Hi there,
I'm building a web application using DotNetOpenAuth to do the authentication with OpenId and Google Accounts. My web application should not allow just any Google Account; instead I will have a table storing some allowed e-mail addresses, and if the user logs in with an e-mail contained in this table the login will succeed.
My problem is that users generally have more than one e-mail address connected to their Google Account (especially transitioned Google Apps users which often have domain aliases). I need to check all of them to see if the user is allowed to login.
I do the following to get the primary e-mail:
protected void openId_LoggedIn(object sender, DotNetOpenAuth.OpenId.RelyingParty.OpenIdEventArgs e) {
string test = e.Response.FriendlyIdentifierForDisplay;
var fetch = e.Response.GetExtension<FetchResponse>();
if (fetch != null) {
string eMail = fetch.GetAttributeValue(WellKnownAttributes.Contact.Email);
var usr = db.SystemOperators.SingleOrDefault(so => so.EMailAddress == eMail);
if (usr != null) {
FormsAuthentication.RedirectFromLoginPage(usr.EMailAddress, false);
}
}
}
protected void openId_LoggingIn(object sender, DotNetOpenAuth.OpenId.RelyingParty.OpenIdEventArgs e) {
var fetch = new FetchRequest();
fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
e.Request.AddExtension(fetch);
}
The FetchResponse does not return a collection of addresses, just the primary. Anyone have any ideas?
Thanks in advance!