Open ID

I personally have around a few 100 accounts with almost the same amount of passwords. Because of my creativity in making up new passwords in combination with a memory that can easily forget password within an hour makes me not really happy with the current username/password requirements.

Rather I have one or two accounts that I can reuse all over the internet. That is where Open ID comes in. Open ID is an authentication mechanism that can be shared between different providers. So you can choose the provider where you are storing your main account and link other internet services (even from different companies) to this same account.

This makes Open ID a really good and Open authentication mechanism for internet.

Also a great feature is that Open ID is really easy to implement. We implemented Open ID in .NET by downloading http://www.dotnetopenauth.net/ . It took a little time to exactly get familiar with Open ID however after an hour or so we got a working solution.

Here below an example of our usercontrol that logs a user on with a Google or Yahoo account.

As you can see there are event handlers in dotnetopenauth for handling the login events. Here you can retrieve the open id of the user after he or she has logged on.

There are two possible solutions for using Open ID. You can ask the user to fill in its open id account url. However we do not think user will easily use this option because the open id account url tend to be very long. Option two is to put a button on a site with for instance the text, “click here to login with google”. I think this last option is the best, however you should add multiple buttons for each provider that you would like to support.

A note of critic for open ID providers

Open ID is great, however it still can get better

- Besides authenticating users it is possible the add extra claims. These claims ask providers for specific user information like an email. However I did not get this working for Google and Yahoo. Google should ask the user if they allow our internet service to see his email address however Google doesn’t support this. You simply do not get the email back. This often requires you to ask the email address and or nickname when registering an Open ID account.

My conclusion is that Open ID is really great and very usable for authentication. It made me very happy and I think I am not the only one.

Comments

Post a Comment

Popular posts from this blog

System.Net.Http dll version problems

Last few weeks we had problems with referencing the correct System.Net.Http version. This is probably because some components use internally higher versions (.NET Core with System.Net.Http 4.2.0.0) compared to the versions that are available in NuGet. Frequently we got errors like: Could not load file or assembly 'System.Net.Http, Version=4.1.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040) What is the solution.... That is a great questions. But we do not have the satisfying answer yet. What we currently do is the following. - Use in all projects the same System.Net.Http version, currently we use v4.3.3 from nugget - Compile the code and check in the resulting Bin folder what the resulting System.Net.Http version is - Use this version as BindingRedirect in the app.config / web.config like <dependentAssembly>
Read more

SharePoint Survey Back Button

On Internet I could not find a correct solution for implementing a back button in a survey. After some search I found some near implementations but not an implementation that fully worked. One that inspired me was http://sharepointbender.blogspot.nl/2012/04/creating-back-button-on-sharepoint-2010.html but I found the history.back(-2) not satisfying. I wrote my one version in Javascript that uses the FirstField parameter of the survey to implement a correct behaviour. I hope it makes you happy. In the edit form I added a script link to the code below and i added the following statement spbackButton.init("Name of list"); In an javascript file I included the following code. var spbackButton = (function () { var _prevFieldsArray = new Array(); var _currentStep; var _prevPageStep; function setCookie(c_name,value,exdays) { var exdate=new Date(); exdate.setDate(exdate.getDate() + exdays); var c
Read more

How to set up AD FS for a development machine

Image
In this article I will describe how you should set up a development computer to use an existing AD FS. First thing we need to do is to create a trust between the ADFS server and the development machine. You can do this by login in with RDP at the server that is running ADFS and start up the "AD FS 2.0 Management" that is found under the Administrative tools. When the AD FS 2.0 Management studio is started you need to navigate to the "Relying Party Trusts" in the left folder structure. Then you nee to select "Add Relying Party Trust..." in the right menu. This will open the "Add Relying Party Trust Wizard" as shown below. When clicked on "Start" the following screen will open. Here you can specify how the relying party configuration is configured. For a development machine it is most easy to select just the last option "Enter data about the relying party manually" In the next screen you can fill in a name and descr
Read more