Monday, April 14, 2008

How to add OpenID to your ASP.NET web site (in C# or VB.NET)

Adding OpenID support to your VB.NET web site couldn't be easier.  Here is the easiest way:

  1. Download the DotNetOpenId library.
  2. Extract the DotNetOpenId.dll from the bin directory of the .zip file you downloaded.
  3. Make sure you're using FormsAuthentication.
    1. Open Web.config
    2. Find your <authentication> tag (or create it if you're sure it doesn't already exist) and change it if necessary so it looks something like this: (the really important part is just mode="Forms")
      <authentication mode="Forms">
      <
      forms defaultUrl="/default.aspx" loginUrl="~/login.aspx"/>
      </
      authentication>
  4. Add a Reference to DotNetOpenId.dll from your web site.
  5. Navigate to your Login.aspx page.
  6. Drag the OpenIdLogin control from your control Toolbox to the location on your page you want it to appear. NOTE: If the controls do not appear in your Toolbox, follow these steps to add them:
    1. Right-click somewhere on the Toolbox and click Choose Items... (it can take a while before the dialog shows up)
    2. In the .NET Framework Components tab, choose Browse.
    3. Select the DotNetOpenId.dll that you extracted from the zip file.
    4. Click OK.
    5. Several controls will get added to your Toolbox.  Drag the OpenIdLogin control to your page.
  7. You should have a couple of new lines in your .aspx file:
    <%@ Register Assembly="DotNetOpenId" Namespace="DotNetOpenId.RelyingParty" TagPrefix="RP" %>
    <RP:OpenIdLogin ID="OpenIdLogin1" runat="server" />
  8. If you're starting a brand new site and don't have a way to tell who is logged in on your site yet, go ahead and drag LoginName and LoginStatus controls to some new page that you can use to check your own logged-in status.
  9. Go ahead and run your app.  You're already done.

Now, this is admittedly the simplest case.  If you have an existing userbase with usernames and passwords, you'll want to build pages to help your users make the transition.  You can certainly support dual-mode authentication, but each web site is different and you'll have to design your own plan for doing that.  But if you find you need more flexibility with how the OpenID login control looks or works, check out the OpenIdTextBox control.  If there's demand (leave a comment on this post), I'll follow up with a post or two on how to customize this.

13 comments:

  1. Anonymous2:57 AM

    I'm trying to follow your instructions for adding OpenID support to my web site. I have added an OpenIDLogin control but get an "Invalid character in a Base-64 string." error when I click on the login button. What am I doing wrong?

    ReplyDelete
  2. Hi anonymous,

    For your base64 string error, can you email dotnetopenid@googlegroups.com with the URL of the page when you see that error? I will see what I can do for you.

    ReplyDelete
  3. Hi Andrew,
    The uri validatior on the control is not working or maybe it needs extra setup and i dunno ..

    ReplyDelete
  4. Don't we need to add a custom provider in the web.config?

    ReplyDelete
  5. mnm,
    A custom provider is a good idea, but not strictly necessary unless you're on a web farm or similar.

    ReplyDelete
  6. Hello there!

    I've managed to do most of the stuff,but the OpenIDLogin doesn't appear in the Toolbox.

    Your direction is very simple to understand!Thank you so much.Can you advise the next step please?

    Thanks again

    ReplyDelete
  7. Toolbox is flaky in my experience. You can force the controls to show up by right-clicking in the Toolbox, "Choose Items..." and finding the dotnetopenauth.dll library and adding it there.

    ReplyDelete
  8. I followed this post to add the control to my site. After clicking "Login", I receive a NullReferenceException from "DotNetOpenAuth.OpenId.RelyingParty.OpenIdLogin.set_UsePersistentCookie(LogOnPersistence value)". Anything obvious I'm missing here?

    ReplyDelete
  9. Hello, I downloaded the DotNetOpenAuth but the DotNetOpenId.dll is missing. I am stuck in implemeting the OpenID in my site.

    Thanks,
    Lavina

    ReplyDelete
  10. Hello Andrew,
    Thanks for the useful post.
    - Just wondering, is it possible to store other information against the OpenID account. For example, I intend to work on porting an ASP.NET application (that currently uses AD/Windows Auth) to use OpenID for authentication and SSO. I'd like the ability to store information such as Security Groups (that was previously) held in AD against OpenID, is that possible?

    - As mentioned above, I've presently got an ASP.NET application that already has a bunch of users stored both in AD and in a database. Is there a way to "automate" the registration of users, so this doesn't need to be done manually by each other when they use the system the first time the proposed changes are rolled out?
    Please let me know if I'm missing some of the fundamentals of OpenID and what it can achieve.

    Thanks,
    Prav.

    ReplyDelete
  11. OpenID provides an "Attribute Exchange" extension that would theoretically provide a way for you to store data "against OpenID", but no one implements it.

    When you accept OpenID, you therefore have to store any attributes about a given user within your own user table.

    ReplyDelete
  12. Hi Andrew,
    Thanks for the response to my previous question.
    I have a bit more of a detailed question regarding registration though.
    Regardless of whether I am fetching existing users (in our own User table) or creating a new user, is there way in DotNetOpenAuth to create an OpenID login programmatically and also be able to specify the OpenID provider (rather than the default myOpenID).
    Thankyou.
    Prav

    ReplyDelete
  13. @prav-aust Absolutely. Check out http://www.dotnetopenauth.net/developers/code-snippets/programmatic-openid-relying-party/ Future questions are best posed to dotnetopenid@googlegroups.com

    ReplyDelete