Using OpenID with WCF and no browser, is it possible?

Question

From most of the reading I\'ve done on OpenID, it seems a browser may be required. I\'m writing a WCF app and wanted to use OpenID as the authentication method, but my app

Answer 1

While OpenID can tout in its spec independence from cookies and such because the spec doesn't actually mandate how those things are used, in reality I've never seen a good OpenID solution for anything besides logging into a web site, which is really its primary use case.

However there is a good way to go and still use WCF and OpenID. Add OAuth to the mix. The DotNetOpenAuth library has a sample that shows how a WCF client can get authorized to call a WCF service via OAuth, where at the service-side the user uses OpenID to log in as part of the authorization process.

So basically if you WCF app needs to "log in" in order to call the WCF service, as part of a one-time setup:

1. The app pops up a browser where the user sees the WCF service web site (the OAuth Service Provider)
2. The user logs in with their OpenID (although the user may already be logged in, in which case they can skip this step)
3. The OAuth SP asks the user "do you want to authorize this [wcf app] to access this site?"
4. The user says yes, and closes the browser.
5. The WCF app now has access, thanks to the OAuth protocol, to the WCF service.

This works because behind the scenes, when the user says "yes" to the service through the web browser, a special machine-friendly credential is assigned to the WCF app, which it uses with every WCF service call the a similar way a username/password would be.

Check out the DotNetOpenAuth library. It has the sample and everything you should need to get this working.