Update: Please read the beta release notes for this beta release.

A full review of what's new in v4.0 is currently being prepared however if you would like to check it out in the meantime you can by checking out our pre-release nuget package.

As always, we really want to hear about how you get on so be sure to post on our facebook page or ask any questions you may have on stackoverflow. Be sure to tag your post with 'dotnetopenauth'.

Enjoy!

In Short

1. Get DNOA4Glimpse:
   NuGet Command: PM> Install-Package DCCreative.DNOA4Glimpse

What is Glimpse?
(http://getglimpse.com/About)

Glimpse is a very cool set of utilities that provide developers with a massive array of how requests go about being served, as well as a host of other information about the server itself.

At its core, Glimpse allows you to debug your web site or web service right in the browser. Glimpse allows you to "Glimpse" into what's going on in your web server. In other words what Firebug is to debugging your client side code, Glimpse is to debugging your server within the client.

Glimpse is available via NuGet at http://nuget.org/List/Packages/Glimpse.

Exposing DotNetOpenAuth to Glimpse

Writing a plugin for Glimpse is childsplay. Glimpse exposes a friendly Plugin interface

public interface IGlimpsePlugin
{
	string Name { get; }
	object GetData(HttpContextBase context);
	void SetupInit();
}

Simply inherit from IGlimpsePlugin then implement the members in your plugin.

[GlimpsePlugin]
public class DotNetOpenAuthPlugin : IGlimpsePlugin {
	public void SetupInit() {
	//...
	}
	public string Name {
		get { return "DotNetOpenAuth"; }
	}
}

After adding a reference to the assembly containing your plugin, Glimpse will automatically pick up your plugin (thanks to the wonderful powers of MEF).

Demo

I quickly threw together a sample application to test the plugin.

1. Create a new ASP.NET MVC site based on the DNOA MVC relying party sample.
2. Add the DNOA4Glimpse package (Install-Package DCCreative.DNOA4Glimpse)
3. Done (Get the source here)

Glimpse has been turned on (by visiting //yourwebsiteurl.example.com/glimpse.axd) which results in a panel being displayed at the bottom of your screen. As you can see, there is a DotNetOpenAuth tab. Awesome!

Right, now – let’s do an OpenID Authentication

What’s really cool is the Glimpse’s handling of complex objects.

The presentation of complex objects such as the YADIS services detailed above will improve in a version I am currently working on, thanks for some new presentation features coming to Glimpse soon. Watch this space.

So the plugin is still in beta but hopefully you will find it useful.

DNOA4Glimpse and Demo Source is available at https://github.com/DavidChristiansen/DNOA4Glimpse

So what's new about it?

• Overall: Upgraded to latest Code Contracts version.
• RP/OP:Improved avoidance some unhandled VerificationExceptions that could be thrown on partial trust hosts due to a bug in .NET.
• OP: Fixed a couple of bugs in AXFetchAsSregTransform.
• OP: UIRequest extension now serializable, and fixed an unhandled exception on some UI extension requests.
• OP: Added IRequest.ClearResponseExtensions()
• RP: Improved interoperability with some Providers that send non-normalized positive assertions for stateless RPs (avoids some "invalid signature" errors)
• RP: A configuration option to be less strict about requiring remote parties to conform so precisely to the spec.
• RP: OpenIdSelector control no longer breaks ENTER from submitting other forms on the same page.
• RP-MVC: OpenIdAjaxOptions now allows an MVC app to specify a form name instead of only a form index.
• Samples: A random assortment of small improvements to the samples.
• ApplicationBlock: Now includes support for paging through Google Contacts using OAuth.

Sean writes;

The problem that came from this setup was that DotNetOpenAuth determined that the realm was example.com/sitedir instead of example.com, and returned from openid with to the sitedir/authenticate. Andrew Arnott pointed me in the right direction pretty quick after my tweet. Here is what I ended up with to fix this, it is in 2 parts.

Check out Sean’s full article here.

http://openidux.dotnetopenauth.net/

Design considerations

The DNOA login UX design document contains the design spec, and some of the reasoning that went into that design.

One high-level goal of all this work is to produce a set of HTML, CSS, and JS files that can work on any web platform, so that ruby, python, php, coldfusion, and (of course) ASP.NET RP web sites can benefit from a better UI for logging users in.

Interesting scenarios to experiment with and/or test

• Login by clicking on Members Only. This invokes the full page redirect login UI.
• Login by clicking Login in the upper-right corner of the page. This invokes the popup dialog UI.
• Visit the account management page and add additional OpenIDs or InfoCards to your account so you can log in with multiple identities yet be recognized as holding just one account.
• Login multiple times, using various OPs. Notice first that we highlight the button you chose the prior time. This helps the user not splinter his identity on a return visit in the event he has accounts with more than one displayed OP.
• Notice that in the login UI some OPs support checkid_immediate, and on a return visit, a green checkmark appears in the lower-right corner of an OP button when an immediate login is available. If a green checkmark is not visible on an OP button, a popup window will be used to guide the user through the initial login process. Some OPs (such as Verisign and Yahoo) do not support checkid_immediate, and will never display green checkmarks.
• When logging in, try using the OpenID button. Notice that as soon as you finish typing that discovery on that identifier begins and a login button appears within the text box. Next time you visit, the UX will remember what identifier you typed in and help you log in again.
• Try using the OpenID button with an identifier that delegates to multiple OPs. Notice how the Login button that appears to help you go through checkid_setup (if no checkid_immediate requests come back positive) is a split button, allowing you to actually pick which OP to log in with, and these OPs are in priority order (adjusted for OPs that are down or misbehaving, which are moved to the bottom).

Special release notes

In this iteration, I've elected to go with the popup dialog approach to displaying the login UI rather than a popup browser window. This is still alterable, and your feedback and/or preferences on this decision is most welcome.

The current set of OP buttons displayed include 4 OPs: Google, Yahoo, Verisign and MyOpenID. The last two of these do not fit the qualifications given in the design document, but they are included here to assist in the feedback process, and because I don't know how to make four buttons (Google, Yahoo, OpenID and InfoCard) look good, so I jumped up from three to six.

In the OpenID text box area, after authentication completes a green checkmark is displayed, but sometimes no login button appears to complete login. This is a UX issue I haven't figured out how to solve yet. But the way to proceed with login is to click the original, large OpenID button again.

The browsers I've tested with are IE8, Chrome 3, FireFox 3.5 and Safari 4. If you test with other/older browsers, please leave feedback about how your experience was. But currently I'm not targeting older browsers, so any bug reports regarding backward compatibility may not be fixed.