DotNetOpenAuth v3.4 now available

You can go download DotNetOpenAuth v3.4 today.  Highlights of the new version include:

  1. Support for Google Apps for Domains issued OpenIDs.  This required special work since Google has their own flavor of OpenID discovery that had to be supported until something like Google’s scenario get’s standardized.
  2. Identifier discovery extensibility (this is how Google Apps support was enabled, but the extensibility is exposed for others as well – but use with caution!)
  3. A new ASP.NET MVC OpenID web project template.
  4. Twitter image POST via OAuth fixed.
  5. New SSO web-ring samples added, so organizations looking to use OpenID for their SSO solution can see how it might be done.
  6. Minor bug fixes.

Please note that this is the first version to have statistical reporting enabled by default, which reports feature usage statistics and the URL of the site hosting the library to the library authors.  To opt-out of this feature, you should add this to your web.config file:

<dotNetOpenAuth>
  <reporting enabled="false" />
</dotNetOpenAuth>

The details included in the reports may be selectively turned on or off as well, if you are willing to contribute statistics but don’t want the URL to your web site exposed, for example.  More information can be found in my follow-up post: DotNetOpenAuth’s “call home” reporting.

Don’t forget to donate to the cause if you like the library.

This Post Has 11 Comments

  1. Nice work!

    One thing I have been trying to get is a website that functions both as a OpenID provider and relying party. I see in 3.4 there are samples for the two separately, and I have attempted to merge the two code bases and configs etc into a single website to no avail.

    Is what I am attempting even possible? Or does OpenID, by its very nature, require providers and relying parties to be cleanly separated?

    As to why I want to do this, it is to allow standard username / password when the website is launched (ie it will use OpenID but be restricted to itself as the provider), but with flexibility to broaden the provider list later depending on website takeup.

  2. Hi,

    It seem that the DotNetOpenAuth.resources under the sr is only delay signed. it has been this way since this assembly has been added.

    You can make a little experiment by trying to install the assembly into the GAC. You will get:
    Failure adding assembly to the cache: Strong name signature could not be verifie
    d. Was the assembly built delay-signed?

    I open an issue for in the DotNetOpenAuth trac (171).

    Am I missing something? Do I need to-do something on my end? I searched the wiki but couldn't find anything.

    Regards,
    -Shay Erlichmen.

  3. "has been fixed for future releases."

    I didn't understand if the fix is in 3.4.1 or will be in future release.
    I don't see it in the roadmap of 3.4.2 nor 3.5 so I'm assuming that you think this is resolved.

    The official sr resource in the bin folder is not singed, but I found that the same dll is also in some samples bin folder. I tried those and they are singed.

  4. Andrew.. I am enjoying the dotnetopenauth work quite a bit and I think as for google and yahoo I have it licked.

    Now .. the question, facebook claims to be an openid vendor.. the rich user interaction one can glean from facebook connect is of interest to me. Any guidance out there on a facebook implementation using .net. I think the key issue is the wiring up of the post-authorize call back.. or so it seems to me…

  5. I just downloaded DNOA.

    I can make it work with regular google accounts with this url: "https://www.google.com/accounts/o8/id&quot;

    But no success with google education. i use this url:
    "https://www.google.com/accounts/o8/site-xrds?hd=school.tzafonet.org.il&quot;

    But i keep getting AuthenticationStatus.Failed with an exception:
    "The X.509 certificate used to sign this document is not trusted. The revocation function was unable to check revocation for the certificate.
    , The revocation function was unable to check revocation because the revocation server was offline."

    I really do not know what else i can do. Any idea?

Comments are closed.