OpenID领域是否必须是网站的基本URL？

Question

作为这个问题的延续,我有一个与dotnetopenauth有关的问题.

基本上,我想知道RP中指定的领域是否必须是应用程序的实际基本URL？那是(http://localhost:1903)？鉴于现有的架构很难删除重定向 - 我尝试将域设置为基础OpenId控制器(http://localhost:1903/OpenId)并手动测试确实生成了XRDS文档.但是,应用程序似乎冻结,EP日志显示以下错误:

2012-10-10 15:17:46,000 (GMT-4) [24] ERROR DotNetOpenAuth.OpenId - Attribute Exchange extension did not provide any aliases in the if_available or required lists.

码:

依赖方:

public ActionResult Authenticate(string RuserName = "")
{
UriBuilder returnToBuilder = new UriBuilder(Request.Url);
returnToBuilder.Path = "/OpenId/Authenticate";
returnToBuilder.Query = null;
returnToBuilder.Fragment = null;

Uri returnTo = returnToBuilder.Uri;
returnToBuilder.Path = "/";
Realm realm = returnToBuilder.Uri;

var response = openid.GetResponse();

if (response == null) {
    if (Request.QueryString["ReturnUrl"] != null && User.Identity.IsAuthenticated) {

    } else {

    string strIdentifier = "http://localhost:3314/User/Identity/" + RuserName;
    var request = openid.CreateRequest(
        strIdentifier,
        realm,
        returnTo);

    var fetchRequest = new FetchRequest();
    request.AddExtension(fetchRequest);
    request.RedirectToProvider();
    }
} else {
    switch (response.Status) {
        case AuthenticationStatus.Canceled:
            break;
        case AuthenticationStatus.Failed:
            break;
        case AuthenticationStatus.Authenticated:
            //log the user in
            break;
    }
}

return new EmptyResult();

}

提供者:

public ActionResult Index()
{
    IRequest request = OpenIdProvider.GetRequest();

    if (request != null) {
        if (request.IsResponseReady) {
            return OpenIdProvider.PrepareResponse(request).AsActionResult();
        }

        ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
        return this.ProcessAuthRequest();
    } else {
        //user stumbled on openid endpoint - 404 maybe?
        return new EmptyResult();
    }
 }

public ActionResult ProcessAuthRequest()
    {
        if (ProviderEndpoint.PendingRequest == null) {
            //there is no pending request
            return new EmptyResult();
        }

        ActionResult response;
        if (this.AutoRespondIfPossible(out response)) {
            return response;
        }

        if (ProviderEndpoint.PendingRequest.Immediate) {
            return this.SendAssertion();
        }

        return new EmptyResult();
    }

Answer 1

你的问题的答案是"不".领域可以是您站点的基本URL与return_to URL之间的任何URL.例如,如果您的return_to URL是http://localhost:1903/OpenId/Authenticate,则以下都是有效域:

• http://localhost:1903/OpenId/Authenticate
• http://localhost:1903/OpenId/
• http://localhost:1903/

以下是没有给出上述的return_to有效的领域,:

• http://localhost:1903/OpenId/Authenticate/ (额外的斜杠)
• http://localhost:1903/openid/ (区分大小写!)
• https://localhost:1903/ (计划变更)

由于某些OpenID提供商(例如Google)会根据确切的域网址为其用户发布成对唯一标识符,因此建议您的域名成为您网站的基本网址,以便最稳定(重新设计您的网站不会更改) .强烈建议如果它可以是HTTPS,那么你将它变为HTTPS,因为它允许你的return_to是HTTPS,并且在某种程度上更安全​​(它减轻了DNS中毒攻击).

日志中出错的原因是您的RP创建并添加了FetchRequestOpenID身份验证请求的扩展,但您尚未使用您请求的任何实际属性初始化FetchRequest.

我无法告诉你为什么你的应用程序冻结了,你提供的信息.