OpenID provider on localhost with DotNetOpenAuth

Question

I have the DotNetOpenAuth sample provider running locally and it appears to correctly handle requests via the web browser. I can step through the handler for authorisation in th

Answer 1

It looks like you're already aware of the need to whitelist localhost for an RP in order to get it to work. But something else I became aware of recently is that IIS blocks ASP.NET web apps from performing HTTP GETs on themselves. It works for the Visual Studio Personal Web Server, but if your RP and OP are both hosted on IIS under localhost, then likely it's IIS that's blocking it. You can confirm or deny this by using your hand-written HttpWebRequest test from your IIS-hosted RP vs. a console app.

If they're both under IIS and that's the problem, then you should either use the Personal Web Server for your development, or perhaps separating the two sites on IIS in different app pools or something like that will help.