OpenID领域是否必须是网站的基本URL?

时间:2012-10-11 02:31:52

标签: c# asp.net .net openid dotnetopenauth

作为this question的延续,我遇到了dotnetopenauth的问题。

基本上,我想知道RP中指定的领域是否必须是应用程序的实际基本URL?那就是(http://localhost:1903)?鉴于现有的体系结构,很难删除重定向 - 我尝试将域设置为基础OpenId控制器(http://localhost:1903/OpenId)并手动测试确实生成了XRDS文档。但是,应用程序似乎冻结,EP日志显示以下错误:

2012-10-10 15:17:46,000 (GMT-4) [24] ERROR DotNetOpenAuth.OpenId - Attribute Exchange extension did not provide any aliases in the if_available or required lists.

代码:

依赖方:

public ActionResult Authenticate(string RuserName = "")
{
UriBuilder returnToBuilder = new UriBuilder(Request.Url);
returnToBuilder.Path = "/OpenId/Authenticate";
returnToBuilder.Query = null;
returnToBuilder.Fragment = null;

Uri returnTo = returnToBuilder.Uri;
returnToBuilder.Path = "/";
Realm realm = returnToBuilder.Uri;

var response = openid.GetResponse();

if (response == null) {
    if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) {

    } else {

    string strIdentifier = "http://localhost:3314/User/Identity/" + RuserName;
    var request = openid.CreateRequest(
        strIdentifier,
        realm,
        returnTo);

    var fetchRequest = new FetchRequest();
    request.AddExtension(fetchRequest);
    request.RedirectToProvider();
    }
} else {
    switch (response.Status) {
        case AuthenticationStatus.Canceled:
            break;
        case AuthenticationStatus.Failed:
            break;
        case AuthenticationStatus.Authenticated:
            //log the user in
            break;
    }
}

return new EmptyResult();

}

提供者:

public ActionResult Index()
{
    IRequest request = OpenIdProvider.GetRequest();

    if (request != null) {
        if (request.IsResponseReady) {
            return OpenIdProvider.PrepareResponse(request).AsActionResult();
        }

        ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
        return this.ProcessAuthRequest();
    } else {
        //user stumbled on openid endpoint - 404 maybe?
        return new EmptyResult();
    }
 }

public ActionResult ProcessAuthRequest()
    {
        if (ProviderEndpoint.PendingRequest == null) {
            //there is no pending request
            return new EmptyResult();
        }

        ActionResult response;
        if (this.AutoRespondIfPossible(out response)) {
            return response;
        }

        if (ProviderEndpoint.PendingRequest.Immediate) {
            return this.SendAssertion();
        }

        return new EmptyResult();
    }

1 个答案:

答案 0 :(得分:10)

你的问题的答案是“不”。领域可以是您站点的基本URL与return_to URL之间的任何URL。例如,如果您的return_to网址为http://localhost:1903/OpenId/Authenticate,则以下都是有效的域:

  • http://localhost:1903/OpenId/Authenticate
  • http://localhost:1903/OpenId/
  • http://localhost:1903/

以下是有效领域,给定上面的return_to:

  • http://localhost:1903/OpenId/Authenticate/(额外的斜杠)
  • http://localhost:1903/openid/(区分大小写!)
  • https://localhost:1903/(计划变更)

由于某些OpenID提供商(例如Google)会根据确切的域名网址为其用户发出成对唯一标识符,因此建议您的域名成为您网站的基本网址,以便最稳定(重新设计您的网站不会更改)。强烈建议如果它可以是HTTPS,那么你可以使HTTPS成为HTTPS,因为它允许你的return_to是HTTPS,并且在某种程度上更安全​​(它可以缓解DNS中毒攻击)。

日志中出错的原因是您的RP为OpenID身份验证请求创建并添加了FetchRequest扩展名,但您尚未使用您请求的任何实际属性初始化FetchRequest。 / p>

我无法告诉你为什么你的应用程序冻结了,但是你已经提供了这些信息。

相关问题
最新问题