Does anybody know of the best (or any) tutorial for OpenID either with or without RPX in a WinForm (.net 2.0 and C#)?
A:
Since WinForms is a client-side interface, and OpenID requires that you actually run a web server, you'll probably want to just set up a web application somewhere that does the OpenID authentication, then returns some sort of attestation to your application asserting that the user has logged in. Then embed a browser control so the user can log in through this web application.
Note that this won't buy you any security if the user has control of the terminal - they can redirect requests to a fake server under their control, hack the binary, etc. So I'm not really sure how this will be useful in the end :)
bdonlan
2009-05-07 05:21:52
A:
The Open ID protocol is not something you can just invoke from anywhere. It relies on web browser redirects to send the user to the provider's login page and back to the relying party.
If you think about it, trying to use Open ID from a client app doesn't make much sense. Open ID relies on the user trusting their web browser, so when they are redirected to their Open ID provider's login page, they can look at the URL and be assured they are entering their credentials to a trusted party.
OTOH, users do not trust your Winforms app. If you implement a login page as a WinForm, how will they know to trust your app with their credentials?
The only way to do this in a WinForms app is to embed a web browser control into your login form, but I think it might be a challenge to communicate with it to get the authentication information out.
DSO
2010-01-13 18:26:52
A:
Ditto what the other answerers who have discouraged embedding OpenID in an app have said.
But I'll add: you should look at OAuth. It very likely is exactly what you're looking for, and is actually designed for apps to authenticate to web service with.
Andrew Arnott
2010-01-14 14:35:37