tags:

views:

39

answers:

2

How do I make it so the returnTo url after someone signs in with their openId provider is requested with POST instead of GET?

I have a form that someone must be logged in for the POST to work. When they press submit it redirects them to the login page and they choose their OpenID provider. After successfully choosing and authenticating with their openID provider, it requests the page it was originally trying to request, except with GET.

+1  A: 

I don't think it is possible. Here I found a related post: Response.Redirect with POST instead of Get?

rodrigoap
+1  A: 

It sounds like you want the authentication response to be POSTed to your RP instead of with GET. The OpenID spec doesn't allow for the RP to mandate a POST instead of a GET. In fact, GET is generally considered preferable to POST since it's faster and doesn't tend to pop up warning dialogs to the user if the OP is an HTTPS endpoint and the RP is an HTTP endpoint.

But I'm dying to know why you need to have the authentication response POSTed. Is it because your return_to URL includes the original form data that the user was trying to post to the RP, and which now must be delayed until after authentication has completed? If so, I suggest you rethink your design. Consider a user experience where the user must sign in, on the form, but before posting the form.

Like this sample: http://samples.dotnetopenauth.net/v3.3/OpenIdRelyingPartyWebForms/ajaxlogin.aspx

Andrew Arnott
yea you were right about the return_to URL containing the original form data, I'll rethink my design.
Kyle