Tuesday, January 29, 2008

How to add OpenID support to BlogEngine.NET

Although the author of BlogEngine.NET didn't accept a patch from me to add OpenID support to his open-source blog engine a few months ago, it's really easy for you to add to your own install of BlogEngine.NET.  Here's how to do it:

  1. Download the latest drop of dotnetopenid and copy the janrain.openid.dll to your web site's Bin directory.
  2. Modify your login.aspx file to show the OpenID login box by adding this line just below your <%@ Page %> tag at the top of your file:
    <%@ Register Assembly="Janrain.OpenId" Namespace="NerdBank.OpenId.Consumer" TagPrefix="nb" %>
  3. Then add to or replace the ASP.NET Login control with the following code:
    <nb:OpenIdLogin runat="server" />
  4. Now in order for the OpenID login control to work, you need to make a couple of changes to your Web.config file. 
    1. Find your <pages enableSessionState="false" ... /> tag and change the first attribute to enableSessionState="true".
    2. Remove or comment out the tag: <trust level="High" />
  5. Finally, you need to specify which OpenID URLs will get admin privileges, editor privileges, and guest (commenter) privileges.  Modify your roles.xml to include tags for each of your OpenIDs in the appropriate places as shown below.  Note that the OpenID URLs must be exactly what your OpenID provider sends back upon successful sign-on, which may be slightly different from the way you type it.  (i.e. changing http to https, and a trailing slash).
    <?xml version="1.0" encoding="utf-8" standalone="yes"?>
    <roles>
      <role>
        <name>Administrators</name>
        <users>
          <user>Admin</user>
          <user>https://andrewarnott.signon.com/</user>
        </users>
      </role>
      <role>
        <name>Editors</name>
        <users>
          <user>http://andrew.arnott.myopenid.com/</user>
        </users>
      </role>
    </roles>

Note that you do not need to change your users.xml file to add any OpenIDs. 

That's all there is to it.  You can now login with your OpenID to your own web site.  Granted, lots of other changes throughout the site become appropriate once you're supporting OpenID logins, such as removing the "Change Password" option on your site since it no longer applies.  But you can have fun with that.

10 comments:

  1. Anonymous12:59 AM

    Sweet! It works great, thanks for making this available!

    ReplyDelete
  2. hi Andrew!
    where can I download source code of ur ASP.NET Login control?

    Thank you!

    ReplyDelete
  3. Hi aaballboy,
    You can download the source code to the control with the rest of the library's source code at http://dotnetopenid.googlecode.com.

    But as I said in response to a comment you left on another blog, you don't need the source code to change the reference in the OpenIdLogin control from myopenid.com to yahoo.com.

    ReplyDelete
  4. Very helpful article, thanks!

    ReplyDelete
  5. What is Blogengine. NET? It is for the first time that I open it, I try, can you gave me an idea about it. thank you.Busby Seo Challenge

    ReplyDelete
  6. You can learn about BlogEngine.NET here: http://www.codeplex.com/blogengine

    But if you're looking for a good .NET blogging platform, I suggest you check out Subtext (http://subtextproject.com/) as they already have OpenID support built-in.

    ReplyDelete
  7. very informative details thanks for that, nice article
    Busby SEO Test

    ReplyDelete
  8. thanks very much for the powerful post. thanks n tahanks ^_^

    ReplyDelete
  9. great post. thanks for the tutorial.

    ReplyDelete