Recently, I have been trying to integrate OpenID as a Relying Party on this new site i am working on. This would allow users to login using OpenID. Previously, I had implemented support for OpenID for a prior site using DotnetOpenID, DNOI. But this was on a normal form-based ASP .NET site. With MVC, I could no longer use the control I was using before. It has been about one and a half years since I last looked at OpenID. Surprisingly, there was nothing really much that seemed new with DNOI. There's support now for ASP .NET MVC. Also, it's called DotnetOpenAuth, DNOA, now.
There's actually something called OpenID+OAuth now or Federated Login, which is an OAuth extension to OpenID. In OpenID, normally you only ask and get the user's details. With this Hybrid, you also ask for an access token for OAuth use. You no longer have to bug the end user multiple times and thus hopefully, gives a better end user experience. Currently, the lastest version of DNOA, DNOA 3.0, does not support this. However, mySpace's latest SDK has managed to implement this feature. The files for the OAuth extension can be downloaded here. Extract this to the DNOA extensions folder. At the moment, there are details on how to implement this hybrid exchange on Google here.
One of the problems with the example for the MVC relying party in DNOA is that it just gives an example to authorise the given OpenID. You can actually ask for more details either through Simple Registration or Attribute Exchange extensions. The following creates a FetchRequest extension to request for Required attributes.
1 var ext = new FetchRequest();
2 ext.Attributes.AddRequired(WellKnownAttributes.Contact.Email);
3 ext.Attributes.AddRequired(WellKnownAttributes.Name.First);
4 ext.Attributes.AddRequired(WellKnownAttributes.Name.Last);
5 ext.Attributes.AddRequired(WellKnownAttributes.Preferences.Language);
6 ext.Attributes.AddRequired(WellKnownAttributes.Contact.HomeAddress.Country);
7 request.AddExtension(ext);
The following creates a ClaimsRequest to ask for defined fields through Simple Registration
1 var claimsReq = new ClaimsRequest
2 {
3 BirthDate = DemandLevel.Request,
4 Nickname = DemandLevel.Request,
5 PostalCode = DemandLevel.Request,
6 Language = DemandLevel.Request,
7 TimeZone = DemandLevel.Request,
8 Country = DemandLevel.Request,
9 Email = DemandLevel.Require,
10 FullName = DemandLevel.Request,
11 Gender = DemandLevel.Request
12 };
13 request.AddExtension(claimsReq);
On receiving an Authenticated response, you access fields from the responses via the ClaimsResponse, eg.
1 var claimsExt = response.GetExtension<ClaimsResponse>();
Or the FetchResponse,
1 var fetchExt = response.GetExtension<FetchResponse>();
plaxo.com is a good example of how you could implement OpenID for the sign in process. It can even request for more than just the user's email address from Google. At the moment, the only fields from the user that you could get from google is the email address. Plaxo has a special invitation from Google that allows them to do what they do.
At the time of writing, Yahoo's OpenID implementation does not allow you to obtain any personal details from the user. You only get back their OpenID which is in the format of https://me.yahoo.com/a/xxxxxxxxxxxx. So the only way, you will be able to recognise returning users is from this ID. You don't even get to know their email address. Yahoo is working on getting their Simple Registration extension support and it seems to be taking them awhile.