I am using the DotNetOpenAuth MVC relying party sample code (with some cosmetic changes) to integrate OpenId into an ASP.NET MVC application.
The code works great except for the following situation: when the relying party (my app) is a trusted site under IE, and I'm hitting that site from any location other then the host machine, the redirect to the OpenId provider hangs.
Specifically, the code reaches the point where the controller method is returning an ActionResult that redirects to the provider and then IE just sits there and cycles.
I know it is possible to support OpenId authentication in MVC even if the relying party is a trusted site because I tested out stackoverflow itself and it worked fine.
I used Fiddler to look at the traffic, and no request is ever made out to the provider when my application is a trusted site.
Any ideas?
The line in the sample DotNetOpenAuth code in question is:
return openid.CreateRequest(Request.Form["openid_identifier"]).RedirectingResponse.AsActionResult();
Update #1 In Fiddler, I can see that the controller action I am calling returns a 302 response with a location header for the redirect, but nothing at all happens after that. I retested with stackoverflow.com and with nerdbank.org and saw the exact same failing behavior on those two sites. I added both as trusted sites, completely closed out of IE, then when I went back to those sites I could NOT log in successfully.
I am running IE 8 on Windows 7. I can provide the full Fiddler logs if that is helpful.
Also, I've seen mention in various places that when a site is "trusted", IE blocks redirects to non-trusted domains.
Update #2
I added the open id provider to my trusted sites and now the redirect happens, so the login process works. So this really does seem to be a user agent (IE) issue.
Update #3
I found this link: link text
It seems to describe a similar problem. I followed the suggested resolutions and set both my trusted sites and regular internet zone to be in "Protected Mode" in IE. That seems to have resolved my issue.