Home/ Questions/Q 8761711
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T15:21:15+00:00

I’m using the following sample code from the DotnetOpenAuth Samples (OpenId Controller in OpenIdProviderMvc)

  • 0

I’m using the following sample code from the DotnetOpenAuth Samples (OpenId Controller in OpenIdProviderMvc)

public ActionResult ProcessAuthRequest() {
        if (ProviderEndpoint.PendingRequest == null) {
            return this.RedirectToAction("Index", "Home");
        }

        // Try responding immediately if possible.
        ActionResult response;
        if (this.AutoRespondIfPossible(out response)) {
            return response;
        }

        // We can't respond immediately with a positive result.  But if we still have to respond immediately...
        if (ProviderEndpoint.PendingRequest.Immediate) {
            // We can't stop to prompt the user -- we must just return a negative response.
            return this.SendAssertion();
        }

        return this.RedirectToAction("AskUser");
    }

private bool AutoRespondIfPossible(out ActionResult response)
    {
        if (ProviderEndpoint.PendingRequest.IsReturnUrlDiscoverable(OpenIdProvider.Channel.WebRequestHandler) == RelyingPartyDiscoveryResult.Success
            && User.Identity.IsAuthenticated) {
                if (ProviderEndpoint.PendingAuthenticationRequest != null) {
                    if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity
                        || this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) {
                            ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
                            response = this.SendAssertion();
                            return true;
                    }
                }

                if (ProviderEndpoint.PendingAnonymousRequest != null) {
                    ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
                    response = this.SendAssertion();
                    return true;
                }
        }

        response = null;
        return false;
    }

However, I don’t want to ask the user anything. I’m trying to set up a web application portal that should automatically respond positively to the RP if the user is logged in (which he is). Yet AutoRespondIfPossible returns false, because ProviderEndpoint.PendingRequest.IsReturnUrlDiscoverable returns false and I’m not sure why. What action should I be taking here?

Logs:

RP: http://pastebin.com/0EX2ZE1C
EP: http://pastebin.com/q5CPrWp6

Previous related questions:

SSO – No OpenID endpoint found

OpenIdProvider.GetRequest() returns null

Does an OpenID realm have to be the base URL of the web site?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    IsReturnUrlDiscoverable performs what OpenID calls “RP Discovery”. And it’s important anyway, but particularly if you will be auto-logging users in, it’s critical for security. The fact that it’s returning false tells you the RP needs some work to do this correctly.

    This blog post explains what the RP must do to pass “RP Discovery” tests.

    • 0