Implementing OpenID (DotNetOpenAuth) with Classic ASP

3
votes

I've spent countless hours reading through documentation all over the place and I'm still having a problem with implementing the Classic ASP samples provided in the the latest version of DotNetOpenAuth (3.4.5.10202).

Specifically, I'm not sure what values I need to change in the login.asp in order to see if it works / will work for me. For the code below, if I want to use Google as the OpenID provider, do I change requestURL to www.google.com/accounts/o8/id or www.google.com/accounts/o8/ud? (stackoverflow new user hyperlink limit :/ )

`realm = "http://" + Request.ServerVariables("HTTP_HOST") + "/classicaspdnoi/"
thisPageUrl = "http://" + Request.ServerVariables("HTTP_HOST") + Request.ServerVariables("URL")
requestUrl = "http://" + Request.ServerVariables("HTTP_HOST") + Request.ServerVariables("HTTP_URL")`

I'm really having a tough time with this and have spent about 8 hours more in research (i.e. googling till my fingers bleed and trying to digest thousands of pages of documentation on everything from OpenID to Federated login) than I had to spend.

Any advice or direction would be greatly appreciated.

BTW, I've seen this post, but there isn't a lot of documentation for Classic ASP implementation outside of the text in the sample files.

1
iisasp-classicopeniddotnetopenauth
This doesn't make sense to me. Using the Classic ASP sample code, I have been previously entering my gmail credentials. On a whim after reading this post, I decided to try something stupid like inserting the Google URL www.google.com/accounts/o8/id. What do you know... it directed me to google asking if I wanted to allow my site to authenticate, then redirected me back to the calling page with a dozen querystring name/value pairs. Ugggh. Progress. But it doesn't feel like it.Brian

1 Answers

0
votes

You're on the right track. Google's OP Identifier (which is what you must enter to do a Google login) is https://www.google.com/accounts/o8/id

  • realm is the URL to your home page
  • thisPageUrl is the URL that the Provider should redirect the user back to after the user logs into the Provider.
  • 'requestUrl' is the full URL of the current incoming request, including query string. It may be carrying an OpenID response.

So the only URL you likely need to change is the realm variable.

Since you say you're getting a response back from Google already with a bunch of stuff in the query string, the code that processes that response should kick in. You may want to customize the actual login code (the part that sets Session variables) to whatever you site needs.

The classic ASP COM server in DotNetOpenAuth v3.4.5 does actually enable you to get a Google user's email address. You do need to modify the sample slightly:

-redirectUrl = dnoi.CreateRequestWithSimpleRegistration(Request.Form("openid_identifier"), realm, thisPageUrl, "nickname,email", "fullname")
+redirectUrl = dnoi.CreateRequestWithSimpleRegistration(Request.Form("openid_identifier"), realm, thisPageUrl, "", "email")

This should do it. If not, it may be that Google requires RP discovery to succeed. RP Discovery is a good thing to make work anyway. The directions to do it are at http://blog.nerdbank.net/2008/06/why-yahoo-says-your-openid-site.html. Note though that classic ASP wasn't the audience I had in mind when writing the post, so you may need to adapt some techniques a bit.