Stopping DotNetOpenAuth from redirecting the URL.

Question

Whenever a call is made to a RelyingParty, DotNetOpenAuth gives a redirect (as expected). This looks something like this ...

return request.RedirectingResponse.AsActionResult();

This works alright - but I'd like to catch it and put it in a dialog, not redirect the existing page. Is there any way to do this? I'm trying to use jQuery UI Dialog with $.post in jquery, and loading the content on the success function - but it keeps redirecting anyway.

            $("#openIdForm").submit(function () {
                $.post({
                    // Basic ajax request properties
                    url: 'user/LogOn',
                    data: $('#openIdForm').serialize(),
                    success: function (objResponse) {
                        // It's ignoring me! :( 
                        $('#dialog').load(objResponse).dialog('open');
                    }
                })
            }); 

I'm finally starting to get many of the pieces together, and I'm really liking DotNetOpenAuth since I solved the initial startup problems.

Answer 1

If your intention is to display the OpenID Provider's web site inside your jQuery dialog, the answer is you can't, and this isn't a DotNetOpenAuth limitation. This is because most (indeed all the good ones) Providers explicitly break out of iframes and redirect the entire page to help train their users to resist phishing attacks.

The closest you can achieve is to make the Provider's page appear in a popup window, which is something you certainly can do, and in fact the DotNetOpenAuth project templates (not just the samples) demonstrate how to do this.

It's a tricky thing to not let the redirect happen automatically (certainly possible though) because what do you want instead? a URL? That won't always work because some OpenID messages are too long for a URL, and a self-posting HTML form has to be sent to the browser to send the entire message, so if you take over this part of the flow you have to be prepared for that.