All geek questions in one place

DotNetOpenAuth: Why don't I always get the same OpenID with email account?

I am trying to log in using the OpenID / Relying Party (Google, Yahoo! ..). My login page is as follows.

What I want to do is simply:

Get the OpenID from the user, save it and associate it with the user account. Every time this unique OpenID is returned from the provider, I know that the user associated with it is now registered. Plain.

The problem is that response.ClaimedIdentifier.OriginalString is that I THINK to be OpenID, not unique. It is almost unique. In most cases, the return value is one and the same, but sometimes, not always, for some reason (especially changing browsers or computers), this value changes, and I create another user account.

What am I doing wrong? What is the TRUE OpenID code that I have to store, which is unique regardless of browsers or computers?

 public partial class Pages_User_LoginOpenID : LivrePage { OpenIdRelyingParty relyingParty = new OpenIdRelyingParty(); IAuthenticationResponse response = null; protected void Page_Load(object sender, EventArgs e) { response = relyingParty.GetResponse(); if (response != null) { switch (response.Status) { case AuthenticationStatus.Authenticated: // verifico se existe um usuário com este openid OpenId openId = UserHelper.GetSession().CreateCriteria<OpenId>().Add(Expression.Eq("IdentifierString", response.ClaimedIdentifier.OriginalString)).UniqueResult<OpenId>(); if (openId == null) { openId = new OpenId(); openId.IdentifierString = response.ClaimedIdentifier.OriginalString; // não existe usuário com este OpenId User newUser = UserHelper.CreateUser(openId); SecurityManager.Login(newUser.Id); } else SecurityManager.Login(openId.User.Id); Response.Redirect(UrlFactory.GetUrlForPage(UrlFactory.PageName.Home)); break; default: break; } } } // processes the login button click protected void ButtonLogin_Click(object sender, EventArgs e) { if (response == null) relyingParty.CreateRequest(TextBoxOpenID.Text).RedirectToProvider(); } }
+4
source share
1 answer

You are close, but a little in code. The unique identifier is not response.ClaimedIdentifier.OriginalString , but simply response.ClaimedIdentifier . The OriginalString is a little different, and in fact it should probably be marked internal to avoid confusion. Although ClaimedIdentifier is of type Identifier , it actually becomes a string automatically when you assign it to a string variable, so don't worry about it.

Now about splitting user accounts. Most likely, your problem is that OpenID causes a “directional authentication” in which the OpenID provider (in this case Google) sends another OpenID for the same user, depending on what value the IAuthenticationRequest.Realm property IAuthenticationRequest.Realm . It is very important that your site makes sure that Realm always has the same meaning, each time recognizing your site as the same each time, giving you the same ClaimedIdentifier for the same user every time.

So what could be wrong? Unless you set the Realm value explicitly, DotNetOpenAuth guesses that this is the URL of your home page. But it depends on the URL of the incoming request. For example, if users can visit your site using both http://www.yoursite.com/ and https://www.yoursite.com/ (note the https scheme on the second), then both are legitimate home pages , and DotNetOpenAuth will use some kind of scheme in which the user visits your login page. Similarly, if your site is available both at http://yoursite.com and http://www.yoursite.com (pay attention to www), this also becomes two different values ​​in the field. What you need to do is set the scope explicitly, with something like:

 relyingParty.CreateRequest(TextBoxOpenID.Text, "https://www.yoursite.com/").RedirectToProvider();

This ensures that your users receive the same ClaimedIdentifier each time.

+6
source

Source: https://habr.com/ru/post/1313455/

More articles:


All Articles