claimsResponse Return Null

Question

hello i have a following code in asp.net. i have used DotNetOpenAuth.dll for openID. the code is under

protected void openidValidator_ServerValidate(object source, ServerValidateEventArgs args)
{
    // This catches common typos that result in an invalid OpenID Identifier.
    args.IsValid = Identifier.IsValid(args.Value);
}

protected void loginButton_Click(object sender, EventArgs e)
{
    if (!this.Page.IsValid)
    {
        return; // don't login if custom validation failed.
    }
    try
    {
        using (OpenIdRelyingParty openid = this.createRelyingParty())
        {
            IAuthenticationRequest request = openid.CreateRequest(this.openIdBox.Text);

            // This is where you would add any OpenID extensions you wanted
            // to include in the authentication request.
            ClaimsRequest objClmRequest = new ClaimsRequest();
            objClmRequest.Email = DemandLevel.Request;
            objClmRequest.Country = DemandLevel.Request;
            request.AddExtension(objClmRequest);

            // Send your visitor to their Provider for authentication.
            request.RedirectToProvider();
        }
    }
    catch (ProtocolException ex)
    {
        this.openidValidator.Text = ex.Message;
        this.openidValidator.IsValid = false;
    }
}

protected void Page_Load(object sender, EventArgs e)
{
    this.openIdBox.Focus();
    if (Request.QueryString["clearAssociations"] == "1")
    {
        Application.Remove("DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.ApplicationStore");

        UriBuilder builder = new UriBuilder(Request.Url);
        builder.Query = null;
        Response.Redirect(builder.Uri.AbsoluteUri);
    }

    OpenIdRelyingParty openid = this.createRelyingParty();
    var response = openid.GetResponse();
    if (response != null)
    {
        switch (response.Status)
        {
            case AuthenticationStatus.Authenticated:
                // This is where you would look for any OpenID extension responses included
                // in the authentication assertion.
                var claimsResponse = response.GetExtension<ClaimsResponse>();
                State.ProfileFields = claimsResponse;
                // Store off the "friendly" username to display -- NOT for username lookup
                State.FriendlyLoginName = response.FriendlyIdentifierForDisplay;
                // Use FormsAuthentication to tell ASP.NET that the user is now logged in,
                // with the OpenID Claimed Identifier as their username.
                FormsAuthentication.RedirectFromLoginPage(response.ClaimedIdentifier, false);
                break;
            case AuthenticationStatus.Canceled:
                this.loginCanceledLabel.Visible = true;
                break;
            case AuthenticationStatus.Failed:
                this.loginFailedLabel.Visible = true;
                break;

            // We don't need to handle SetupRequired because we're not setting
            // IAuthenticationRequest.Mode to immediate mode.
            ////case AuthenticationStatus.SetupRequired:
            ////    break;
        }
    }
}

private OpenIdRelyingParty createRelyingParty()
{
    OpenIdRelyingParty openid = new OpenIdRelyingParty();
    int minsha, maxsha, minversion;
    if (int.TryParse(Request.QueryString["minsha"], out minsha))
    {
        openid.SecuritySettings.MinimumHashBitLength = minsha;
    }
    if (int.TryParse(Request.QueryString["maxsha"], out maxsha))
    {
        openid.SecuritySettings.MaximumHashBitLength = maxsha;
    }
    if (int.TryParse(Request.QueryString["minversion"], out minversion))
    {
        switch (minversion)
        {
            case 1: openid.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V10; break;
            case 2: openid.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20; break;
            default: throw new ArgumentOutOfRangeException("minversion");
        }
    }
    return openid;
}

for above code I am always getting

var claimsResponse = response.GetExtension<ClaimsResponse>();

I am always getting claimsResponse == null. What is the reason why it happen. Is there any requirement which is required for openid like domain validation for RelyingParty?? please give me answer as soon as possible.

Answer 1

It looks like you're doing everything right. At this point it depends on the Provider you're using. Which one are you testing against? Some don't support Simple Registration (ClaimsRequest) at all. Others only support it for whitelisted RPs. Then others don't support it when your RP is at "localhost".

My advice: test against myopenid.com, as that seems to have good, consistent behavior and support for the Simple Registration extension. But your RP must always be prepared to receive null for ClaimsResponse, since you're never guaranteed the OP will give you anything.

Even if you get a non-null result, individual fields that you asked for (even if you marked them required) may be null or blank.

Answer 2

Also make sure that you have registered the information on your OpenID-account on the provider website, and allowed the information to be sent during the login process. I had the same problem using DotNetOpenAuth but it turned out the I hadn't entered the information on my myOpenID-account. Thought that the email address is always sent, but that is not the case even though the OpenID account is connected to a email address.

So on myOpenID make sure that you have a Registration Persona (Your Account->Registration Personas)