问题
I use DotnetOpenAuth, i need to pass some data with SetCallbackArgument, but the problem is that some openId provider such as http://pip.verisignlabs.com/ http://clickpass.com/public/username redirect to my site with query string more than 2048 character and IIS can't handle it. I got 404 - File or directory not found. error cause that they redirect is too big. What should I do in this case?
回答1:
The OpenID spec states that OpenID responses that are too large should use form POST instead of 301 redirects which helps to avoid this problem. I don't know if verisign or clickpass is neglecting that part of the spec or not. But in general your callback arguments should be kept short to avoid this kind of problem. And certainly if your callback argument is very large it could never be expected to work since the callback arguments must always be in the query string.
Typically if you want a large bit of data available when the user returns, you can store it in a db, in the user session, or in a cookie, and only store a small reference to that data in the callback argument.
Remember that anything in the callback argument is subject to inspection by the user, any third party if HTTPS isn't used for the whole thing, and even possible tampering. DNOA provides optional tampering protection for callback arguments, but not confidentiality.
来源:https://stackoverflow.com/questions/4287313/openid-query-length-issue-in-dotnetopenauth