DotNetOpenAuth & MvcOpenID - Works locally but not on production server?

2
votes

I'm implementing OpenID with an MVC app and pretty much uses the MvcOpenID on CodePlex (http://mvcopenid.codeplex.com/), which also implements DotNetOpenAuth. My site work well locally, but somehow it doesn't work when deployed to my server. When tracing it with Firebug, it says "Failed to load http://www.kennysax.com/User/Login/ ...", but again, it worked locally, just localhost vs. my domain name.

If you want to check out, you can visit my site (http://www.kennysax.com - just a personal blog) and login with an supported OpenID provider...

Thanks.

1
asp.net-mvcopeniddotnetopenauth
WhenI navigate to kennysax.com/User/Login it seems to work fine. No js errors reported in FireBug. - Darin Dimitrov
Darin, were you able to login? I know there aren't any error with js, code, etc.. because it works locally! Thanks. - Saxman
I didn't see any error, but there was no visual cue that I was logged in either -- it just looked like the original login page. - Andrew Arnott
Yah, then it's not working :) That's what I'm also getting, I should be redirected to a registration page and the "Login" menu button should display user information instead. :( Not sure what is going on as I can't debug the code on the server, and my local code is working correctly! - Saxman

1 Answers

2
votes

It confused the heck out of me, luckily, I was able to remote to my production machine, run the stock MVCOpenId project, step through the debug and see the error. The error was This message has already been processed. This could indicate a replay attack in progress, and it seems to be related to a setting on DotNetOpenAuth (I wish I could some how see that message without having to debug the code!). A setting in the web.config solved it, change the maxAuthenticationTime to 0:10:

<openid maxAuthenticationTime="0:10" ... ...

Thanks all for looking.