tags:

views:

36

answers:

2

Is it appropriate to use the .NET Uri class to handle OpenId identifiers in my code? Or am I better off just using a string?

EDIT: The reason for my question is that I want to know the best data type to use for OpenId identifiers in the domain and persistence layers of my application. I'm using DotNetOpenAuth at the web presentation layer, so it makes sense to use the DotNetOpenAuth Identifier class there.

At the lower tiers of my application, I'd like to limit dependencies on external libraries and datatypes if possible. So I was wondering whether System.Uri was up to the job.

+2  A: 

You should use DotNetOpenAuth's Identifier class, since that supports both URI and XRI OpenID identifiers, whereas the System.Uri class only supports URI identifiers. The Identifier class's Equals methods is implemented to be case sensitive for the areas where that is important, and case insensitive for the other areas.

Yes, you can alter an XRI by prefixing it with an xri:// scheme and shove it into a Uri instance, but the OpenID spec specifies that the xri:// scheme is not considered in the canonical form, and should not be present for most operations.

Andrew Arnott
Aha! So it does make a difference. Good to know. I'll use the DotNetOpenAuth Identifier class. Thanks!
dthrasher
It turns out that nowadays it's even more important to use the `Identifier` class and avoid the `Uri` class. The reason is that .NET's `Uri` class performs some transformations on OpenIDs that invalidate them in some cases. `Identifier` can take very special steps to make sure these transformations do not impact you.
Andrew Arnott
+2  A: 

It looks like version 2.0 has no new plans with format besides adding XRI (Extensive Resource Identifier, xri://), so there is no reason not to parse them and have a Uri, as you will get all the added features of the Uri class

Starting with OpenID Authentication 2.0 (and some 1.1 implementations), there are two types of identifiers that can be used with OpenID: URLs and XRIs. There are two ways to obtain an OpenID-enabled URL that can be used to log into all OpenID-enabled websites. To use an existing URL under one's own control (such as one's blog or home page). One can insert the appropriate OpenID tags in the HTML[8] or serve a Yadis document.[9] The second option is to register an OpenID identifier with an identity provider. They offer the ability to register a URL (typically a third-level domain, e.g. example.example.com) that will automatically be configured with OpenID authentication service.

Chris S
Good point. Gah! I can't believe I forgot about XRIs. Of course. I've updated my own answer to knock out the user of System.Uri as a possibility, since the xri:// prefix necessary on XRIs to get them to fit inside the System.Uri class is non-canonical form.
Andrew Arnott