I'm starting with OpenId using the dotnetopenid library and, so far, so good, but when I try to login, it shows me the following message:
This message has already been processed. This could indicate a replay attack in progress.
The first time I used my app it failed and, after that, the above message it is always returned.
How can I "logout" the user that I'm using for testing or how can I can clear the request so I can login/logout?
Thanks in advance! =)
The replay attack message is usually because you clicked Refresh on the browser while the the URL in your browser still has a bunch of OpenID parameters in it. Try clearing off everything after the ? mark, or just retype the URL and press enter. If that doesn't work, then try adding a question mark to the URL and pressing enter.
How to log off? DotNetOpenId defaults to using forms authentication, so you can sign the user off by calling FormsAuthentication.SignOut().
I found the problem, a seely problem as usual...
I was calling the GetResponse more than once, and that got me error message.
Sorry for the inconvenience and thanks for your answers =)
In some versions of dotnetopenauth you can also get:
This message has already been processed. This could indicate a replay attack in progress.
if your maxAuthenticationTime value is too low (which is obviously not related to the error in any way - but that is a different issue). I experienced this just today.
To increase this value, edit the config entry as shown at http://dotnetopenauth.net:8000/wiki/CodeSnippets/Configuration (I suggest setting to 0:10).