dotnetopenauth / dotnetopenauth Goto Github PK
View Code? Open in Web Editor NEWA C# implementation of the OpenID, OAuth protocols
Home Page: http://dotnetopenauth.net
License: Other
A C# implementation of the OpenID, OAuth protocols
Home Page: http://dotnetopenauth.net
License: Other
The current implementation of sending a GET request passes the OAuth authentication info via query string parameters. Not all api's accept this, most notably FitBit.com
Please provide an option so that the OAuth information can be sent via an Authentication HTTP header.
thanks
The OAuthServiceProviderSecuritySettingsElement.MaximumRequestTokenTimeToLive property does not carry over into the ServiceProviderSecuritySettings class.
Hi,
I'm using the OAuth 2 CTP and so far it looks great - good job!
However, there is one issue I recently encountered. I've implemented my authentication server in a way similar to that of the sample. My authentication endpoint is very simple - it just reads the request and builds an appropriate response using AuthporizationServer.
var tokenRequest = this.authorizationServer.ReadAccessTokenRequest();
var response = this.authorizationServer.PrepareAccessTokenResponse( tokenRequest, ResourceServerEncryptionPublicKey );
This approach has been working great with grant_type=authorization_code. But when I tested it with none (i.e. client credentials) or password (i.e. resource owner username and password) PrepareAccessTokenResponse throws an invalid cast exception. I've taken a look at the code of the method and it seems you cast the request object to ITokenCarryingRequest. However, only the AccessTokenAuthorizationCodeRequest type implements this interface, while the other two do not - AccessTokenClientCredentialsRequest and AccessTokenResourceOwnerPasswordCredentialsRequest.
I wanted to try and change the source code to see if implementing the interface will solve this, but I couldn't find it. Is it available anywhere?
File: dotnetopenid / src / DotNetOpenAuth / OpenId / RelyingParty / OpenIdLogin.cs
Code position:
private const string ButtonTextDefault = "Login �";
We provide partners with the opportunity to authenticate their users against our service using OpenID, and at times, the OpenID Identifier they provide results in 404 pages (especially during integration testing).
As discovery results are cached this often causes some users to be unable to sign in using OpenID if their identifier has previously returned 404 messages, and we must in turn disable the cache to allow them to sign in.
DNOA should apply some rules to what results are cached - that a resource returns a 404 one day does not mean it will do so the next. This also concerns delegation; if a user switches its provider and the original provider returns negatively for this user, how should DNOA respond? Something should cause it to discard the cache and perform the discovery anew.
From looking through the code and tests, it seems there's no way to generate a signature that's decoupled from the process of running a service endpoint. Am I missing it?
I'm looking for something in the neighborhood of this (which I'll probably continue using, but wanted a 'second opinion' on some character encoding issues):
http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs
This is a straightforward one-file library with a single method to generate the signature.
Thanks!
Implicit grants need to be supported, namely the creation of access tokens in direct response to end user authorization.
Included in this is the provision that we do not auto-approve implicit grants, even if the requested authorization was previously given already (since the client has not been authenticated).
We also need to let the host site determine the lifetime of the access token, and whether the requested scopes are appropriate for a less secure implicit grant type.
This is probably related to reporting.
Here are some stack traces from 3 threads at time of hang.
Google Apps asserts http:// claimed identifiers, but since host-meta based discovery doesn't actually ever perform an HTTP get on that identifier, RequireSsl should actually work with Google Apps discovery, provided the DNOA host meta discovery service skips the fallback discovery on the (insecure) domain itself.
The likely fix for this is for the HostMetaDiscoveryService in DotNetOpenAuth to be willing to perform discovery on insecure identifiers, but only to HTTPS trusted discovery hosts (such as Google Apps).
What is the current status?
Could this issue be used to track the status of the OAuth 2 support?
// Authorization using OAuth2
var scope = new[] { "scope1" };
var returnTo = new Uri("relative.html", UriKind.Relative);
myClient.RequestUserAuthorization(scope, null, returnTo)
This code doesn't work because library expects only absolute URLs.
I don't think there are issues to support also relative ones.
Thanx.
The OpenIdRelyingPartyControlBase.Extensions
property is ignored on all but the OpenIdSelector
control, making it more difficult to retrieve user attributes during login on OpenIdButton
controls.
When using the ResourceServer to verify access to a resource, VerifyAccess
leads to an instance of OAuthPrincipal
containing the provided scopes as roles internally.
If one wants access to the list of scopes this is not directly available, and you are forced to use the StandardTokenAnalyzer
directly, but this requires an IDirectedProtocolMessage
, which is not available from the ResourceServer.
Propositions
In order to support JSON web tokens (JWT) as access tokens in the future, the authorization server should support an extensible way of serializing, signing and encrypting access tokens.
We may also want to include in this interface a way to validate access tokens later, so that a resource server may contact the auth server on a backchannel to validate an access token.
In the interest of identifying the sources of all intellectual property included with DotNetOpenAuth, we should consider re-implementing the diffie-hellman algorithm. It may also resolve the unrepro'able random test failures we see on the DH tests.
DotNetOpenAuth 4.0.0.11165
The Message expired at 7/2/2011 5:23:50 PM and it is now 7/2/2011 5:36:29 PM.
Works locally(cassini), fails deployed. Tried using the example from http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/
privateSecretMaximumAge="07:00:00"
but the attribute wasn't recognized.
Server is Microsoft Windows NT 6.0.6002 Service Pack 2 (32 bit)
Microsoft-IIS/7.0
I have tried to build mono2 branch (on VS 2008, .net 3.5) and referenced DotNetOpenAuth.dll within ASP.NET MVC 2 application running on mono from master branch (version 2.11, default profile is 4.0), but I'm getting this exception during authentication.
IIS always defines the HTTP_HOST server variable, which defeats the URL rewriting reversal done in GetPublicFacingUrl
method.
See https://groups.google.com/d/topic/dotnetopenid/pdqK8aMpPA4/discussion for a discussion on this topic.
When trying to compile DotNetOpenAuth, I get a lot of errors complaining that the XML comments for a bunch of the classes don't start with exactly the right text. I couldn't figure out how to turn off this requirement in Visual Studio...
I have asked the question on stackoverflow.com:
http://stackoverflow.com/questions/7564256/dotnetopenauth-setting-the-popup-to-do-a-post-instead-of-a-get
So following up with the request to post a ticket here.
Simplest way to recreate the issue is to download the project from NerdDinner:
http://nerddinner.codeplex.com/
Then in the "NerdDinner/Services/OpenIdRelyingPartyService.cs" change the ClaimRequest to ask for additional fields:
request.AddExtension(new ClaimsRequest
{
Email = DemandLevel.Require,
FullName = DemandLevel.Request,
BirthDate = DemandLevel.Request,
Gender = DemandLevel.Request,
Country = DemandLevel.Request,
Nickname = DemandLevel.Request,
PolicyUrl = privacyPolicy,
});
This will now generate 414 error with Google when clicking on the Google provider button in the logon page.
Please let me know if I can provide more details.
See this Stackoverflow question (http://stackoverflow.com/questions/2466107/dotnetopenid-dotnetopenauth) for an example of how convoluted it is.
Perhaps something like:
<hostFilter>
<add allow="www.mysite.com" />
<add deny="www.badsite.com" />
</hostFilter>
Would provide a more tunable and obvious way to configure it.
We should also add OpenID OP Endpoint filters so people can do better filtering regardless of delegated IDs.
The http://tools.ietf.org/html/rfc5849 spec has made OAuth 1.0a obsolete. We should review to see what changes are necessary in DotNetOpenAuth.
I have an MVC3/Razor View that creates an info card
This calls back to a method that calls this code..
string xmlToken = this.HttpContext.Request.Params["xmlToken"];
Token token = Token.Read(xmlToken);
Then when the Token is initialized this error is thrown...
Attempt by method 'DynamicClass.lambda_method(System.Runtime.CompilerServices.Closure)' to access method 'System.Security.Cryptography.RSAPKCS1SHA1SignatureDescription..ctor()' failed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.MethodAccessException: Attempt by method 'DynamicClass.lambda_method(System.Runtime.CompilerServices.Closure)' to access method 'System.Security.Cryptography.RSAPKCS1SHA1SignatureDescription..ctor()' failed.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[MethodAccessException: Attempt by method 'DynamicClass.lambda_method(System.Runtime.CompilerServices.Closure)' to access method 'System.Security.Cryptography.RSAPKCS1SHA1SignatureDescription..ctor()' failed.]
lambda_method(Closure ) +55
System.IdentityModel.CryptoHelper.GetAlgorithmFromConfig(String algorithm) +584
System.IdentityModel.Tokens.RsaSecurityKey.GetHashAlgorithmForSignature(String algorithm) +45
System.IdentityModel.SignedXml.StartSignatureVerification(SecurityKey verificationKey) +324
System.IdentityModel.Tokens.SamlAssertion.VerifySignature(SignedXml signature, SecurityKey signatureVerificationKey) +35
System.IdentityModel.Tokens.SamlAssertion.ReadXml(XmlDictionaryReader reader, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) +1082
System.IdentityModel.Tokens.SamlSerializer.LoadAssertion(XmlDictionaryReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) +55
System.IdentityModel.Tokens.SamlSerializer.ReadToken(XmlReader reader, SecurityTokenSerializer keyInfoSerializer, SecurityTokenResolver outOfBandTokenResolver) +64
System.ServiceModel.Security.SamlTokenEntry.ReadTokenCore(XmlDictionaryReader reader, SecurityTokenResolver tokenResolver) +22
System.ServiceModel.Security.WSSecurityTokenSerializer.ReadTokenCore(XmlReader reader, SecurityTokenResolver tokenResolver) +140
System.IdentityModel.Selectors.SecurityTokenSerializer.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver) +22
DotNetOpenAuth.InfoCard.TokenUtility.AuthenticateToken(XmlReader reader, Uri audience) +112
DotNetOpenAuth.InfoCard.Token..ctor(String tokenXml, Uri audience, TokenDecryptor decryptor) +666
DotNetOpenAuth.InfoCard.Token.Read(String tokenXml, Uri audience, IEnumerable1 decryptionTokens) +213 DotNetOpenAuth.InfoCard.Token.Read(String tokenXml, Uri audience) +110 DotNetOpenAuth.InfoCard.Token.Read(String tokenXml) +79 NGM.OpenAuthentication.Controllers.CardSpaceAccountController.LogOn(String returnUrl) +138 lambda_method(Closure , ControllerBase , Object[] ) +140 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +17 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary
2 parameters) +208
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +27 System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12() +55 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func
1 continuation) +263
System.Web.Mvc.<>c__DisplayClass17.b__14() +19
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation) +263 System.Web.Mvc.<>c__DisplayClass17.<InvokeActionMethodWithFilters>b__14() +19 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func
1 continuation) +263
System.Web.Mvc.<>c__DisplayClass17.b__14() +19
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList1 filters, ActionDescriptor actionDescriptor, IDictionary
2 parameters) +191
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343
System.Web.Mvc.Controller.ExecuteCore() +116
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +97
System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) +10
System.Web.Mvc.<>c__DisplayClassb.b__5() +37
System.Web.Mvc.Async.<>c__DisplayClass1.b__0() +21
System.Web.Mvc.Async.<>c__DisplayClass81.<BeginSynchronous>b__7(IAsyncResult _) +12 System.Web.Mvc.Async.WrappedAsyncResult
1.End() +62
System.Web.Mvc.<>c__DisplayClasse.b__d() +50
System.Web.Mvc.SecurityUtil.b__0(Action f) +7
System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +22
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +60
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
Orchard.Mvc.Routes.HttpAsyncHandler.EndProcessRequest(IAsyncResult result) +55
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +8841105
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1
Please provide also the library built only for .Net 4.0 . (Not only for .Net 3.5)
Thanks.
Potential solution:
Under DotNetOpenAuth-3.4.6.10357a\Project Templates
Rename
“DotNetOpenAuth SDK-3.4.6.10360-VS2010.vsix”
“DotNetOpenAuth-3.4.6.10360-VS2008.vsi”
Unfortunately DotNetOpenAuth is using hashing algorithms that are not FIPS compliant (e.g SHA512Managed).
This means that DotNetOpenAuth will throw an error / not run on servers that enforce the FIPS policy.
More Info:
System.Security.Cryptography.SHA512Managed is not part of the Windows Platform FIPS-validated cryptographic algorithms.
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512managed.sha512managed.aspx
You can test this by enforcing FIPS compliance on your machine:
Run C:\Windows\System32\secpol.msc
Enable Security Settings\Local Policies\Security Options\System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms
And then run the code (These SHA classes are used by 'DotNetOpenAuth.OpenId.HmacShaAssociation’):
try { var a = new SHA512Managed(); }
catch (Exception e) { Console.WriteLine(e); }
try { var a = new HMACSHA512(); }
catch (Exception e) { Console.WriteLine(e); }
Solution:
Use a FIPS compliant SHA algorithm
e.g SHA512Cng
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512cng.aspx
Most government organisations are now implementing FIPS policies so this would be a good thing to fix.
Error:
System.TypeInitializationException:The type initializer for 'DotNetOpenAuth.OpenId.HmacShaAssociation' threw an exception.
at DotNetOpenAuth.OpenId.HmacShaAssociation.Create(Protocol protocol, String associationType, AssociationRelyingPartyType associationUse, ProviderSecuritySettings securitySettings)
at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.GetDumbAssociationForSigning()
at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.GetAssociation(ITamperResistantOpenIdMessage signedMessage)
at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.ProcessOutgoingMessage(IProtocolMessage message)
at DotNetOpenAuth.Messaging.Channel.ProcessOutgoingMessage(IProtocolMessage message)
at DotNetOpenAuth.Messaging.Channel.PrepareResponse(IProtocolMessage message)
at DotNetOpenAuth.OpenId.Provider.OpenIdProvider.PrepareResponse(IRequest request)
… in
System.InvalidOperationException:This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA512Managed..ctor()
at DotNetOpenAuth.OpenId.HmacShaAssociation..cctor()
That's why we recommend that package authors put the assemblies in a target framework specific folder:
http://docs.nuget.org/docs/creating-packages/creating-and-publishing-a-package#Common_Framework_and_Profile_Targeting_Examples
In this case, Andrew, you should put the dll in lib\net40-full and not in directly in the lib folder.
By the way, if you point the nuget pack command at a project file, we automatically create the package correctly.http://docs.nuget.org/docs/creating-packages/creating-and-publishing-a-package#From_a_project
Although support for an extension in a negative assertion is not in the spec, Google exercises this ability for their x-has-session addition to the UI extension response.
Since we already have an IAuthenticationResponse.GetUntrustedExtension<T>()
method, it makes sense that we could actually make this method work for negative assertions. Since the extensions are not signed, they are unreliable, but the method name suggests this so this shouldn't be a problem.
See discussion here https://groups.google.com/d/topic/dotnetopenid/cHEsEbnpMUc/discussion
Just got this in my error logs:
System.OverflowException: Value was either too large or too small for an Int32.
Generated: Tue, 08 Feb 2011 03:23:17 GMT
System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type DotNetOpenAuth.ApplicationBlock.Facebook.FacebookGraph. The value '100000706054681' cannot be parsed as the type 'Int32'. ---> System.Xml.XmlException: The value '100000706054681' cannot be parsed as the type 'Int32'. ---> System.OverflowException: Value was either too large or too small for an Int32.
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at System.Runtime.Serialization.Json.XmlJsonReader.ParseInt(String value, NumberStyles style)
--- End of inner exception stack trace ---
at System.Runtime.Serialization.Json.XmlJsonReader.ParseInt(String value, NumberStyles style)
at System.Xml.XmlDictionaryReader.ReadElementContentAsInt()
at ReadFacebookGraphFromJson(XmlReaderDelegator , XmlObjectSerializerReadContextComplexJson , XmlDictionaryString , XmlDictionaryString[] )
at System.Runtime.Serialization.Json.JsonClassDataContract.ReadJsonValueCore(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)
at System.Runtime.Serialization.Json.JsonDataContract.ReadJsonValue(XmlReaderDelegator jsonReader, XmlObjectSerializerReadContextComplexJson context)
at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, Type declaredType, DataContract& dataContract)
at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName)
at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
--- End of inner exception stack trace ---
at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
at DotNetOpenAuth.ApplicationBlock.Facebook.FacebookGraph.Deserialize(Stream jsonStream)
Hi Andrew,
Thought I'd share a recent work-around... facebook doesn't return "expires_in" and therefore all generated access tokens are without an expiration value.
I ended up overloading ProcessUserAuthorization() to transfer epoch time from the token to the AuthorizationState object.
figured this might help someone in the future..
reference info:
http://www.quora.com/Do-the-OAuth2-access-tokens-in-the-new-Facebook-Graph-API-expire
-Mark
OpenID providers shouldn't be required to retain associations and their secrets in memory or in a database. For instance, Yahoo has encoded their association data within the association handle itself (making the handle ~140 characters long). DotNetOpenAuth can do that too using the new DataBag class.
The current OAuth 2 tree allows for using a single RsaCryptoServiceProvider
instance across multiple threads simultaneously. This class is documented as not thread-safe. Therefore we need to adjust the DNOA interfaces such that the host can provide a factory of these instead of just a singleton.
This causes interop failures with consumers who omit the optional oauth_version parameter.
DotNetOpenAuth must be able to discern between a message part whose value was defaulted into the message, and one whose value was explicitly included.
Captured from this report: https://groups.google.com/d/topic/dotnetopenid/8W5LjAiZW_M/discussion
A buggy RP can cause DNOA OP to throw a KeyNotFoundException instead of a ProtocolException. A log of the problem is here:
{
"Url": "/openid/provider",
"Parameters": {
"openid.assoc_handle": "{634477555066085461}{TTYcIg==}{32}",
"openid.claimed_id": "https://openid.stackexchange.com/user/f5e91123-e5b4-43c5-871f-5f276c75d31a",
"openid.identity": "https://openid.stackexchange.com/user/f5e91123-e5b4-43c5-871f-5f276c75d31a",
"openid.mode": "check_authentication",
"openid.op_endpoint": "https://openid.stackexchange.com/openid/provider",
"openid.response_nonce": "2011-08-01T00:32:10Zvdyt3efw",
"openid.return_to": "http://openid-consumer.appspot.com/finish?session_id=1543025&janrain_nonce=2011-08-01T00%3A32%3A09ZIPGz7D",
"openid.sig": "b0Rll6Kt1KKBWWBEg/qBvW3sQYtmhOUmpI0/UREBVZ0=",
"openid.signed": "claimed_id,identity,assoc_handle,op_endpoint,return_to,response_nonce,ns.sreg,sreg.email,sreg.fullname",
"openid.sreg.email": "[email protected]",
"openid.sreg.fullname": "Kevin K Montrose",
"ALL_HTTP": "HTTP_CONTENT_LENGTH:869\r\nHTTP_CONTENT_TYPE:application/x-www-form-urlencoded\r\nHTTP_ACCEPT_ENCODING:gzip\r\nHTTP_HOST:openid.stackexchange.com\r\nHTTP_USER_AGENT:AppEngine-Google; (+http://code.google.com/appengine; appid: openid-consumer)\r\nHTTP_X_REAL_IP:209.85.224.82\r\nHTTP_X_FORWARDED_FOR:209.85.224.82\r\nHTTP_X_FORWARDED_PROTO:https\r\n",
"ALL_RAW": "Content-Length: 869\r\nContent-Type: application/x-www-form-urlencoded\r\nAccept-Encoding: gzip\r\nHost: openid.stackexchange.com\r\nUser-Agent: AppEngine-Google; (+http://code.google.com/appengine; appid: openid-consumer)\r\nX-Real-IP: 209.85.224.82\r\nX-Forwarded-For: 209.85.224.82\r\nX-Forwarded-Proto: https\r\n",
"APPL_MD_PATH": "/LM/W3SVC/14/ROOT",
"APPL_PHYSICAL_PATH": "C:\sites\openid.stackexchange.com\prod",
"AUTH_TYPE": "",
"AUTH_USER": "",
"AUTH_PASSWORD": "",
"LOGON_USER": "",
"REMOTE_USER": "",
"CERT_COOKIE": "",
"CERT_FLAGS": "",
"CERT_ISSUER": "",
"CERT_KEYSIZE": "",
"CERT_SECRETKEYSIZE": "",
"CERT_SERIALNUMBER": "",
"CERT_SERVER_ISSUER": "",
"CERT_SERVER_SUBJECT": "",
"CERT_SUBJECT": "",
"CONTENT_LENGTH": "869",
"CONTENT_TYPE": "application/x-www-form-urlencoded",
"GATEWAY_INTERFACE": "CGI/1.1",
"HTTPS": "off",
"HTTPS_KEYSIZE": "",
"HTTPS_SECRETKEYSIZE": "",
"HTTPS_SERVER_ISSUER": "",
"HTTPS_SERVER_SUBJECT": "",
"INSTANCE_ID": "14",
"INSTANCE_META_PATH": "/LM/W3SVC/14",
"LOCAL_ADDR": "64.34.119.23",
"PATH_INFO": "/openid/provider",
"PATH_TRANSLATED": "C:\sites\openid.stackexchange.com\prod\openid\provider",
"QUERY_STRING": "",
"REMOTE_ADDR": "64.34.119.10",
"REMOTE_HOST": "64.34.119.10",
"REMOTE_PORT": "51829",
"REQUEST_METHOD": "POST",
"SCRIPT_NAME": "/openid/provider",
"SERVER_NAME": "openid.stackexchange.com",
"SERVER_PORT": "80",
"SERVER_PORT_SECURE": "0",
"SERVER_PROTOCOL": "HTTP/1.0",
"SERVER_SOFTWARE": "Microsoft-IIS/7.5",
"URL": "/openid/provider",
"HTTP_CONTENT_LENGTH": "869",
"HTTP_CONTENT_TYPE": "application/x-www-form-urlencoded",
"HTTP_ACCEPT_ENCODING": "gzip",
"HTTP_HOST": "openid.stackexchange.com",
"HTTP_USER_AGENT": "AppEngine-Google; (+http://code.google.com/appengine; appid: openid-consumer)",
"HTTP_X_REAL_IP": "209.85.224.82",
"HTTP_X_FORWARDED_FOR": "209.85.224.82",
"HTTP_X_FORWARDED_PROTO": "https"
},
"ReceivedCookies": {},
"SendingCookies": {},
"ReceivedHeaders": {
"Content-Length": "869",
"Content-Type": "application/x-www-form-urlencoded",
"Accept-Encoding": "gzip",
"Host": "openid.stackexchange.com",
"User-Agent": "AppEngine-Google; (+http://code.google.com/appengine; appid: openid-consumer)",
"X-Real-IP": "209.85.224.82",
"X-Forwarded-For": "209.85.224.82",
"X-Forwarded-Proto": "https"
},
"SendingHeaders": {
"Server": "Microsoft-IIS/7.5",
"Content-Encoding": "gzip",
"Cache-Control": "private",
"X-AspNet-Version": "4.0.30319"
},
"Form": {
"openid.assoc_handle": "{634477555066085461}{TTYcIg==}{32}",
"openid.claimed_id": "https://openid.stackexchange.com/user/f5e91123-e5b4-43c5-871f-5f276c75d31a",
"openid.identity": "https://openid.stackexchange.com/user/f5e91123-e5b4-43c5-871f-5f276c75d31a",
"openid.mode": "check_authentication",
"openid.op_endpoint": "https://openid.stackexchange.com/openid/provider",
"openid.response_nonce": "2011-08-01T00:32:10Zvdyt3efw",
"openid.return_to": "http://openid-consumer.appspot.com/finish?session_id=1543025&janrain_nonce=2011-08-01T00%3A32%3A09ZIPGz7D",
"openid.sig": "b0Rll6Kt1KKBWWBEg/qBvW3sQYtmhOUmpI0/UREBVZ0=",
"openid.signed": "claimed_id,identity,assoc_handle,op_endpoint,return_to,response_nonce,ns.sreg,sreg.email,sreg.fullname",
"openid.sreg.email": "[email protected]",
"openid.sreg.fullname": "Kevin K Montrose"
},
"Message": "The given key was not present in the dictionary.",
"StackTrace": " at System.Collections.Generic.Dictionary2.get_Item(TKey key)\r\n at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.<>c__DisplayClassd.<GetSignature>b__b(<>f__AnonymousType2
2 <>h__TransparentIdentifier9)\r\n at System.Linq.Enumerable.WhereSelectArrayIterator2.MoveNext()\r\n at DotNetOpenAuth.OpenId.ChannelElements.KeyValueFormEncoding.GetBytes(IEnumerable
1 keysAndValues)\r\n at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.GetSignature(ITamperResistantOpenIdMessage signedMessage, Association association)\r\n at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.ProcessIncomingMessage(IProtocolMessage message)\r\n at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message)\r\n at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message)\r\n at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest)\r\n at DotNetOpenAuth.OpenId.Provider.OpenIdProvider.GetRequest(HttpRequestInfo httpRequestInfo)\r\n at OpenIdProvider.Controllers.OpenIdController.Provider() in c:\Builds\OpenIdProvider\prod\OpenIdProvider\Controllers\OpenIdController.cs:line 160\r\n at lambda_method(Closure , ControllerBase , Object[] )\r\n at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters)\r\n at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary
2 parameters)\r\n at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass15.b__12()\r\n at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilter filter, ActionExecutingContext preContext, Func1 continuation)\r\n at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(ControllerContext controllerContext, IList
1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters)\r\n at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)\r\n at System.Web.Mvc.Controller.ExecuteCore()\r\n at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)\r\n at System.Web.Mvc.MvcHandler.<>c__DisplayClass6.<>c__DisplayClassb.b__5()\r\n at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.b__0()\r\n at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()\r\n at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)",
"Id": "93938b5f-d973-44c8-aae5-98ad29ebea6a",
"CreationDate": "/Date(1312158730508)/",
"RemoteIP": "209.85.224.82",
"Type": "System.Collections.Generic.KeyNotFoundException",
"UserId": null
}
When certificate private keys are not exportable from the Windows certificate store, it isn't possible to obtain an RSAParameters struct to pass to DotNetOpenAuth. But obtaining an RSACryptoServiceProvider is still possible and can perform the functions that DotNetOpenAuth requires. Since an RSACryptoServiceProvider can always be created from RSAParameters, we should probably switch the APIs to use the former rather than the latter -- or at least offer overloads that take either one.
This effectively renders the tool useless to those who aren't persistent enough to find and properly place the external dependency. We need to get this dependency ILMerge'd in just like the core library.
I am getting quite a few errors (caught by ELMAH) caused by the dotnetopenid library. The stack trace of the error is pasted below. My application is developed in ASP.NET MVC3 and is hosted on IIS7.0. Any help in resolving these would be appreciated.
System.Web.HttpException (0x80070057): The remote host closed the connection. The error code is 0x80070057.
at System.Web.Hosting.IIS7WorkerRequest.RaiseCommunicationError(Int32 result, Boolean throwOnDisconnect)
at System.Web.Hosting.IIS7WorkerRequest.ExplicitFlush()
at System.Web.HttpResponse.Flush(Boolean finalFlush)
at System.Web.HttpResponse.End()
at DotNetOpenAuth.Messaging.OutgoingWebResponse.Send(HttpContext context) in c:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\Messaging\OutgoingWebResponse.cs:line 161
at DotNetOpenAuth.Messaging.OutgoingWebResponse.Send() in c:\Users\andarno\git\dotnetopenid\src\DotNetOpenAuth\Messaging\OutgoingWebResponse.cs:line 129
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<InvokeActionResultWithFilters>b__11()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
Vkontakte (vk.com) response on oauth/access_token like: {"access_token":"{token}","expires_in":86399,"user_id":123456789}
I want to access to "user_id" with oauth2.
In oauth1 (WebConsumer) i have ExtraData in function "Provider.ProcessUserAuthorization()" result, but in oauth2 (WebServerClient) not have this parameter.
Sorry for my English.
Hi
I am using dotnetopenauth library with an asp.net mvc 3 site.
It works on my local host but when I put it up on my testing server it does not work.
When I click on say to go to "google" it comes back with this message
The OpenId url sent to the server
failed to redirect. Please Try again
To get my site to work on my live site I had to remove this line from my web.config
<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
I kept getting an error saying "There is a duplicate 'uri' section defined". I am not sure if dotnetopenauth needs that.
I am using
asp.net mvc 3
C#
.net 4.0
iis 7(on a shared hosting plan)
Without breaking changes preferably, we should provide a convenient way for sites to send responses without relying on the built-in ASP.NET ThreadAbortException behavior.
See this discussion for more details.
https://groups.google.com/d/topic/dotnetopenid/eNO4ReD0ZQo/discussion
Some methods that should be created:
OpenIdRelyingParty.CreateRequestAsync()
It is anticipated that those participating in ASP.NET async (freeing up HTTP handler threads while doing I/O bound work for a web request) will be very interested in these DNOA async methods. Particularly when .NET 4.5 is available.
Submitting multiple query string parameters with the same name in a GET request fails. The OAuth 1.0a spec describes this:
OAuth 1.0a Spec - Parameters Normalization -
http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
This type of GET request can be found in APIs from Google ( http://code.google.com/apis/buzz/v1/using_rest.html#count) and LinkedIn? ( http://developer.linkedin.com/docs/DOC-1006) as examples.
Originally submitted to DNOA forum at: http://groups.google.com/group/dotnetopenid/browse_thread/thread/fc1bf73c406dc000/20e50256e96b6a53#20e50256e96b6a53
The recent changes to the HtmlHelpers class left the MVC project template broken.
The need for this was brought to light by this thread:
https://groups.google.com/d/topic/dotnetopenid/O3TVKwgU4MY/discussion
As reported in https://groups.google.com/forum/#!topic/dotnetopenid/X0heZE2ATZQ
2048 appears to be too long in some configurations. Users should be able to easily customize this value.
Similar to OAuth 2.0's design in DotNetOpenAuth, OAuth 1.0 service providers probably ought to be able to issue self-descriptive access tokens such that no db table is required to store them.
In OAuth 1.0, request tokens probably need to have state on the SP because they can be either authorized or unauthorized, and should only be exchangeable for an access token once. So SPs may still be required to store these short-term request tokens. But this should cost considerably less than storing the longer term access tokens. Perhaps some clever trick of only storing authorized request tokens may be utilized to further decrease the number and timeframe a request token is stored for.
Beyond just reducing storage, avoiding storage of these tokens can decrease the effectiveness of a DoS attack based on occupying unbounded storage resources on the SP.
When use Firefox and IdentitySelector (http://identityselector.codeplex.com) then displays the infocardselector control only an "undefined" message at the top of the page. There is no object tag in header definied.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.