up ... My site works with OpenId too.
Cheers
Vishal
May 05, 2008 19:36
It still works.
May 05, 2008 23:15
Yet another useful OpenID test, from italy :-)
May 06, 2008 7:22
OpenID rocks
May 06, 2008 10:28
My test comment
May 06, 2008 11:23
test
May 06, 2008 11:50
test2
May 06, 2008 19:37
testing openid login, testing gravatar
May 07, 2008 16:00
test :)P
May 08, 2008 13:22
Great post. Thanks.
May 08, 2008 22:59
I just set up my personal website as my OpenID last week. It was surprisingly easy, and I'm digging the user experience so far.
May 08, 2008 23:39
Test 1
May 09, 2008 7:53
openID test :)
May 09, 2008 21:01
OpenID redirect from my blog. Nice.
May 10, 2008 2:50
Another OpenID test
May 11, 2008 12:54
Yet Another OpenID Test :)
May 13, 2008 4:39
test
May 14, 2008 9:37
I noticed that the DasBlog login code has an addition about the necessity of including e.Cancel. You might want to update your source code listing if that's the case. I'm looking at LoginBox.ascx.cs:

/// <summary>
/// Fired upon login.
/// Note, that straight after login, forms auth will redirect the user to their original page. So this page may never be rendererd.
/// </summary>
protected void OpenIdLogin1_LoggedIn(object sender, OpenIdEventArgs e)
{
e.Cancel = true; //Need to cancel or the control will log us in for free. Eek!
UserToken token = SiteSecurity.Login(e.Response);
if (token != null)
{
SetAuthCookie(token.Name, token.Name);
Response.Redirect(SiteUtilities.GetAdminPageUrl(), true);
}
}
May 14, 2008 16:43
testing
May 14, 2008 20:10
Yep, the obligatory test :)
May 16, 2008 21:02
Testing my OpenID
May 19, 2008 19:48
Got my openid, used the dotnetopenid package and tried it in my sample ASP.NET MVC application. Works like a charm :)
Pix
May 20, 2008 17:10
test!
May 21, 2008 18:32
Yet another open ID test...
May 21, 2008 22:56
Gah. That friggen button next to the openid textbox just screams "HEY! CLICK ME TO AUTHENTICATE! LOL UR STUPID".
May 22, 2008 8:14
Are there any plans on integrating this into the official DasBlog source?
May 23, 2008 5:12
Chris - Already done!
May 23, 2008 6:23
just testing with my claimid openid -- I got a .NET error the last time I tried to leave a comment with it.
May 27, 2008 7:10
Test
May 27, 2008 7:44
OpenID test using website as OpenID
May 28, 2008 15:19
Got OpenID support for comments running on my .net blog - sweet!
May 29, 2008 5:07
Cool, this worked, now I have my blog as an OpenID. What a great way to get comments!
May 31, 2008 7:56
Testing some openId settings
June 03, 2008 8:41
good article
June 05, 2008 1:17
Where do you install the nice selector in wordpress? do you have to hack into the core of it?
Thank you.
June 10, 2008 14:53
testing - thanks for a thorough and comprehensive post!
June 20, 2008 22:34
Question about the OpenID ID Selector, and OpenID in general: suppose I trust Yahoo and Flickr, but I've never heard of Vidoop or Vox (which I haven't, BTW). Can I lock down to only accept OpenIDs from folks who keep their IDs at places I trust? Or if I support OpenID, do I have to support all of them?
June 22, 2008 1:39
test
June 23, 2008 1:50
myopenid.com comment test.
June 24, 2008 21:40
Verisign comment test. Kind of worried this won't give me a picture.
June 25, 2008 22:00
test
June 25, 2008 22:04
test2
June 27, 2008 21:01
Hi everyone!

I was trying to setup my dasblog based blog (it's in godaddy) to use openId. I had the blog running with the latest release, but I haven't been able to when using a build supporting open id.

Do you know if the openid capable versions have some issue regarding using medium trust? Any tips on enabling openid?

Thanks!
June 27, 2008 21:56
The code is up at http://www.codeplex.com/dasblog !

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.