dotnetopenauth

The DotNetOpenAuth OAuth 2 Library requires RSAParameters to access public and private keys (example in DotNetOpenAuth OAuth 2 - UriStyleMessageFormatter which uses RSAParameters to construct an RSACryptoServiceProvider). I came across an Azure Security Whitepaper which noted that Azure installs certificates in a "certificate store with a flag indicating that the private key can be used but not exported". Which I believe may be at the heart of this problem. While I have been able extract the public and private keys from the cert while developing and debugging locally by referencing the

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 6 years ago . I'm trying to secure my WebAPI project, and would like to use DotNotOpenAuth, but I'm unable to find any quality samples or tutorials. I've tried grabbing the sample that come with the DNOA source on GitHub, but can't seem to get those

I'm using DotNetOpenAuth to log in as part of my login process. It works great for handling authentication but the process of retrieving user information from various openId providers is not working very well. Using MyOpenId I do get full information that I request using a ClaimsRequest with DotNetOpenAuth. It apparently uses the SREG protocol to request and retrieve this content. This works great with MyOpenId, but doesn't do anything for Google or Yahoo and other providers that do not support this protocol (yet?). Is there a way to retrieve cross provider user information using

I'm having trouble getting a DNOA RP working behind an SSL appliance (terminates the client HTTPS connection and reverse-proxies HTTP to the webserver behind it). The problem is that the RP is incorrectly guessing the recipient endpoint from the incoming request (since it's not HTTPS by the time it hits the webserver) and comparing the endpoint with scheme on the return_to url (which is HTTPS)- it fails with the stacktrace below. I've spelunked around in the code a bit and I don't see a way to change this behavior without a custom build or a non-trivial subclass. I'm already passing the HTTPS

Pretty basic question, but can someone please point me to a constructive tutorial on how to implement and use dotnetopenid? I'm struggling to find any real documentation that explains how to implement the thing. I couldn't find anything on their website, and I've gone through a couple of the samples, but still can't work it out, and the included .chm file is just reference material, rather than a "getting started" guide. Google searches are also failing me :( That depends on what you're trying to accomplish, as DotNetOpenAuth does a lot of things for a lot of people. Perhaps I'll start a

I'm using the following code in an MVC5 site: [HttpPost] [ValidateAntiForgeryToken] public ActionResult Login(LoginModel loginModel) { if (ModelState.IsValid) { var authenticated = FormsAuthentication.Authenticate(loginModel.UserName, loginModel.Password); if (authenticated) { FormsAuthentication.SetAuthCookie(loginModel.UserName, true); return RedirectToAction("AdminPanel"); } ModelState.AddModelError("", "The username and password combination were incorrect"); } return View(loginModel); } Which throws up the following warning: System.Web.Security.FormsAuthentication.Authenticate(string,