Storing a users OpenID and how to handle different provider urls

1
votes

I'm exploring OpenID for a new "hobby" project. Mostly just to learn how it works and have downloaded the DotNetOpenAuth samples and looked at the Nerddinner implementation.

And I have a couple of questions.

  1. What do you store locally to identify returning users (role management, their posts, whatever)? What I see is people using the ClaimedIdentifier which leads me to the next question.

  2. How do you handle users choosing another url for the OpenID?

If I use Google as my provider I can use "http://www.google.com/accounts/o8/id" as the url or I might use "http://www.google.com/profiles/username". In the DotNetOpenAuth relying party sample I get a different ClaimedIdentifier value when using the two.

www.google.com/accounts/o8/id?id=blahblahbla and www.google.com/profiles/

Looking at the stackoverflow.com login it seems to handle this and gets me to my account when using either one of the google urls or using facebook.

But the different OpenID providers have no knowledge of each other am I right?

Anyway I hope some of you clever people can help me understand :)

--

Christian

1
asp.net-mvc-2openiddotnetopenauth

1 Answers

1
votes

You want to use the FormsAuthentication methods to make asp.net keep the user logged in. You are simply using OpenId to validate a user name and password from a provider that you do not manage.

Yes, the claimed identifier is the token that identifies a user from an open id provider. If you want to assign more than one claimed identifier to your users, you just need to store all of their claimed identifiers in your database. Check which user is attached to that claimed identifier during the authentication process.