This has already been asked Here, but not by me and the OP accepted an answer which did not help me. Thus far, I’ve tried logging in from different browsers, changing the web config, clearing cookies, and loading from an external machine.
In fact, I eventually did discover that the problem is specific to my own machine; when I published to another machine, it worked fine. Any suggestions for where to look for solutions? I deliberately used the simplest test code I could think of, a clean empty aspx page and a simple Page_Load function.
Edit: To clarify, like the author of the original question, I am getting a “This message has already been processed” error. This is printed out to screen with Response.Write(response.Exception.ToString());. I believe the issue is configuration-related, unlike the other author, since the symptoms only show up on my local box. Note that the symptoms are independent of whether I test on the same box as the code is running on.
protected void Page_Load(object sender, EventArgs e)
{
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
IAuthenticationResponse response = openid.GetResponse();
if (response != null)
{
try
{
Response.Write(response.Exception.ToString());
}
catch (Exception)
{
}
return;
}
}
using (OpenIdRelyingParty openid = new OpenIdRelyingParty())
{
IAuthenticationRequest request = openid.CreateRequest(@"https://www.google.com/accounts/o8/id");
request.RedirectToProvider();
}
}
Error Message:
DotNetOpenAuth.Messaging.Bindings.ReplayedMessageException: This message has already been processed. This could indicate a replay attack in progress. at DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Bindings\StandardReplayProtectionBindingElement.cs:line 129 at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 990 at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172 at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 375 at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 498
Logs:
2010-02-01 14:19:57,238 (GMT-5) [4] INFO DotNetOpenAuth - DotNetOpenAuth, Version=3.4.0.10015, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
2010-02-01 14:19:57,253 (GMT-5) [4] INFO DotNetOpenAuth - Reporting will use isolated storage with scope: User, Domain, Assembly
2010-02-01 14:19:57,270 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57,272 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]
2010-02-01 14:19:57,360 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse
2010-02-01 14:19:57,364 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (2.0) message:
openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1]
openid.identity: https://www.google.com/accounts/o8/id?id=[snip1]
openid.sig: [snip2]/[snip7]=
openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.assoc_handle: [snip3]
openid.op_endpoint: https://www.google.com/accounts/o8/ud
openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
openid.response_nonce: [snip4]:[snip5]:[snip6]
openid.mode: id_res
openid.ns: http://specs.openid.net/auth/2.0
dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id
2010-02-01 14:19:57,373 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,374 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,376 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: [snip2]=
2010-02-01 14:19:57,388 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (2.0) message.
2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 14:19:57,403 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (2.0) message for https://www.google.com/accounts/o8/ud:
openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid
openid.mode: check_authentication
openid.ns: http://specs.openid.net/auth/2.0
openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1]
openid.identity: https://www.google.com/accounts/o8/id?id=[snip1]
openid.sig: [snip2]=
openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
openid.assoc_handle: [snip3]
openid.op_endpoint: https://www.google.com/accounts/o8/ud
openid.response_nonce: [snip4]:[snip5]:[snip6]
dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id
2010-02-01 14:19:57,403 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request.
2010-02-01 14:19:57,916 (GMT-5) [4] DEBUG DotNetOpenAuth.Http - HTTP POST https://www.google.com/accounts/o8/ud
2010-02-01 14:19:57,992 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response.
2010-02-01 14:19:57,992 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (2.0) message:
is_valid: true
ns: http://specs.openid.net/auth/2.0
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message.
2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message.
2010-02-01 14:19:57,994 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message.
2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message.
2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message.
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message.
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (2.0) message is:
is_valid: true
ns: http://specs.openid.net/auth/2.0
2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.
web.config:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
<section name="uri" type="System.Configuration.UriSection,
System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection"
requirePermission="false" allowLocation="true"/>
</configSections>
<uri>
<idn enabled="All"/>
<iriParsing enabled="true"/>
</uri>
<appSettings/>
<connectionStrings/>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" />
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows" />
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
<dotNetOpenAuth>
<openid maxAuthenticationTime="0:05" cacheDiscovery="true">
<relyingParty>
<security
requireSsl="false"
minimumRequiredOpenIdVersion="V10"
minimumHashBitLength="160"
maximumHashBitLength="256"
requireDirectedIdentity="false"
requireAssociation="false"
rejectUnsolicitedAssertions="false"
rejectDelegatingIdentifiers="false"
ignoreUnsignedExtensions="false"
privateSecretMaximumAge="07:00:00" />
<behaviors>
<!-- <add type="Fully.Qualified.ClassName, Assembly" /> -->
</behaviors>
<store type="Fully.Qualified.ClassName, Assembly" />
</relyingParty>
<provider>
<security
requireSsl="false"
protectDownlevelReplayAttacks="true"
minimumHashBitLength="160"
maximumHashBitLength="512">
<associations>
<add type="HMAC-SHA1" lifetime="14.00:00:00" />
<add type="HMAC-SHA256" lifetime="14.00:00:00" />
</associations>
</security>
<behaviors>
<!-- <add type="Fully.Qualified.ClassName, Assembly" /> -->
</behaviors>
<store type="Fully.Qualified.ClassName, Assembly" />
</provider>
<extensionFactories>
<add type="FullyQualifiedClass.Implementing.IOpenIdExtensionFactory, Assembly" />
</extensionFactories>
</openid>
<messaging clockSkew="00:10:00" lifetime="00:03:00">
<untrustedWebRequest
timeout="00:01:10"
readWriteTimeout="00:00:21.500"
maximumBytesToRead="1048576"
maximumRedirections="10">
<whitelistHosts>
<!-- since this is a sample, and will often be used with localhost -->
<!-- <add name="localhost" /> -->
</whitelistHosts>
<whitelistHostsRegex>
<!-- since this is a sample, and will often be used with localhost -->
<!-- <add name="\.owndomain\.com$" /> -->
</whitelistHostsRegex>
<blacklistHosts>
</blacklistHosts>
<blacklistHostsRegex>
</blacklistHostsRegex>
</untrustedWebRequest>
</messaging>
</dotNetOpenAuth>
<!-- log4net is a 3rd party (free) logger library that dotnetopenid will use if present but does not require. -->
<log4net>
<appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender">
<file value="c:\\tmp\\toto\\RelyingParty2.log" />
<appendToFile value="true" />
<immediateFlush value="true" />
<rollingStyle value="Size" />
<maxSizeRollBackups value="10" />
<maximumFileSize value="100KB" />
<staticLogFileName value="true" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<appender name="TracePageAppender" type="OpenIdRelyingPartyWebForms.Code.TracePageAppender, OpenIdRelyingPartyWebForms">
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" />
</layout>
</appender>
<!-- Setup the root category, add the appenders and set the default level -->
<root>
<level value="INFO" />
<appender-ref ref="RollingFileAppender" />
<!--<appender-ref ref="TracePageAppender" />-->
</root>
<!-- Specify the level for some specific categories -->
<logger name="DotNetOpenAuth">
<level value="ALL" />
</logger>
</log4net>
</configuration>
In some versions of dotnetopenauth you can also get:
if your maxAuthenticationTime value is too low (which is obviously not related to the error in any way – but that is a different issue). I experienced this just today.
To increase this value, edit the config entry as shown at https://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Configuration (I suggest setting to 0:10).