The open source OpenID C# library DotNetOpenID has been released. This is a really exciting release that adds full support for OpenID 2.0 while preserving full backward compatibility for interoperating with OpenID 1.x. It is a mature library with lots of helps for diagnostics and debugging, and a balance between simplicity and extensibility. For a complete list of enhancements from the last release, check out the VersionChanges page.
Here are the highlights of this library and particularly this release:
- Support for OpenID 2.0 Relying Parties and Providers, including but not limited to these features:
- Xri and i-name support
- Directed identity support
- More secure hashing algorithms (SHA-256)
- Interop with Yahoo and other OpenID 2.0-only providers
- Better security against replay attacks.
- Send unsolicited positive assertions from providers to automatically log your users in to relying party web sites.
- Much more comprehensive testing of common scenarios and possible security exploits.
- More comprehensive HTML-based identity discovery.
- Completely stateless mode support for Relying Parties (not even HttpApplication state).
- New OpenIdMobileTextBox ASP.NET control.
- All relying party ASP.NET controls now support immediate mode.
- Improved support for custom stores that have to serialize associations (for databases, etc.)
- Debugger attributes to make stepping through the code easier.
We’ve had over 150 beta testers leading to this release and fixed several bugs along the way. Thanks to all those who helped field test this release!
This is a release that I personally have worked very hard to build and write tests to make sure its as secure as possible. Please consider supporting past and future development with a donation (any size).