Introduction
As some of you may know from reading some of my past articles/blogs, that I am not really a web man, but I had an idea a while back to create a tool that had to be web based, so I have been busy constructing this ASP .NET MVC web site in my spare time.It is still ongoing, but one area that the web site needed was login/authentication, which is a pretty usual requirement on web sites. In fact ASP .NET has long supplied forms authentication for this purpose (as well as other options). Thing is, I did not really want to store username/passwords in my database, then I read about this protocol called OpenId, which is a protocol that numerous web sites adhere to already. And if you have an OpenId compliant login, my site could allow its users to use those credentials directly with the OpenId compliant web site validating them. They basically handle the login/authentication process and redirect back to the original calling site (my site).This may sound quite nuts, but it is quite probable that you yourself are already in possession of an OpenId login, as there are many many OpenId compliant web sites out there. So it seemed to make sense to allow users to simply use their existing login credentials rather than for my site to ask them to create even more credentials.So this is all well and good, so what is this article all about. Quite simple really, this article will demonstrate how to use OpenId with Forms Authentication (to store the Authentication cookie) within a ASP .NET MVC web site.I should mention that this demo apps web site it is not the prettiest of web sites, as I have literally applied no styling to it what so ever, I intentionally left it without trying to muddy the water so to speak. So please be aware that it is not going to win any beauty contests at all.
A Brief Discussion About OpenIdOpenID is an open standard that describes how users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.
The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as smart cards or biometrics).
The term OpenID may also refer to an ID as specified in the OpenID standard; these IDs take the form of a unique URL, and are managed by some 'OpenID provider' that handles authentication.Read more: Codeproject
As some of you may know from reading some of my past articles/blogs, that I am not really a web man, but I had an idea a while back to create a tool that had to be web based, so I have been busy constructing this ASP .NET MVC web site in my spare time.It is still ongoing, but one area that the web site needed was login/authentication, which is a pretty usual requirement on web sites. In fact ASP .NET has long supplied forms authentication for this purpose (as well as other options). Thing is, I did not really want to store username/passwords in my database, then I read about this protocol called OpenId, which is a protocol that numerous web sites adhere to already. And if you have an OpenId compliant login, my site could allow its users to use those credentials directly with the OpenId compliant web site validating them. They basically handle the login/authentication process and redirect back to the original calling site (my site).This may sound quite nuts, but it is quite probable that you yourself are already in possession of an OpenId login, as there are many many OpenId compliant web sites out there. So it seemed to make sense to allow users to simply use their existing login credentials rather than for my site to ask them to create even more credentials.So this is all well and good, so what is this article all about. Quite simple really, this article will demonstrate how to use OpenId with Forms Authentication (to store the Authentication cookie) within a ASP .NET MVC web site.I should mention that this demo apps web site it is not the prettiest of web sites, as I have literally applied no styling to it what so ever, I intentionally left it without trying to muddy the water so to speak. So please be aware that it is not going to win any beauty contests at all.
A Brief Discussion About OpenIdOpenID is an open standard that describes how users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.
The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as smart cards or biometrics).
The term OpenID may also refer to an ID as specified in the OpenID standard; these IDs take the form of a unique URL, and are managed by some 'OpenID provider' that handles authentication.Read more: Codeproject