OpenID for ASP.NET MVC, A Quick Setup

Posted On: September 23rd, 2010

I went around the internet looking for a quick tutorial setting up DotNetOpenAuth for a project. No big surprise everything I ran into was either too confusing to follow or filled with useless information.

If you need to get your ASP.NET MVC website setup with some basic OpenID Authentication, I can help get you started. All you need is a DLL, a view, and two controller actions.


First download the latest DotNetOpenAuth and extract the zip file. Let’s start.


Add DotNetOpenAuth-X.X.X.XXXXX/Bin/DotNetOpenAuth.dll to your project references. (DotNetOpenAuth.dll is the only runtime dependency you will need; everything else is described in the README.Bin.html.)


Let’s create the authentication page, what’s important here is the form, add something like this to your login page:

<form action="/Authentication/Authenticate" method="post">
  <label for="openid_identifier">OpenID: </label>
  <input id="openid_identifier" name="openid_identifier" />
  <input type="submit" value="Login" />
</form>

There are a lot of good plugins, that have images to pre-populate this one input field.


Two key things to note here, openid_identifier and the form action attribute.


openid_identifier: is a url to an openID provider an example of this is: Google (https://www.google.com/accounts/o8/id), Yahoo (http://yahoo.com/), MyOpenID (http://myopenid.com/), etc


The form action attribute is the url to your controller action. In this case using the basic routing, I have a Controller called AuthenticationController in my Controllers folder, with an action of Authenticate. Hence, /Authentication/Authenticate.


The last step, writing the login and logout actions.

So how does this login action work? We need to send a request to our openid_identifier and receive a response with what’s called a ClaimedIdentifier.


ClaimedIdentifier: is the constant unique identifier provided from the openID provider, we use this to connect an openID user to a user account on your website, remember though one user can have many openIDs’.


This is what the code would look like, go ahead and add it to your controller and look over the comments and code:

private static OpenIdRelyingParty openid = new OpenIdRelyingParty();

/// <summary>
/// Authentication/Login post action.
/// Original code concept from 
/// DotNetOpenAuth/Samples/OpenIdRelyingPartyMvc/Controller/UserController
/// for demo purposes I took out the returnURL, for this demo I 
/// always want to login to the home page.
/// </summary>
[ValidateInput(false)]
public ActionResult Authenticate() {
    var response = openid.GetResponse();
    var statusMessage = "";
    if (response == null)
    {
        Identifier id;
        //make sure your users openid_identifier is valid.
        if (Identifier.TryParse(Request.Form["openid_identifier"], out id))
        {
            try
            {
                //request openid_identifier
                return openid.CreateRequest(Request.Form["openid_identifier"])
                    .RedirectingResponse.AsActionResult();
            }
            catch (ProtocolException ex)
            {
                statusMessage = ex.Message;
                return View("Login",statusMessage);
            }
        } 
        else
        {
            statusMessage = "Invalid identifier";
            return View( "Login" , statusMessage);
        }
    }
    else
    {
        //check the response status
        switch (response.Status)
        {
            //success status
            case AuthenticationStatus.Authenticated:
                Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay;
                FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
				
                //TODO: response.ClaimedIdentifier, to login or create new account 
				
                return RedirectToAction("Index", "Home");
		
            case AuthenticationStatus.Canceled:
                statusMessage = "Canceled at provider";
                return View( "Login", statusMessage );
				
            case AuthenticationStatus.Failed:
                statusMessage = response.Exception.Message;
                return View( "Login" , statusMessage );
        }
    }
    return new EmptyResult();
}

public ActionResult Login() {
    //display initial login page with form to call Authenticate Action
    return View();
}


Logging out is just as simple, add a link to /Authentication/Logout, and add this Action to your Controller:

public ActionResult Logout() {
    FormsAuthentication.SignOut();

    //redirect to logout success page in page /Authentication/Logout
    return Redirect();
}

Thats it, start your application and give it a shot!


Some similar source code can be found in the DotNetOpenAuth Samples folder under OpenIdRelyingPartyMvc. If you would like to also provide openID’s on your website I would recommend you look over the OpenIdProviderMvc Sample’s Project. It took me about two hours to fully intigrate it within my project.

10 Comments

  1. Great write-up. Thanks.
    You get bonus points for using ClaimedIdentifier as the username instead of the commonly misused FriendlyIdentifierForDisplay. :)

    Andrew Arnott (September 25th, 2010)

  2. Wow, that was way easy to setup. Thanks :D

    Anonymous (September 28th, 2010)

  3. OpenID for ASP.NET MVC, A Quick Setup – Andrew Kharlamov…

    Thank you for submitting this cool story – Trackback from DotNetShoutout…

    DotNetShoutout (October 10th, 2010)

  4. The Ohloh download service is discontinued. Please use this link, or NuGet, to get the latest DotNetOpenAuth release:
    http://www.dotnetopenauth.net/

    Andrew Arnott (January 17th, 2011)

  5. Much thanks for the awesome post. Just like you I’ve been browsing for around an hour trying to get this thing working, and your post made it all clear :)

    FelixMM (March 2nd, 2011)

  6. Great article! Do you know what the “openid_identifier” value for Facebook is?

    “openid_identifier: is a url to an openID provider an example of this is: Google (https://www.google.com/accounts/o8/id), Yahoo (http://yahoo.com/), MyOpenID (http://myopenid.com/), etc”

    Ian Davis (May 20th, 2011)

  7. This looks just like what I was looking for. Quick question though, is this all that’s needed or are additions required in the web.config?

    Gimble (October 1st, 2011)

  8. simply gr8!!! u saved my time… thanks a million!!! :)

    swapnil naik (February 21st, 2012)

  9. I think other website proprietors should take this site as an model, very clean and great user friendly style and design, as well as the content. You are an expert in this topic!

    numery (May 9th, 2012)

  10. Hello there, You have done an incredible job. I’ll certainly digg it and personally recommend to my friends. I’ve bookmarked it in my blog and google bookmarks. I am sure they’ll be benefited from this website.

    Anastasia Dunwiddie (May 16th, 2012)

TrackBack URL

Leave a comment

Thank you for visting my blog, Andrew Kharlamov. 2009-2013.