tags:

views:

318

answers:

1
+1  Q: 

DotNetOpenAuth 3.4: calls to Yahoo! stop returning responses, sometimes affects Google too.

  • DotNetOpenAuth 3.4.1.10044
  • Windows 7 (64-bit)
  • VS 2008 SP1, .NET 3.5, C#
  • Windows Azure

ASP.NET code behind fragment around OpenID call:

OpenIdRelyingParty rp = new OpenIdRelyingParty(null);
string discoveryUri = "";
if (provider == "google") {
    discoveryUri = "https://www.google.com/accounts/08/id";
    Application.Set("Provider", "Google");
} else if (provider == "yahoo") {
    discoveryUri = "https://me.yahoo.com";
    Application.Set("Provider", "Yahoo");
}
try {
    string openIdUri = Request.Url.ToString();
    var b = new UriBuilder(openIdUri) { Query = "" };
    Response.Write("OpenId_Click: Request.Url = " + Request.Url);
    var req = rp.CreateRequest(discoveryUri, b.Uri, b.Uri);
    Response.Write("OpenId_Click: discoveryUri = " + discoveryUri);
    try {
        req.RedirectToProvider();
    } catch (ThreadAbortException tae) {
        string taem = tae.Message;
    }
} catch (Exception ex) {
    string s = ex.Message;
}
rp.Dispose();

I have the following (3) behaviors:

When I first start ASP.NET (Azure Development Storage), if I authenticate against Yahoo!, it is successful. If I try to authenticate against Yahoo! A minute later, the call to RedirectToProvider never returns a response. After that, additional calls to Google and Yahoo! Do not return a response.

When I first start ASP.NET, if I authenticate against Google, it is successful. If I try to authenticate against Google again a minute later, the call to RedirectToProvider is successful without asking me for my username/password. (I did not check the remember-me checkbox.) After that, additional calls to Google remain successful. (Google seems to cache the results of the first request.) If I then authenticate against Yahoo! the call to RedirectToProvider never returns a response. If I switch back to Google, again I am successful without asking me for my username/password.

When I first start ASP.NET (Azure Development Storage), if I authenticate against Yahoo!, it is successful. If I try to authenticate against Google a minute later, the call to RedirectToProvider never returns a response.

There is no obvious failure (other than the usual ThreadAbortException noise that seems to occur whether or not the calls are successful).

Any ideas around what might be happening?

Here is some trace information from the third case where Yahoo! Is succesful, then Google is not:

Synch Queue Created with a single Message ==> Busy : Information[WaWebHost.exe] DotNetOpenAuth, Version=3.4.1.10044, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Reporting will use isolated storage with scope: User, Domain, Assembly
[WaWebHost.exe] HTTP GET https://me.yahoo .com/
[WaWebHost.exe] X-XRDS-Location found in HTTP header.  Preparing to pull XRDS from https://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
[WaWebHost.exe] HTTP GET https://open.login.yahooapis.com/openid20/www.yahoo.com/xrds
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://open.login.yahooapis.com/openid/op/auth
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/server
        http://specs.openid.net/extensions/pape/1.0
        http://openid.net/sreg/1.0
        http://openid.net/extensions/sreg/1.1
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/oauth/1.0
        http://specs.openid.net/extensions/ui/1.0/lang-pref
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
        http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
        http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf
        http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Performing discovery on user-supplied identifier: https://me.yahoo.com/
[WaWebHost.exe] Creating authentication request for user supplied Identifier: https://me.yahoo.com/
[WaWebHost.exe] Preparing to send CheckIdRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending message: CheckIdRequest
[WaWebHost.exe] Redirecting to https://open.login.yahooapis.com/openid/op/auth?openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fme.yahoo.com&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Incoming HTTP request: GET http://127.0.0.1:5100/OpenId.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fme.yahoo.com&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fme.yahoo.com&openid.claimed_id=https%3A%2F%2Fme.yahoo.com%2Fa%2FXLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--%23afa8c&openid.identity=https%3A%2F%2Fme.yahoo.com%2Fa%2FXLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.assoc_handle=kCG5j8w0Czja2yJ.JumEVy3SNaHp4aZQ4AdjguIo.OU2SrcpQsEtBxiZvqP_wP9Yf03KI_eOet5.Qsbv2Ov7MXEyGdVP4b4p4Cewoent7pmFNBxanpkYCg_W_zvJXkUo&openid.response_nonce=2010-03-04T19%3A48%3A00ZT3svYxSveINSAkkLdpO.IApS8NhEBBSdLQ--&openid.signed=assoc_handle%2Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Csigned%2Cpape.auth_level.nist&openid.op_endpoint=https%3A%2F%2Fopen.login.yahooapis.com%2Fopenid%2Fop%2Fauth&openid.pape.auth_level.nist=0&openid.sig=mnpe8U7hLo3XBpUnmuX2tRgPwHA%3D
[WaWebHost.exe] Incoming request received: PositiveAssertionResponse
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Verifying incoming PositiveAssertionResponse message signature of: mnpe8U7hLo3XBpUnmuX2tRgPwHA=
[WaWebHost.exe] Preparing to send CheckAuthenticationRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending CheckAuthenticationRequest request.
[WaWebHost.exe] HTTP POST https://open.login.yahooapis.com/openid/op/auth
[WaWebHost.exe] Received CheckAuthenticationResponse response.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Verifying assertion matches identifier discovery results...
[WaWebHost.exe] HTTP GET https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
[WaWebHost.exe] X-XRDS-Location found in HTTP header.  Preparing to pull XRDS from https://open.login.yahooapis.com/openid20/user_profile/xrds
[WaWebHost.exe] HTTP GET https://open.login.yahooapis.com/openid20/user_profile/xrds
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
    ProviderLocalIdentifier: https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c
    ProviderEndpoint: https://open.login.yahooapis.com/openid/op/auth
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/signon
        http://specs.openid.net/extensions/pape/1.0
        http://openid.net/sreg/1.0
        http://openid.net/extensions/sreg/1.1
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/oauth/1.0
        http://specs.openid.net/extensions/ui/1.0/lang-pref
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
        http://www.idmanagement.gov/schema/2009/05/icam/no-pii.pdf
        http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdf
        http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Received identity assertion for https://me.yahoo.com/a/XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--#afa8c via https://open.login.yahooapis.com/openid/op/auth.
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] Incoming HTTP request: GET http://127.0.0.1:81/OpenId.aspx?provider=Yahoo&[email protected]&userid=XLKt_2gxi_gDtLXSO4IyPi6gz3xDxA--
[WaWebHost.exe] Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.
[WaWebHost.exe] HTTP GET https://www.google.com/accounts/o8/id
[WaWebHost.exe] An XRDS response was received from GET at user-supplied identifier.
[WaWebHost.exe] Total services discovered in XRDS: 1
[WaWebHost.exe] [{
    ClaimedIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderLocalIdentifier: http://specs.openid.net/auth/2.0/identifier_select
    ProviderEndpoint: https://www.google.com/accounts/o8/ud
    OpenID version: 2.0
    Service Type URIs:
        http://specs.openid.net/auth/2.0/server
        http://openid.net/srv/ax/1.0
        http://specs.openid.net/extensions/ui/1.0/mode/popup
        http://specs.openid.net/extensions/ui/1.0/icon
        http://specs.openid.net/extensions/pape/1.0
},]
[WaWebHost.exe] Skipping HTML discovery because XRDS contained service endpoints.
[WaWebHost.exe] Performing discovery on user-supplied identifier: https://www.google.com/accounts/o8/id
[WaWebHost.exe] Creating authentication request for user supplied Identifier: https://www.google.com/accounts/o8/id
[WaWebHost.exe] Preparing to send CheckIdRequest (2.0) message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement applied to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
[WaWebHost.exe] Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
[WaWebHost.exe] Sending message: CheckIdRequest
[WaWebHost.exe] Redirecting to https://www.google.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.return_to=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.realm=http%3A%2F%2F127.0.0.1%3A5100%2FOpenId.aspx&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
+1  A: 

It looks like you're catching exceptions and not rethrowing them, which in the case of ThreadAbortException may be changing how it's supposed to work. I don't know if that's part of the problem, but it's just a thought.

Also, I notice you're using the request URL (whatever that is) as both the return_to and the realm. I recommend against allowing realm to be whatever the request URL is, as Google uses directed identity and if one user visits "login.aspx" and later the same user visits "Login.aspx" (capitalization different only) Google will see it as two different sites and send two different identities to you. You must ensure that "realm" is always the same from your site, capitalization and all.

As far as the intermittent redirect problem, I don't see anything that would cause that. The log suggests that the redirection is occurring. Although again your catching of the exception might be causing failures here. What do you get when the redirection doesn't happen?

Andrew Arnott  2010-03-07 21:21:51
Andrew, Thanks for the comments. I will look more closely to see if they help me...
Rich  2010-03-08 03:57:20
Andrew, your information about Google's use of directed identity was very useful.
Rich  2010-04-19 15:29:41

related questions

Openfire3.6.3 unable to connect to yahoo gateways
TXT->JSON with Yahoo! Pipes
Using a HTTPS Resource in Yahoo Pipes?
how to search for specific file type with yahoo search API?
how to get better suggestion(spelling) on yahoo boss?
A PHP API for retrieving Mail From Yahoo, GMail, Hotmail
YUI Checkbox Button - retrieving the checked value
Anyone know Yahoo Messenger Http Request?
Download Mail Attachments - Yahoo Webmail
Taking contact list from hotmail gmail yahoo in java ?
Legality of 3rd party IM APIs
Yahoo pipes - any way to combine items?
PHP APIs for Hotmail, Gmail and Yahoo?
Yahoo maps api, version 3.8 doesn't display custom image?
Are there white lists for Yahoo, Gmail, Hotmail and AOL?
To YUI or not to YUI?
Is there a programmatic interface to Yahoo! Messenger?
Can I speed up the YUI layout manager, when I have a large table on the page?
How can I set the focus inside the Yahoo Rich Text Editor
Yahoo GeoPlanet & XPathNavigator C#
Is there a good introductory tutorial for Yahoo! User Interface?
Avoid hanging when closing a Yahoo map with lots of markers
Nice Python wrapper for Yahoo's Geoplanet web service?
Does a YUI Compressor GUI App Exist?
API Yahoo India Maps