A few weeks ago I blogged about the basics of storing web passwords. I mentioned that the best solution is to avoid storing web passwords and use OpenId to manage user authentication. I had the chance to play around with OpenId authentication and found the examples to be rather confusing, so today I’m going to write a very simple example of how to use an OpenId provider for user authentication.
DOTNET OPENAUTH
DotNet OpenAuth is a library for implementing OpenId, OAuth and InfoCards in your .Net applications. For the example application I simply want to be able to authenticate my users with an OpenId provider (such as Blogger or Google) which means I want to use an OpenId relying party.
THE EXAMPLE
For this example I’m going to create a very very simple picture-sharing site with MVC. Users will be able to view pictures, but to add pictures you need to register and be logged in with OpenId. I’m going to use Sqlite as a simple data store.
To get started, I’m going to create a User controller for managing all authentication and registration. I have already created a very simple login action and view. I will redirect users to this action if they choose to login or access a part of the site for which authentication is required.
public ActionResult Login()
{
return View();
}
Read more: P IS FOR PROGRAMMING
DOTNET OPENAUTH
DotNet OpenAuth is a library for implementing OpenId, OAuth and InfoCards in your .Net applications. For the example application I simply want to be able to authenticate my users with an OpenId provider (such as Blogger or Google) which means I want to use an OpenId relying party.
THE EXAMPLE
For this example I’m going to create a very very simple picture-sharing site with MVC. Users will be able to view pictures, but to add pictures you need to register and be logged in with OpenId. I’m going to use Sqlite as a simple data store.
To get started, I’m going to create a User controller for managing all authentication and registration. I have already created a very simple login action and view. I will redirect users to this action if they choose to login or access a part of the site for which authentication is required.
public ActionResult Login()
{
return View();
}
Read more: P IS FOR PROGRAMMING