How to create an openid in ASP. NET

Preface (reference Lee's program life-blog Park-openid user manual Java Edition )

Openid Openid is not widely used in China, and few sites support openid logon. But add some openid information first. What is openid? The so-called openid is to use a URL for login account and password verification. In details, you do not need to register or enter a password. you can log on to the website as long as you have an openid. It may be a bit difficult to understand. Next, let's get a little deeper understanding. Assume that you have applied for an openid from a website that can apply for an openid. The link is "yys.163.com" {Openid is a URL link, not a previous letter or letter + number.} What is openid? Openid is an open and discrete open-source framework for user digital identification. Let us think about the types of online accounts we own: blog, wiki, to-do list, and personal album. Today, with the increasing popularity of network applications, these personal online accounts are countless, and the needs for accounts are also everywhere, even if we want to make comments on a friend's blog, We need to register as a user of the blog system. As an end user, we had to set up accounts on each website and manage numerous accounts. With openid technology, you do not need to manage these independent accounts, but manage your unique identity through the authentication server. A common application scenario of openid: a user attempts to log on to an external website. Unlike the method of submitting a user name and password, he only submits his own URL, for example: http://johnsmith.example.com/ This URL points to the user's openid authentication server and is also the user's identity. Therefore, external websites can use this URL to find the user's authentication server and ask the authentication server: "This user claims that he owns this URL. This URL indicates that you are responsible for the authentication, so please tell me if this user can visit my site ?". The authentication server prompts the user to log on to the authentication system and asks whether the user can perform authentication with an external website. If the user agrees, the authentication server will notify the external website that the user has passed the authentication. Above, we use anthropomorphic expressions to vividly interpret the entire authentication request/response process. You can use the same URL as an identifier for any external website that supports openid authentication. This is exactly the biggest difference between openid and other traditional authentication methods. By using URLs, external sites can easily obtain the server location for authentication. Only the authentication server needs to enter a password to verify the user's identity. Other sites that want to authenticate user identity will ask the user's registered authentication server. If you are using a portal site that supports openid (such as AOL), you can use the ready-made AOL Instant Message Logon account to log on to the AOL site without having to register it. Therefore, we can guess that Google and Yahoo may have begun to build their openid service. You must know how openid implements the decentralized service? Because the user has the right to select the openid service provider, you will initially choose AOL as the openid provider. After a while, you may feel that you want to change to another openid provider, in this case, you need to modify the following HTML tags: <link rel="openid.server" href="http://openid.example.com/"> The most common location for saving the link metadata is the root page of a personal site (such as a blog. How to Use openid? Openid perfectly solves the synchronization problem of multiple accounts, but not just that. For example, you can use it to create a Single Sign-On (Single Sign-On) across applications and cross-domains ). If you use the same openid to log on to the blog and personal album, you only need to perform one authentication during the logon process. For each application to be logged on after this (in the same session cycle), you only need to provide the openid instead of the traditional user name and password. Most openid providers also provide support for multiple configurations. In this way, you can use Bob Smith to log on to your blog and use Robert J Smith to log on to the enterprise wiki. With the increasing maturity of the openid provider and the improvement of the openid function, we will soon use the service to authenticate users from the openid Authentication Server Host Name of the partner company. Which websites support openid? Shortly after the emergence of openid technology, it has gained popularity among many public consumption sites: Digg, Six Apart, zoomr, and AOL. Among them, AOL provides openid support for old users, so that 65 million of login users can use openid within one day. At present, more than 95 million of users can use openid to log on to the system, and 25 to 50 sites are added to the team that supports openid specifications every day. In addition, openid provides support for firefox3 and Microsoft Windows Vista. The following is a list of languages that implement the openid code library: • C # • C ++ • Java • Perl • Python • Ruby • PHP • ColdFusion The openid community maintains a list of these code libraries: http://openid.net/wiki/index.php/libraries.

 

Implement openid login in ASP. NET

	Register an openid account, where http://www.myopenid.com is used.
	1. Download the powerful C # openid library dotnetopenid from Google Code and apply it to your project.
	2. Some good availability functions are added during openid logon. This is optional. For the formatted openid box, go to: Id selector.
	3. Go to Scott hanselman's example post. You will be familiar with how to add openid to ASP. NET websites.
	4. Create a logon form. Here the user control is used. <% @ Control Language = "C #" autoeventwireup = "true" codebehind = "openidloginform. ascx. CS "inherits =" openidsampleapp. web. usercontrols. openidloginform "%> openid: <asp: textbox id =" openid_identifier "runat =" server "/> <asp: button id = "loginbutton" runat = "server" text = "login" onclick = "loginbutton_click"/> <! -- Begin ID selector --> <SCRIPT type = "text/JavaScript"> <! -- Idselector_input_id = "<% = openid_identifier.clientid %>"; --> </SCRIPT> <SCRIPT type = "text/JavaScript" id = "script1" Src = "https://www.idselector.com/selector/acd9fbc926f4707be4d6a05b400fe40de1f31449" charset = "UTF-8"> </SCRIPT> <! -- End ID selector --> <br/> <asp: checkbox id = "chkrememberme" runat = "server" text = "Remember me. "/> <asp: customvalidator runat = "server" id = "openidvalidator" errormessage = "invalid openid format" controltovalidate = "openid_identifier" enableviewstate = "false" onservervalidate = "login"/> <asp: label id = "loginfailedlabel" runat = "server" enableviewstate = "false" text = "Logon Failed" visible = "false"/> <asp: label id = "logincanceledlabel" runat = "server" enableviewstate = "false" text = "cancel Logon" visible = "false"/>
	5. The code under the logon button, provided by Scott hanselman's, basically tells the openid library that the user's email and nickname are required. Protected void loginbutton_click (Object sender, eventargs e) {If (! Openidvalidator. isvalid) return; // If the custom verification fails, the user will not log on. Openidrelyingparty openid = new openidrelyingparty (); try {iauthenticationrequest request = openid. createrequest (openid_identifier.text); // verify your visitor with the supplier. Claimsrequest fetch = new claimsrequest (); fetch. nickname = demandlevel. require; fetch. email = demandlevel. require; request. addextension (FETCH); // savecookies (); // Save the ticket request on the website. redirecttoprovider ();} catch (openidexception ex) {// It may not be a valid openid. Openidvalidator. Text = ex. Message; openidvalidator. isvalid = false ;}}
	6..To handle the reply from the openid library, you can also choose whether to use openid to create an account, or directly check whether the user already exists with the ASP. NET member database on the website. If it does not exist, you can create a member account for the open user and use openid as their username. Protected void page_load (Object sender, eventargs e) {openid_identifier.focus (); openidrelyingparty openid = new openidrelyingparty (); If (openid. response! = NULL) {Switch (openid. response. status) {Case authenticationstatus. authenticated: // The following two variables are only used as the values of the following add Website user table fields. // create a membership [web. string email = ""; string alias = ""; claimsresponse fetch = openid. response. getextension ( Typeof (claimsresponse) as claimsresponse; If (fetch! = NULL) {alias = fetch. nickname; email = fetch. email;} If (string. isnullorempty (alias) alias = openid. response. claimedidentifier; If (string. isnullorempty (email) email = openid. response. claimedidentifier; // # region membership [web. config] // whether to add an open user to the website // If (membership. getuser (openid. response. claimedidentifier) = NULL) // {// membershipcreatestatus; // memb Ershipuser user = membership. createuser (// openid. response. claimedidentifier, // "123456", // email, // "This Is An openid account. What is a nickname? ", // Alias, // true, // out membershipcreatestatus); // If (membershipcreatestatus! = Membershipcreatestatus. success) {// loginfailedlabel. text + = ": the account cannot be added successfully:" + // membershipcreatestatus. tostring (); // loginfailedlabel. visible = true; // break; //} // user. comment = alias; // membership. updateuser (User); // use formsauthentication to notify ASP.. net. The user has logged on successfully. // use the openid ID as the user name. // # endregion formsauthentication. redirectfromloginpage (openid. response. claimedidentifier, chkrememberme. checked); break; Case authenticationstatus. canceled: logincanceledlabel. visible = true; break; Case authenticationstatus. failed: loginfailedlabel. visible = true; break ;}}}
	7. Test.

Added: Scott hanselman's blog

Http://www.codeplex.com/dasblog

Download Sample Code