Home/ Questions/Q 660033
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T23:06:42+00:00

I am currently playing with DotNetOpenAuth to make an ASP.NET (C#) website use OpenID

  • 0

I am currently playing with DotNetOpenAuth to make an ASP.NET (C#) website use OpenID instead of the normal login-password routine for user and session handling.

Up till now, I have added the DotNetOpenAuth.dll into my project and tried a test login page with the following:

<rp:OpenIdLogin ID="OpenIdLogin1" runat="server" />

When I run the page, I enter a valid myopenid url and the website redirects to the myopenid page, where I enter my password, and upon success, it returns back to my default.aspx, due to the following in my web.config:

<authentication mode="Forms">
    <forms defaultUrl="/Default.aspx" loginUrl="~/Login.aspx"/>
</authentication>

Now that the user is “logged in”, how can handle my session? At the moment, I don’t know how I can, for example, check if the session is still alive or how to terminate the session.

My basic question is, how can I manage the session once the user is authenticated with OpenID ?

[Update]

I am now using the following to check for authentication: HttpContext.Current.User, and with that I can now check if a user is authenticated with a session.

Now is there a possible way on how I can “link” user details that are stored in my database with an openid account?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    OpenID logins with the OpenIdLogin control are (by default) no different than a username+password login from ASP.NET’s point of view. As you’ve discovered HttpContext.Current.User is set on each incoming HTTP request based on an HTTP cookie that ASP.NET FormsAuthentication sends to the browser in order to keep the session consistent from request to request. While you’re in a page or its code-behind, the Page.User property is an even more convenient means.

    But if you’re doing access control, rather than check whether there’s a logged in user in every page, it’s best to use the <authorization> tag in your web.config file to force the user to be logged in before accessing certain pages or directories of pages.

    As far as linking user details, the key you want to associate with your users’ details is the OpenID Claimed Identifier, which is what OpenIdLogin automatically assigns to the Username value for FormsAuthentication. So you can retrieve or store user details in your database based on the value of HttpContext.Current.User.Identity.Name, which will be the reliable and proven unique value for each user.

    • 0