tags:

views:

188

answers:

1
+5  Q: 

Why isn't information about the openID user coming through the protocol?

I am using DotNetOpenAuth to integrate openID in our web application. The code below requests the information to the provider. 

try
{
  var req = openid.CreateRequest(Request.Form["openid_identifier"]);
  req.AddExtension(new DotNetOpenAuth.OpenId.Extensions.SimpleRegistration.ClaimsRequest
  {
    Email = DotNetOpenAuth.OpenId.Extensions.SimpleRegistration.DemandLevel.Require,
    FullName = DotNetOpenAuth.OpenId.Extensions.SimpleRegistration.DemandLevel.Require,
    Nickname = DotNetOpenAuth.OpenId.Extensions.SimpleRegistration.DemandLevel.Request,
    PostalCode = DotNetOpenAuth.OpenId.Extensions.SimpleRegistration.DemandLevel.Request
  });

  return req.RedirectingResponse.AsActionResult();
}

For some reason the response from the openID provider never comes with the information I am requesting. Below is the code:

// Stage 3: OpenID Provider sending assertion response
switch (response.Status) {
  case AuthenticationStatus.Authenticated:
    Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay;
    FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
    if (!string.IsNullOrEmpty(returnUrl)) {
       return Redirect(returnUrl);
    } else {
       return RedirectToAction("Index", "Home");
    }

I have tried: response.ClaimedIdentifier in a million ways and it never has valuable information that I can do something with. Any ideas?

+5  A: 

The IAuthenticationResponse.ClaimedIdentifier property never contains these attributes that you're requesting. It only contains the "username" of the OpenID user.

You're sending the request perfectly. Just add a bit to your handling of the positive response:

// Stage 3: OpenID Provider sending assertion response
switch (response.Status) { 
  case AuthenticationStatus.Authenticated:
    Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay; 
    FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
    var sreg = response.GetExtension<ClaimsResponse>();
    if (sreg != null) { // the Provider MAY not provide anything
      // and even if it does, any of these attributes MAY be missing
      var email = sreg.Email;
      var fullName = sreg.FullName;
      // get the rest of the attributes, and store them off somewhere.
    }
    if (!string.IsNullOrEmpty(returnUrl)) {
      return Redirect(returnUrl);
    } else {
       return RedirectToAction("Index", "Home");
    }
  break;
  // ...
Andrew Arnott  2009-09-08 14:28:56
Hi Andrew: Thanks very much it works. Google gives back the email, Yahoo does not. I appreciate your help.
Geo  2009-09-08 18:04:12
Yahoo should be now... they just upgraded to support it.
Andrew Arnott  2010-01-15 16:45:04

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?