openid

Using OpenID for website Authentication

I'd like to implement OpenID in a new application using ASP.NET 2.0 and SQL Server 2005. I chosen Twitter, Facebook and Google as potential OpenID providers. I've found the Twitter implementation in .NET and I was studying Google's OpenID implementation, but I want to make sure that my design is (mostly!) flawless. Is my database sch...

How do I change authorization of a site on my Google Appspot OpenID?

When I tried to log in to Stack Overflow, I initially used my Google OpenID (which looks like this "http://openid-provider.appspot.com/login") but I accidentally clicked on deny. Now I can't log in with this OpenID at all. Is there any way I can change the authorizations on an account in the future? Thanks! ...

Should I store the connection scheme for an OpenID?

Should I store the connection scheme, http or https, for an OpenID when someone logs in into my web site? Or just what comes afterward: http://pupeno.com or pupeno.com? ...

DotNetOpenId — Getting replay attack failure with programmatic and web logins

I'm adding optional OpenID authentication to the system. Everything works smoothly with DotNETOpenID. Yet, I get an issue when: User logs into the web application using a standard login (FormsAutentication) User associates some OpenID with the account (we use programmatic OpenID logon here to get the claimed identity) User logs out of ...

Explaining security to non-technical managers.

I'm maintaining an Intranet website for my company that they want to expose to the big, bad outside World. Right now, it has no authentication or authorisation whatsoever. My idea to manage user accounts is by using existing technologies to validate user accounts and build an authorisation model on top of this. Existing techniques would ...

Zend_OpenId_Consumer login function hangs - even in the sample code

I've been trying to get a simple OpenId log-in working using first php-openId (Jain) and then the ZendFramework, and in both cases I run up against a similar problem. I'm using the example Zend code from step 38.2.2 of http://framework.zend.com/manual/en/zend.openid.consumer.html. I see the log-in page fine, but when I enter my openId, ...

How do I add checkid_immediate support to a JanRain phpopenid example server?

I'm using an OpenID server based on the JanRain phpopenid library. It's nothing special, simply patched to work with the Yubico onetime password generator. It authorizes fine, but fails the "Successful checkid_immediate" tests at the JanRain diagnosis tool. It says a setup required for checkid_immediate, but I'm not sure what that means....

Example usage of AX in PHP OpenID

I'm using JanRain's PHP OpenID library. It comes with example script which is using SReg extension. But I want it to work with Google (and it works for auth actually), but Google uses AX (attribute exchange) instead of SReg for additional data. For some reason, JanRain's library is missing AX support in example script, and code comments ...

Do you perform any validation on the OpenID URI?

When you are logging in a user using OpenID, do you perform any validation on the OpenID URI (or identifier)? Or do you just let the library handle it (like DotNetOpenAuth). ...

How to integrate OpenId with ASP.Net Membership in MVC

I am using the following code from MVC Storefront to test OpenId in MVC. How do I integrate it with my ASP.Net Membership so I can use roles and save a user name for the user in my tables? I believe that SO is also using something similar. public ActionResult OpenIdLogin() { string returnUrl = VirtualPathUtility.ToAbsolu...

How to integrate open ID Login

I want to integrate Open ID, Google and Yahoo login in my site, So please anyone can tell me the process of integration in ASP.NET. ...

Google Apps domain as OpenID provider

How can I make my Google Apps domain to be OpenID provider. Is there any documentation, tutorial, working example something? How to authenticate users in my own application using Google Apps domain authentication (I mean without OpenID). I've heard that it's something about gdata api but I don't know where to start. Are there any useful...

oAuth ASP.NET Membership Provider

Are there any recommended resources for implementing a custom membership provider that uses oAuth? The goal would be to have users to log into my ASP.NET MVC application using their existing oAuth credentials. After the user is authenticated, I'd then like to leverage the built-in ASP.NET authorization features. Thanks. ...

OpenId implementation for web services - need tips/help

Suppose I'm trying to implement OpenId for relying in my n-tier web site which uses web services. Please tell me if some steps seem strange. 1) I want the user to enter their OpenId url in a textbox. ex: http://vidalsasoon.myopenid.com 2) The user then clicks submit where the entered Url is sent to my web service using the OpenId api. ...

User sign-up with email verification, and authentication in Ruby

I'm trying to make a web app in Sinatra, and I was wondering if there was a good solution for user sign-up with email verification, as well as authentication - perhaps as rack middleware? OpenID support would be nice to have too. I suppose I can roll my own, but I didn't want to reinvent the wheel. If I have to do so, can anyone point m...

What personal information does an OpenID provider make available to the consumer?

The issue of a foremost interest is whether my email address gets transmitted to the consuming service. For example, if I use Google to login here to SO, does SO know my gmail address? Does he know my name I entered in gmail settingы to be used for outgoing mails? Does an OpenID provider transmit anything else? Now, the hammer questi...

PHP library for OpenID

About to start working on a social networking site, but I'd like to incorporate OpenID logins. The JanRain plugin is packed in Debian, but seems flakey, and my brief interactions with it so far have not gone well. There's a bunch of others out there, but which ones are people using in production? ...

ASP.NET MVC multi-site SSO using OpenID

I am putting a plan together for a series of sites that will share user account information among them. The idea is that once a user logs in using their OpenID, they can access any of the sites and it will know who they are. What are the common patterns/best practices that i could employ to achieve this? ...

OpenID in PHP 5.3

Does anyone have openid working in a PHP 5.3 installation? None of the libraries I've tried seem to be working. ...

Rpxnow.com works on localhost, but not on the 'net...

Hi. I'm using OpenID for my site using the free plan with rpxnow.com. I am able to make the site work on localhost, but when I deploy, I get an "unexpected api error" exception. The root cause seems to be that the 'status' field is returning something that is not 'ok'. Does anybody have insights on this problem or a solution? Thanks, ...