tags:

views:

36

answers:

2
Q: 

Should I use the Uri class to represent an OpenId identifier in .NET?

Is it appropriate to use the .NET Uri class to handle OpenId identifiers in my code? Or am I better off just using a string?

EDIT: The reason for my question is that I want to know the best data type to use for OpenId identifiers in the domain and persistence layers of my application. I'm using DotNetOpenAuth at the web presentation layer, so it makes sense to use the DotNetOpenAuth Identifier class there.

At the lower tiers of my application, I'd like to limit dependencies on external libraries and datatypes if possible. So I was wondering whether System.Uri was up to the job.

+2  A: 

You should use DotNetOpenAuth's Identifier class, since that supports both URI and XRI OpenID identifiers, whereas the System.Uri class only supports URI identifiers. The Identifier class's Equals methods is implemented to be case sensitive for the areas where that is important, and case insensitive for the other areas.

Yes, you can alter an XRI by prefixing it with an xri:// scheme and shove it into a Uri instance, but the OpenID spec specifies that the xri:// scheme is not considered in the canonical form, and should not be present for most operations.

Andrew Arnott  2010-01-14 14:38:16
Aha! So it does make a difference. Good to know. I'll use the DotNetOpenAuth Identifier class. Thanks!
dthrasher  2010-02-05 16:22:16
It turns out that nowadays it's even more important to use the `Identifier` class and avoid the `Uri` class. The reason is that .NET's `Uri` class performs some transformations on OpenIDs that invalidate them in some cases. `Identifier` can take very special steps to make sure these transformations do not impact you.
Andrew Arnott  2010-03-27 21:09:13
+2  A: 

It looks like version 2.0 has no new plans with format besides adding XRI (Extensive Resource Identifier, xri://), so there is no reason not to parse them and have a Uri, as you will get all the added features of the Uri class

Starting with OpenID Authentication 2.0 (and some 1.1 implementations), there are two types of identifiers that can be used with OpenID: URLs and XRIs. There are two ways to obtain an OpenID-enabled URL that can be used to log into all OpenID-enabled websites. To use an existing URL under one's own control (such as one's blog or home page). One can insert the appropriate OpenID tags in the HTML[8] or serve a Yadis document.[9] The second option is to register an OpenID identifier with an identity provider. They offer the ability to register a URL (typically a third-level domain, e.g. example.example.com) that will automatically be configured with OpenID authentication service.

Chris S  2010-01-14 16:31:27
Good point. Gah! I can't believe I forgot about XRIs. Of course. I've updated my own answer to knock out the user of System.Uri as a possibility, since the xri:// prefix necessary on XRIs to get them to fit inside the System.Uri class is non-canonical form.
Andrew Arnott  2010-01-15 16:48:33

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?