Author Archives: David Christiansen
DotNetOpenAuth v4.0 beta published to NuGet
DotNetOpenAuth v4.0 beta published to NuGet. OAuth2 distributed separately, soon. A full review of what’s new in v4.0 is currently being prepared however if you would like to check it out in the meantime you can by checking out our … Continue reading
DotNetOpenAuth: Debugging and Tracing OpenID and OAuth on ASP.NET (or MVC) using Glimpse
Synopsis: Understanding exactly what is happening under the hood when it comes to working with OpenID and OAuth can be challenging even for the seasoned IDM developer. What I have found to help, is being able to see the communications between all the p… Continue reading
Using DotNetOpenAuth with Root/Domain Level URL Rewriting
DotNetOpenAuth user Sean Lynch has just blogged about a recent a challenge he has overcome when using DotNetOpenAuth on applications that utilise domain level URL Rewriting/Domain Redirection. Sean writes; The problem that came from this setup was that DotNetOpenAuth determined … Continue reading
All the authentication you need…
DotNetOpenAuth is a C# library that adds OpenID 2.0 Provider and Relying Party, OAuth Consumer and Service Provider, and InfoCard Selector support to your web site both programmatically and through convenient drop-in ASP.NET controls. Use as much or little of … Continue reading
Feedback requested: New OpenID RP login UX prototype
Demo of Prototype http://openidux.dotnetopenauth.net/ Design considerations The DNOA login UX design document contains the design spec, and some of the reasoning that went into that design. One high-level goal of all this work is to produce a set of HTML, … Continue reading
DotNetOpenAuth announces support for the US Government ICAM OpenID Profile
The Open Identity Initiative seeks to leverage existing industry credentials for Federal use. The Initiative approves credentials for government use through our Trust Framework Providers who assess industry Identity Providers (IDPs). The Trust Framework Provider Adoption Process outlines the process … Continue reading
DNS poisoning + (Debian’s) weak HTTPS certificates
A recent security news bulletin revealed that Debian and derivative Linux operating systems have been generating extremely weak HTTPS certificates for years. As a result, OpenID relying party web sites may be vulnerable to a brute force HTTPS certificate plus … Continue reading
Security Features
Regular security features Full implementation of OpenID’s discovery, verification, and rediscovery requirements. HTTPS certificates are validated against CRL (certificate revocation list). XRI resolution using 100% HTTPS. XRIs resolve to CanonicalID (i-number) claimed identifiers. Replay protection when working with OpenID 1.x … Continue reading
