CODEWITHSUNDEEP
.netopeniddotnetopenauth
Peter
Peter

Reputation: 38465

DotNetOpenAuth and ajax

Hi i have created a site where i have a OpenId login. When you press the login button i call a ajax method that basically calls this with a ajax call:

[WebMethod]
public static LoginResult Login(string url)
{
    Identifier id;
    LoginResult result = new LoginResult();
    if (Identifier.TryParse(url, out id))
    {
        try
        {
            //request openid_identifier
            FetchRequest fetch = new FetchRequest();
            fetch.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
            fetch.Attributes.AddRequired(WellKnownAttributes.Name.Alias);
            fetch.Attributes.AddRequired(WellKnownAttributes.Name.FullName);
            fetch.Attributes.AddRequired(WellKnownAttributes.Name.First);
            fetch.Attributes.AddRequired(WellKnownAttributes.Name.Last);
            string rootUrl = "http://" + HttpContext.Current.Request.Headers["Host"] + "/";
            IAuthenticationRequest request = openid.CreateRequest(url, new Realm(rootUrl), new Uri(rootUrl + "?action=verify"));
            request.AddExtension(fetch);
            result.RedirectUrl = request.RedirectingResponse.Headers["Location"];
        }
        catch (ProtocolException ex)
        {
            result.ErrorMessage = ex.Message;
        }
    }
    else
    {
        result.ErrorMessage = "Could not parse identifier!";
    }

    return result;
}

this works great the javascript gets the "RedirectUrl" and redirects to it, after the verification at the open id provider is done i get sent back to some thing like this

http://localhost:33386/?action=verify&dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2............

But when i call openid.GetResponse() and check the Status its failed. If i check the Exception its contains the following message

The openid.return_to parameter (http://localhost:33386/?action=verify&dnoa.userSuppliedIdentifier=https:%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid) does not match the actual URL (http://localhost:33386/default.aspx?action=verify&dnoa.userSuppliedIdentifier=https:%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http:%2F%2Fspecs.openid.net%2Fauth........

What am i doing wrong here?

Note: The reason i try to specify returnUrl is that my webservice is located at ~\WebApi.aspx this is not where i want to land when i do the request.. I tried to look at the assembly with ILSpy but the "CreateRequest" methods are more or less empty..

Upvotes: 0

Views: 327

Answers (1)

Andrew Arnott
Andrew Arnott

Reputation: 81791

If you look carefully at the two URLs in the error message, you'll see that one mentions default.aspx explicitly and the other does not. That's what's breaking it. Try adjusting your own explicit return_to to include the page name and it may start working for you.

On another point, fetching the Location HTTP header from the response and sending that to Javascript is unreliable. Some OpenID requests are so large they don't fit into a single URL and the Location header will be empty. Instead, the response object has a payload of a self-submitting HTML form. Your code would fail if it ever happened to cross the max size threshold. But exploring your option here merits a dedicated Stackoverflow question. :)

Upvotes: 1

Related Questions