Home/ Questions/Q 710639
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T04:38:39+00:00

I have implemented a straightforward OpenID support for my ASP.NET app with DotNetOpenAuth .

  • 0

I have implemented a straightforward OpenID support for my ASP.NET app with DotNetOpenAuth. Yet I recently realized that the implementation was treating http://johndoe.example.com/ as a distinct user compared to https://johndoe.example.com.

This lead to quite a few confused users. I am unsure what to do at this point. Is this a bug or a feature?

Indeed, I can consider this behavior as a feature: if the user specifies the HTTPS, the user might not want the system to accept HTTP auth in the first place.

On the other hand: if the user specifies HTTPS out of sheer cluelessness (the casual web visitor is clueless concerning the purpose of the “S” part), then rejecting it’s authentication attempt is confusing.

What is considered as the best practice?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Theoretically http and https identities could be different. Practically (as implemented by the providers in the real world) they shouldn’t be.

    StackOverflow does not differentiate between http://abdullin.myopenid.com and https://abdullin.myopenid.com, so the solution should probably work for the 99% scenarios.

    • 0