DotNetOpenAuth samples

Prerequisites:

Getting the samples running

Testing the relying party/provider samples with each other

In this scenario you can use the Personal Web Server (PWS) that is included in Visual Studio 2010.

  1. Open the DotNetOpenAuth.sln or Samples.sln file in VS2010.
  2. Right-click on each web project under the Samples folder and click "View in Browser" to start PWS for each web site.
  3. Each web project will be dynamicly assigned a port number.  Find the port number on the URL of the browser window for the Provider. 
  4. Now log into the Relying Party sample web site with this OpenID: http://localhost:providerport/user/bob.
  5. When the provider prompts you for a password, type in 'test'.

Testing with other relying party/provider sites on the Internet

Setting up the IIS Applications

Configure VS2010 to use IIS rather than PWS

  1. Right-click on one of the web projects within Solution Explorer.
  2. Select Property Pages.
  3. Select Start Options on the left.
  4. Under the Server section on the right, select Use Custom Server and fill in the Base URL.

The demos

These will illustrate OpenID in action. You can debug the code to get a good idea of what's going on. The implementations are built on top of ASP.NET's forms authentication. So basically if you're unauthenticated and get to page requiring authentication, it takes you through the OpenID identity provider, tracks in session that you've left and then recognizes the user when they return to the relying party and only then logs them into FormsAuth and redirects them to their originally requested page.

The Relying Party Demo

  1. Kill all session cookies
  2. Create an OpenID account with one of the Open Servers listed below OR use the demo Server as the identity provider - using http://[EXTERNAL IP]/OpenIdProviderWebForms/user/bob with the password 'test'
  3. Go to http://[EXTERNAL IP]/OpenIdRelyingPartyWebForms/default.aspx and enter the OpenIDURL
  4. You are required to authenticate with the provider. Some fields (eg Name, DoB, Country etc.) are requested, some required and some omitted. Your OpenID provider should prompt you for the relevant fields, or at least make you aware which fields its passing back. The exact page flow and auhentication mechanism will be implemented differently by different identity providers.
  5. After providing the required info and loggin in, you are taken back to the http://[EXTERNAL IP]/OpenIdRelyingPartyWebForms/default.aspx and the available profile information is displayed

The Provider Demo

  1. Kill all session cookies
  2. Get the full openID url for a user based on whats in web.config. By default you can use http://[EXTERNAL IP]/OpenIdProviderWebForms/user/bob with the password 'test'
  3. Go to http://[EXTERNAL IP]/OpenIdRelyingPartyWebForms/default.aspx and enter the OpenIDURL of the local server
  4. The user is prompted for their password. The username field is propulated from the openid url and grayed out.
  5. The user is presentend with their identity url, a trust root (the site requiring authentication) and set of fields to complete. Only the requested or required fields are presented. Fields with * means the consumer requires it.
  6. The user completes the fields and clicks Yes and are taken to http://[EXTERNAL IP]/OpenIdRelyingPartyWebForms/default.aspx with their available profile information.

Interesting classes and methods

Relying party

Provider

Development tips / Issues I found:

Here is a growing list of OpenID enabled sites to test with.

Good sites to test with if you're developing a relying party:

Good sites to test with if you're developing a server:

* These sites seem to block outgoing traffic that is not on a non standard HTTP port like 80 and 443. Therefore you'll need to host on a proper internet domain before doing any testing with them.

Useful tools: