MVC 3 - DotNetOpenAuth OpenID not returning authenticated user

0
votes

I'm attempting to create a DotNetOpenAuth OpenID MVC 3 project but am unable to receive a users authentication status. My post method works fine but when the request returns to the HttpGet method, and I check the User.Identity.IsAuthenticated status it returns false when I have logged in successful to any openID provider.

I have enabled communication with localhost in the webconfig dotNetOpenAuth untrustedWebRequest which hasn't solved the problem, and I have spent hours searching for an answers to why a user is not being returned as an authenticated user.

There must be some logic error that would cause a user to not be returned form an openID provider as authenticated in my code but I can't find it.

Thanks for any response to my question!

My controller:

namespace DotNetOpenAuth_OpenID.Controllers
{
    public class UserController : Controller
    {
    private static OpenIdRelyingParty openid = new OpenIdRelyingParty();
    public IFormsAuthenticationService FormsService { get; set; }

    protected override void Initialize(RequestContext requestContext)
    {
        if (FormsService == null)
        {
            FormsService = new AuthenticationService();
        }

        base.Initialize(requestContext);
    }

    // **************************************
    // URL: /User/LogIn
    // **************************************
    [HttpGet]
    public ActionResult LogIn()
    {
        if (User.Identity.IsAuthenticated) <===== RETURNS FALSE
        {
            return RedirectToAction("Profile", "User");
        }

        Identifier id;
        if (Identifier.TryParse(Request.Form["openid_identifier"], out id))
        {
            try
            {
                var req = openid.CreateRequest(Request.Form["openid_identifier"]);
                return req.RedirectingResponse.AsActionResult();
            }
            catch (ProtocolException ex)
            {
                 //display error by showing original LogOn view
                //this.ErrorDisplay.ShowError("Unable to authenticate: " + ex.Message);
                return View("Login");
            }
           //return LogIn(new User { OpenID = id }, Request.Form["ReturnUrl"]);
        }
        return View("Login");
    }

    [HttpPost]
    public ActionResult LogIn(User model, string returnUrl)
    {

        string openID = ModelState.IsValid ? model.OpenID :       Request.Form["openid_identifier"];

        if (User.Identity.IsAuthenticated)
        {
            return RedirectToAction("Profile", "User");
        }
        else if (!string.IsNullOrEmpty(openID))
        {
            return Authenticate(openID, returnUrl);
        }
        else if (ModelState.IsValid)
        {
            ModelState.AddModelError("error", "The OpenID field is required.");
        }

        // If we got this far, something failed, redisplay form
        return View(model);
    }
1
asp.net-mvcopenid

1 Answers

0
votes

I was following an example that can be found at http://codesprout.blogspot.com/search/label/openid, and had not implemented all the code yet, which was why a user was never returned authenticated. I was missing the call to var response = openid.GetResponse() that was within another method called Authenticate in the controller. Another source for the entire code can be found at a Stack Overflow post here What OpenID solution is really used by Stack Overflow?