tags:

views:

485

answers:

1
+3  Q: 

Implementing OpenID: identifying users

Company I work for wants to publish an internal website to the outside world, but also wants to identify the visitors in some easy way. Some functionality will be visible for all visitors but most must be visible for authenticated visitors. (And some functionality is restricted to admin-visitors.) While management is considering to implement our own authentication system, I've suggested to just use an existing technology that's already available and which keeps the management of usernames/passwords away from us. (Because we're just amateurs when we're talking about security. The authentication needs to be very good.)

So I started with OpenID from Google and examined the library that they provide. Looks easy to use and I can get tokens that tell me that a user is authenticated. But how do I identify this user so I can link our profile information to his ID/Token/Whatever?

I know I'm missing something so to keep it simple: I just need some example that shows how to authenticate the visitor with Google and then get some token back that I can use to link to this user forever. (So, no session token.) This token could then be used for the user to fill in his/her profile.

+2  A: 

Since your tags suggest you're language is C#, I recommend DotNetOpenAuth. It is free, and includes samples that will show you how to get your token (in OpenID terms it's called a Claimed Identifier) that you can use to distinguish between users.

To get the Claimed Identifier (the permanent identifier you're looking for), if you're using the OpenIdTextBox or OpenIdLogin control just handle its LoggedIn event and get the e.ClaimedIdentifier property. If you're doing it programmatically (no controls), the OpenIdRelyingParty.GetResponse() method returns an IAuthenticationResponse interface that has a ClaimedIdentifier property on it you can get.

Then you can implement a ASP.NET RoleProvider (pretty trivial, really) that will allow some OpenID Claimed Identifiers to belong to an admin role, allowing your standard ASP.NET authorization techniques to progressively lock out individuals based on how they've authenticated.

Andrew Arnott  2009-06-19 13:46:10
You do realize that you link to the same site that's mentioned in my question? And yes, I know it's trivial but somehow I've failed to discover how I can get a permanent identifier or whatever to link the OpenID account to my own user database.
Workshop Alex  2009-06-19 19:26:20
Whoops. :) Sorry, I didn't check that link... just assumed it was to a generic openid.net site. I've updated my answer to include more detail about getting the permanent identifier you need.
Andrew Arnott  2009-06-20 18:42:06
Thanks! Exactly the thing I was missing. :-)
Workshop Alex  2009-06-22 09:05:47

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?