DotNetOpenAuth with AppDirectory removed

In my previous post I had talked about my decision to implement OpenId, and how DotNetOpenAuth worked well for this. In this post I will talk a little about the only issue that I ran into while doing this.

The root of this issue had to do with how my hosting is setup for sites that have low traffic. I host these sites on winhost which allows for an unlimited number of domain pointers. They also have the URL Rewrite module, so I can rewrite http://webquestbuilder.com/ to http://webquestbuilder.com/sitedir enabling the site to be moved later when demand requires more horsepower without having to deal with the removal of the sub directory.

The problem that came from this setup was that DotNetOpenAuth determined that the releam was webquestbuilder.com/sitedir instead of webquestbuilder.com, and returned from openid with to the sitedir/authenticate.  Andrew Arnott pointed me in the right direction pretty quick after my tweet. Here is what I ended up with to fix this, it is in 2 parts.

The first is making the request:

if (isInSubDir)
{
request = openid.CreateRequest(Request.Form["openid_identifier"], new Realm("http://webquestbuilder.com/"),
new Uri("http://webquestbuilder.com/User/Authenticate/"));
}
else
{
request = openid.CreateRequest(Request.Form["openid_identifier"]);
}

The second part is dealing with the response:

var isInSubDir = Request.ApplicationPath!="/";
IAuthenticationResponse response;
if (isInSubDir)
{
var absoluteUri = httpRequest.Url.AbsoluteUri;
var rawUrl = httpRequest.RawUrl;
if(isInSubDir)
{
absoluteUri = absoluteUri.Replace(Request.ApplicationPath, "");
rawUrl = rawUrl.Replace(Request.ApplicationPath, "");
}
var httpRequestInfo = new HttpRequestInfo(httpRequest.HttpMethod, new Uri(absoluteUri), rawUrl, headers, httpRequest.InputStream);
response = openid.GetResponse(httpRequestInfo); �
}
else
{
response = openid.GetResponse();
}

Open Id with DotNetOpenId

I recently integrated OpenId into a project that I am working on with my wife, WebQuest Builder in order to avoid the extra considerations related to storing user password.

Originally I had planned on using RPXNow in order to do this. But after reading about how realms worked, specifically that  Google gives a different identifier for each realm, I decided against this option. Because

while RPXNow does have support  for custom realms, webquestbuilder.com instead of webquestbuilder.rpxnow.com, it would cost $99/month in order to get this. And after my wife made a comment that it seemed almost like someone phishing for her account do to the webquestbuilder.rxpnow.com in Googles OpenId form.

The other option that I had been considering had been DotNetOpenAuth which was very simple to integrate. It took about an hour to get it running in my development environment. I only had one issue when I pushed it live, which I will go into in a future post. For the OpenId selector I used Jarrett Vance’s Id selector for the Sign In.

After showing it to a few people I ended up making a few tweaks to the Id Selector. The first  chance that I made was to change it so that the OpenId checkbox did not show up, because a couple of the people I showed it to tried entering in their gmail address instead of Google’s OpenId Url. The other change I did was order them by which providers I thought they were most likely to be using, I hope the Microsoft gets their OpenId provider going soon so that I can integrate hotmail/live accounts into this.