Comments (4)
Hi Andrew, was this fixed or is there a work around? I updated to the latest version and cannot use RequireSSL in my web.config for my Google Apps implementation.
With the DotNetOpenAuth.OpenId.RelyingParty.OpenIdTextBox control, I get this error if I turn RequireSSL to on:
{DotNetOpenAuth.Messaging.ProtocolException:
Sorry. This site only accepts OpenIDs that are HTTPS-secured, but
http://gaschool.scolab.com/openid?id=116298317018479467791 is not a secure Identifier."
at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args)
at DotNetOpenAuth.Messaging.ErrorUtilities.ThrowProtocol(String message, Object[] args)
at DotNetOpenAuth.OpenId.RelyingParty.PositiveAuthenticationResponse.VerifyDiscoveryMatchesAssertion(OpenIdRelyingParty relyingParty)
at DotNetOpenAuth.OpenId.RelyingParty.PositiveAuthenticationResponse..ctor(PositiveAssertionResponse response, OpenIdRelyingParty relyingParty)
at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo)}
Does this mean I have content going over an insecure channel, or just that I do not enforce such behavior?
Thanks a lot, keep the good work!
Carl
from dotnetopenauth.
No, this hasn't been fixed yet.
from dotnetopenauth.
Thanks for the update. Can you tell me the security implication of turning RequireSSL to off?
Does this mean I have content going over an insecure channel, or just that I do not enforce such behavior?
Thanks!
Carl
from dotnetopenauth.
RequireSsl=false does not mean that SSL will not be used. It merely means that DNOA will permit use of non-SSL channels if such channels are either the only option, or according to XRDS discovery considered to be the preferred option.
RequireSsl=true guarantees that only SSL channels will be used. If your only discovery module is the HostMetaDiscoveryService one (you've removed the normal one) then you may already be set to go. If I recall correctly, the HTTPS URLs are already hard-coded, so RequireSsl=true may not offer anything new to you. Not certain, this is from memory.
from dotnetopenauth.
Related Issues (20)
- No source/symbols for the latest stable version
- Pass additional field parameters in oAuth request header
- <reporting enabled="true"/> leaves other IIS applications unable to use IsolatedStorage HOT 1
- Using StandardAccessTokenAnalyzer with the symmetric ICryptoKeyStore in stable 4.3.4 NuGet package
- Missing Credit HOT 2
- DotNetOpenAuth locally work but publish on server not work HOT 2
- Facebook messaged me that the graph api 2.0 version this library uses will not be supported come August 2016 HOT 4
- Really not an issue
- New error: The OpenID Provider issued an assertion for an Identifier whose discovery information did not match.
- OpenIdWebRingSsoRelyingParty canot CreateRequest
- THIS REPOSITORY IS DEAD ! HOT 6
- How to use code to set whitelistHosts?
- Audience parameter
- FacebookApplication.VerifyAuthentication return null on Facebook HOT 7
- The invalid URI: URI string is too long HOT 1
- SSO doesn't for web accelerator between SSO sites
- Web request to failed. Remote party has closed the transport stream.
- Facebook strict OAuth redirection URIs HOT 1
- Access tokens are too long HOT 3
- do refresh_token has a lifetime?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dotnetopenauth.