Category Archives: DotNetOpenAuth
Feedback requested: New OpenID RP login UX prototype
Demo of Prototype http://openidux.dotnetopenauth.net/ Design considerations The DNOA login UX design document contains the design spec, and some of the reasoning that went into that design. One high-level goal of all this work is to produce a set of HTML, … Continue reading
DotNetOpenAuth announces support for the US Government ICAM OpenID Profile
The Open Identity Initiative seeks to leverage existing industry credentials for Federal use. The Initiative approves credentials for government use through our Trust Framework Providers who assess industry Identity Providers (IDPs). The Trust Framework Provider Adoption Process outlines the process … Continue reading
DNS poisoning + (Debian’s) weak HTTPS certificates
A recent security news bulletin revealed that Debian and derivative Linux operating systems have been generating extremely weak HTTPS certificates for years. As a result, OpenID relying party web sites may be vulnerable to a brute force HTTPS certificate plus … Continue reading
VS2008 project template for OpenID and InfoCard relying parties
I finally built a project template to make it easier to write an OpenID relying party web site using C# and ASP.NET. Up to this point all we had were the sample RPs that ship with DotNetOpenAuth, which were deliberately kept simple. They didn’t u… Continue reading
Optimal OpenID UX finally underway
I’m finally making progress on building a set of HTML and javascript files that can be used on any OpenID relying party web site to allow visitors to easily log in with OpenID, without even knowing what OpenID is. I mentioned my goal to do this som… Continue reading
How to easily fetch OpenID attributes, regardless of the Provider
In a previous article, I bemoan the pain of writing an OpenID Relying Party that wants to fetch user attributes from their OpenID Provider, because of the at least 4 ways in which those attributes must be requested. And then later I promised that Dot… Continue reading
DotNetOpenAuth v3.2 is done
DotNetOpenAuth v3.2 just came off the presses. Lots of feature work and a few interop fixes in this release. The biggest highlights being: Very simple story for both RPs and OPs interested in interoperating with others whether they use sreg or… Continue reading
Help is coming for the Sreg/AX interop problem for OpenID
Just to get your mouth watering for DotNetOpenAuth v3.2… V3.2 has a new “behaviors” plugin capability that lets RPs and OPs get additional functionality with very little effort. For example, OPs can add PPID identifier support very easily with jus… Continue reading
Uri.EscapeDataPath and HttpUtility.UrlEncode are NOT the same
For some reason Microsoft defined URI escaping twice: Uri.EscapeDataString and HttpUtility.UrlEncode seem to cover the same need. There’s another pair: Uri.EscapeUriString and HttpUtility.UrlPathEncode which again seem to be redundant with each othe… Continue reading
Recent OpenID relying party vulnerabilities
The OSIS I5 OpenID interop testing is well underway. Last weekend while testing some OpenID relying party web sites, John Bradley happened upon a web site that failed a particularly alarming test. Further investigation revealed that the security ho… Continue reading
