Tuesday, January 09, 2007

Getting OpenID user profile information using JanRain's .NET assembly

previously posted regarding the ASP.NET controls I wrote to wrap JanRain's .NET implementation of OpenID.  I have updated those controls to now automatically request user profile information from your visitors' OpenID providers as needed.  This post discusses how you can do that.

The JanRain library provides the AuthRequest.ExtraArgs NameValueCollection to add the profile variables you wish to get from the OpenID provider.  By filling in that collection, and then reading the response from HttpContext.Request.QueryString, you can readily retrieve the desired user data (including name, gender, zip, email, etc.)  It does take reading the spec (which is simple) on what those variable names and values are.

Or you can use my updated ASP.NET OpenID controls.  Just download and use them as outlined in my previous post, and then set any combination of these properties on the controls to get the profile information you want:

  • RequestNickname
  • RequestFullName
  • RequestEmail
  • RequestBirthdate
  • RequestGender
  • RequestPostalCode
  • RequestLanguage
  • RequestCountry
  • RequestTimeZone

Setting any of these properties to true should cause their provider to ask the user's consent to release the information you ask for (as the spec dictates) and provided they agree, the details will be given along with the authentication encryption.

You can optionally set the PolicyUrl property on the controls to let the user know where your privacy policy can be found before he releases the information.

Saturday, January 06, 2007

ASP.NET drop-in control to enable OpenID logins for your site

[9/28/07: Update: this control is now being hosted as part of the dotnetopenid project on Google Code]

OpenID is gaining ground, and with good reason.  A cross-platform, cross-browser single Internet sign-on using a distributed network is very appealing.  I'll assume though that you already know what OpenID is and why it is a good choice for your web site.  This post is about how to add support for OpenID to your web site very easily.

Most of the ease is attributable to the work of Grant Monroe (I believe) due to his work on the .NET implementation of OpenID.  While his library seems to be functional, it leaves some to be desired when it comes to actually using it on your site.  The steps he uses includes adding several lines to your Web.config file, adding a special .ashx handler class to your web project, and grabbing any request ending in login.aspx regardless of whether and which login page it is on your site.

I was able to leverage his library (written in Boo) with a C# library of my own to put a nice custom web control frontend on his OpenID implementation.  Now, aside from adding the library to your web site's Bin directory, all you have to do is add these two lines to your login page:

<%@ Register Assembly="NerdBank.Tools" Namespace="NerdBank.Tools.WebControls" TagPrefix="nb" %> 
<nb:OpenIdLogin ID="openIdLogin" runat="server" />

Not bad, eh?  All you need before you add these lines is to drop in a compiled version of NerdBank.Tools.dll and its dependencies.  You can download a drop, or download the source using Subversion.  Both Janrain.dll and NerdBank.Tools.dll are licensed under the LGPL.

If you try this and find you want more control over the appearance than what the OpenIdLogin control offers, use the OpenIdTextBox control, which provides a barebones but fully functional control that does the same thing so you have more control over the UI.

Being that Janrain.dll (where OpenID is implemented) is written in Boo, with which I am not too familiar, I added my custom web control to my own existing C# tools library.  Ideally Janrain's author can take my code and rewrite it in Boo so that it can be all in one assembly for convenience, but I don't see two assemblies as a big deal in the meantime.  In order for my strong-named NerdBank.Tools assembly to reference Janrain.dll, I had to recompile Janrain.dll with a strong name.  Other than that it's the original assembly as I downloaded it from its original site.  

The Janrain implementation does not provide (as far as I can tell) for requesting user details during the login process, as the OpenID specification allows for.  I also use Janrain's Ruby implementation of OpenID,  which does provide this behavior, so I'm going to investigate this more and either contribute to his project or figure out how to use the feature and build it into my OpenIdLogin control so you can just set properties and they are delivered to you in the OpenIdLogin.OnLoggedIn event.  I'll report via another post on this blog on my progress.