I'd like to implement OpenID in a new application using ASP.NET 2.0 and SQL Server 2005.
I chosen Twitter, Facebook and Google as potential OpenID providers.
I've found the Twitter implementation in .NET and I was studying Google's OpenID implementation, but I want to make sure that my design is (mostly!) flawless.
Is my database schema correct? I've associated a Reader with an ProviderOpenID which contains only a nullable Name column. I store the OauthToken and use that at every request to gain access to his profile and verify the login. Am I missing something?
Can anyone tell me if there is an Open Source Library for the .NET implementation of the OpenID provider for Google? I found the following tutorial on Google but I don't understand how it works. Has anyone tried this? Is this the best way to do this?
Facebook and Twitter are not OpenID Providers. It looks like you've already found solutions to their proprietary mechanisms however. But I just wanted to clarify what it is and isn't.
Yes, Google is an OpenID Provider. And for ASP.NET 2.0 DotNetOpenId, which you linked to, is the way to go IMO. Don't mind the wiki (which was down at the time but is up now). That's to the new DotNetOpenAuth library which targets .NET 3.5. Since you're targeting .NET 2.0 specifically (is this intentional?) you need to go with the DotNetOpenId that is on the Google Code project site (http://dotnetopenid.googlecode.com/) and ignore the "We've Moved" link, since that leads you to the .NET 3.5 library. What you want is DotNetOpenId v2.5.5. It comes with samples that show you how to get OpenID going.
Note that Google has a few peculiarities with how they do OpenID, the most notable of which is that typing "google.com" as the openid identifier doesn't work (currently). You have to type the longer https://www.google.com/accounts/o8/id
I think I was listening to a dotnetrocks podcast about the guy that wrote this tool authentication tool:
https://rpxnow.com/.
Related
I am trying to set up an IDP-Initiated SSO. I am helping out the IT department at the company I work at and do not have access to Active Directory right now (I am in intern doing IT in another department and they seem to think I can test without it).
The only data I need to get from AD is the user's login id, so in theory I don't think not having access to AD will be a problem...?
(Username should be the same as .NET's:
`Environment.UserName; ')
My task is to basically create a SAML token and send it to our RP (on another domain), who should take care of the rest.
Where can I start? I've not done something like this, so I'm sort of confused. I believe I just need to build a token and then post it, but I'm not sure how to begin. I've looked at some tutorials but they don't seem to fit my situation. If anyone has any tutorials on my specific case it would be much appreciated.
Thank you!
You've tagged this C# and .NET so looks like you live in the Microsoft world.
The normal way to do this is via ADFS and then configure your RP.
But you want to do IDP Initiated which is a SAML feature. What protocol does your RP support? There is no client-side Microsoft SAML support - although there are 3rd party tools.
Update
Suggest using ADFS - good example of how to configure here.
Years ago I wrote a 6 part tutorial on integrating a custom STS with the ADFS. Part 2 of that tutorial is on creating a custom STS.
http://www.wiktorzychla.com/2011/08/quest-for-customizing-adfs-sign-in-web.html
Note that the tutorial aims at WIF 4 that was a separate download at that time. Nowadays, WIF is integrated with .NET 4.5 so that some subtle details (namespaces etc) can vary.
Also note that WIF supports SAML 1.1.
I'm looking for SSO options for .NET/C# and so far came across OpenID and DotNetOpenAuth. Have yet to look into them in detail but just wanted to ask for some suggestions of what else I should consider.
I'm looking to implement SSO for Google & Facebook, and ideally it would be a single 3rd party library that supports both, trying to avoid manually implemented each one.
If you've dealt with this previously, please share the approach/tools used.
Thanks in advance!
OpenID and DotNetOpenAuth are by far your best options.
Helpful Link for DotNetOpenAuth
http://www.tkglaser.net/2012/03/single-sign-on-using-facebook-in-asp.html
EDIT: DotNetOpenAuth home:
http://www.dotnetopenauth.net/
Helpful Link for OpenID
http://www.hanselman.com/blog/TheWeeklySourceCode25OpenIDEdition.aspx
One other thing you might want to look into is the use of Azure ACS.
Here's an example enabling Windows Live and Facebook.
I've also used it against google credentials.
In this approach, you actually configure your application to interact only with Azure ACS, and configure which identity providers you want to enable through Azure's UI. So your application doesn't need to worry about each provider separately, and you could indeed add more providers without changing a single line of code in your application.
What the the Open source Library available in the C#.NET for the SSO.
Basically I want to connect with Google SSO then will further continue with other providers.
Check out: DotNetOpenAuth
Also, you may want to check the following links:
http://msdn.microsoft.com/en-us/library/ms972971.aspx
http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx
The Windows Identity Foundation (WIF) is Microsoft's official library for identity federation.
In your scenario you can also use Access Control Service (ACS) to federate identity with Google, Yahoo!, etc. All of them (and more) are supported out of the box.
Samples, documentation, etc. available here: http://claimsid.codeplex.com
If you have a bit more control over your servers, Shibboleth might be an option as well. It actually simplified a large portion of our application that serves thousands of users and it is well thought out, flexible, and scalable. Basically, define a directory that should be watched for credentials and Shibboleth takes care of the rest.
You should use DotNetOpenAuth, as stated in Kamyar's answer. If you want to see a whole implementation using DotNetOpenAuth and other series of auxiliary libraries, you should have a look at this article:
Integrating OpenID in ASP.NET Web Forms using DotNetOpenAuth
Does anyone have any examples or advice for how to go about using oAuth to provide the authentication mechanism for an API that should be publicly exposed?
Specifically I'm talking about being an oAuth provider for my own API, not integrating or authenticating with anyone else's API.
For example, I wish to be able to issue API keys to developers that they can use to authenticate and access my API, much in the same way Flickr does, and as far as I believe oAuth can support this, but I'm not sure how the solution would be structured?
It appears that DotNetOpenAuth has an example by the way of the OAuthSeviceProvider project in the Samples folder included in the distribution. It's written in WinForms and isn't cleanly written but definitely serves as a good starting point.
I have an Idea for a simple webApp that would cross-link information from Evernote to Google Calendar. I was able to find a good Evernote Quickstart project but I am now searching for something to start with to begins accessing Calendar. Please advise if you know any good resources with code samples that would show me how to do the dirty work (i mean the authetication either via OAuth/AuthSub).
From what I have read about using OAuth with Google, it seems that you have to have a registered domain - I need to be able to access the service from my laptop's development server, so I guess I must stick with AuthSub.
When I 'googled' for this topic I found many questions similar to mine, yet none of them has been answered in satisfactory way.
Thank you in advance for your help.
UPDATE: I'm starting to think that either I am missing something or nobody is using AuthSub in ASP.NET...
I've recently created a sample how to use Google OAuth in ASP.NET and Google using the Dotnet OpenAuth library:
Using Google OAuth in asp.net
I hope this sample helps :)
Dominik
UPDATE March, 2015
By April 20th, Google will no longer support this api - Therefore I needed to migrate to OIDC. See my recent article here:
OIDC lightweight library for asp.net
In order to use OAuth, you must register your domain with Google at the following page: https://www.google.com/accounts/ManageDomains. This registration will give you the credentials you need to sign your OAuth requests. However, you could still specify a different oauth_callback url in the user authorization url. So the registered domain is not related to the oauth_callback.