Tuesday, January 29, 2008

How to add OpenID support to BlogEngine.NET

Although the author of BlogEngine.NET didn't accept a patch from me to add OpenID support to his open-source blog engine a few months ago, it's really easy for you to add to your own install of BlogEngine.NET.  Here's how to do it:

  1. Download the latest drop of dotnetopenid and copy the janrain.openid.dll to your web site's Bin directory.
  2. Modify your login.aspx file to show the OpenID login box by adding this line just below your <%@ Page %> tag at the top of your file:
    <%@ Register Assembly="Janrain.OpenId" Namespace="NerdBank.OpenId.Consumer" TagPrefix="nb" %>
  3. Then add to or replace the ASP.NET Login control with the following code:
    <nb:OpenIdLogin runat="server" />
  4. Now in order for the OpenID login control to work, you need to make a couple of changes to your Web.config file. 
    1. Find your <pages enableSessionState="false" ... /> tag and change the first attribute to enableSessionState="true".
    2. Remove or comment out the tag: <trust level="High" />
  5. Finally, you need to specify which OpenID URLs will get admin privileges, editor privileges, and guest (commenter) privileges.  Modify your roles.xml to include tags for each of your OpenIDs in the appropriate places as shown below.  Note that the OpenID URLs must be exactly what your OpenID provider sends back upon successful sign-on, which may be slightly different from the way you type it.  (i.e. changing http to https, and a trailing slash).
    <?xml version="1.0" encoding="utf-8" standalone="yes"?>
    <roles>
      <role>
        <name>Administrators</name>
        <users>
          <user>Admin</user>
          <user>https://andrewarnott.signon.com/</user>
        </users>
      </role>
      <role>
        <name>Editors</name>
        <users>
          <user>http://andrew.arnott.myopenid.com/</user>
        </users>
      </role>
    </roles>

Note that you do not need to change your users.xml file to add any OpenIDs. 

That's all there is to it.  You can now login with your OpenID to your own web site.  Granted, lots of other changes throughout the site become appropriate once you're supporting OpenID logins, such as removing the "Change Password" option on your site since it no longer applies.  But you can have fun with that.

Thursday, January 24, 2008

New job with Visual Studio Platform & Ecosystem

I have accepted a new position within Microsoft with the Visual Studio Platform & Ecosystem team.  Rather than working on the .NET Compact Framework I will be working on "VS10".  I'll start work on my new job in a few weeks.

Wednesday, January 16, 2008

How did Schneier hack my Google Reader?

Somehow the "Schneier on Security" blog feed was injected into my Google Reader environment.  I have never heard of this guy, and I certainly don't have his feed in my list of subscriptions in Google Reader.  Google Reader doesn't show the post anywhere unless I have "All items" selected (until I starred it so I could find it later). 

Did Schneier somehow hack Google Reader so that his post would show up in my list of unread posts?  Has anyone else noticed this on their accounts?  Search for "schneier" in your Reader search box and see.  Please comment.  I'm very eager to hear what's going on, and if Google has a security problem in their app.

Schneier hacked my Google Reader 

Gotta love this, too.  When I clicked on "Schneier on security" just below the post title, I'm taken to a Reader page that says "You are not subscribed to this feed yet."  Funny.  How did I get the post in my roll in the first place then?

Tuesday, January 15, 2008

Looking for a new job

Some internal changes here at Microsoft finds me looking for a new job.  I am focusing my search on jobs still here at Microsoft, but I guess I need to keep my eyes open to other opportunities as well.

I've added a link to my resumé just next to my photo and name here on my blog.  It's here too:

Tuesday, January 01, 2008

Silverlight Slideshow control

I've been looking to change out my Flash-based slide shows that appear on my personal blog with a Silverlight-based slide show control.  A quick Internet search revealed First Floor's Silverlight Slideshow control.  It's a very polished-looking control that beats any of the Flash-based slide shows I've seen hands down.

I made a few enhancements to the control from what First Floor had, and I'm looking forward to working with Koen Zwikstra (of First Floor) to investigate incorporating these into his code base.  The primary feature I've added deals with having three image sizes instead of just two: the largest one is only used in full-screen mode.

Watch for a follow-up article on the tricks I had to pull to get this Silverlight control working on Blogger while still pulling RSS photo feeds from PicasaWeb, despite the XSS-limitations imposed on Silverlight 1.0 controls.