views:

566

answers:

1

I am trying to use the DotNetOpenId library to add OpenID support on a test website. For some reason it keeps giving me the following error when running on FireFix. Keep in mind that I am using localhost as I am testing it on my local machine.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy;
using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration;
using DotNetOpenAuth.OpenId.RelyingParty;

namespace TableSorterDemo
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            var openid = new OpenIdRelyingParty();
            if (openid.GetResponse() != null)
            {
                switch (openid.GetResponse().Status)
                {
                    case AuthenticationStatus.Authenticated:
                        var fetch = openid.GetResponse().GetExtension(typeof(ClaimsResponse)) as ClaimsResponse;
                        var nick = fetch.Nickname;
                        var email = fetch.Email;

                        break;
                }
            }
        }

        protected void OpenIdLogin1_LoggedIn(object sender, OpenIdEventArgs e)
        {
            var openid = new OpenIdRelyingParty(); 
            if(openid.GetResponse() != null)
            {
                switch(openid.GetResponse().Status)
                {
                    case AuthenticationStatus.Authenticated:
                        var fetch = openid.GetResponse().GetExtension(typeof (ClaimsResponse)) as ClaimsResponse;
                        var nick = fetch.Nickname;
                        var email = fetch.Email; 

                        break; 
                }
            }


        }

        protected void OpenIdLogin1_LoggingIn(object sender, OpenIdEventArgs e)
        {
            var openid = new OpenIdRelyingParty();
            var req = openid.CreateRequest(OpenIdLogin1.Text);
            var fetch = new ClaimsRequest();
            fetch.Email = DemandLevel.Require;
            fetch.Nickname = DemandLevel.Require; 
            req.AddExtension(fetch);
            req.RedirectToProvider();
            return; 
        }


    }
}

Also, if I run the same page in Chrome then I get the following:

Login failed: This message has already been processed. This could indicate a replay attack in progress.

+1  A: 

The replay attack detection results from you calling GetResponse() twice. You must not do that. Instead, assign the result of just one call to GetResponse() to a local variable, and then check it against null and use it otherwise.

Regarding you "No OpenID endpoint found" error, are you testing against a localhost OpenID as well or an OpenID hosted by an external party like Yahoo?

Andrew Arnott
I am testing against locahost OpenID.
azamsharp
Then make sure your RP's web.config file allows for localhost OpenIDs, as shown in this web.config file: http://github.com/AArnott/dotnetopenid/blob/master/samples/OpenIdRelyingPartyMvc/Web.config by the `<add name="localhost" />` tag.
Andrew Arnott