Pablo Fernandez
Reputation: 287480
Do you perform any validation on the OpenID URI?
When you are logging in a user using OpenID, do you perform any validation on the OpenID URI (or identifier)? Or do you just let the library handle it (like DotNetOpenAuth).
Upvotes: 0
Views: 243
Answers (1)
Andrew Arnott
Reputation: 81801
DotNetOpenAuth handles all validation. Web sites that add validation are likely to needlessly break some OpenIDs (for example, when XRI support was added, those don't look like URLs, and a web site that tried to make it look like a URL would break XRIs).
Upvotes: 5
Related Questions
- DotNetOpenId — “This message has already been processed” Error (Part 2)
- DotNetOpenAuth Login Fails, But receiving data in querystring
- DotNetOpenAuth Sample OpenID Error: No OpenID endpoint found
- DotNetOpenId -- "This message has already been processed" Error
- OpenIdProvider.GetRequest() returns null
- OpenAuth .Net Claims Request is always null
- Unable to connect to OpenId Provider
- OpenId authentication vulnerability
- DotNetOpenAuth: Why I am not getting always the same OpenID given an e-mail?
- DotNetOpenAuth autopostback