I am trying to install openID into my web site project that is using ASP.NET MVC, specifically with Yahoo
Yahoo keeps giving me this :
"Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate."
However I have followed the setup procedures I have a Yardis document setup and the following in the header of my realm URI
<meta http-equiv="X-XRDS-Location" content="http://www.daimokuchart.com/yadis" />
My Yardis document is as follows
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="1">
<Type>http://specs.openid.net/auth/2.0/return_to</Type>
<URI>http://www.daimokuchart.com/Users/Authenticate</URI>
</Service>
</XRD>
</xrds:XRDS>
This is getting rather frustrating as I am not sure what else I can be missing.
Note: The domain given in this example isn't actually live at this time... I am however testing it on a live site I just can not give out the URL at this time as we are not done developing the site yet.
Update 3/4 I did find a Yadis testing site, and it passed so the problem is Yahoo is not discovering it for some reason.
Update 3/5 Still no luck I talked with someone and they said this
needed to be in my root url so I did that now yahoo reports something is wrong with the site... but not sure what the problem is...
Check that your openid.return_to parameter is found in your YADIS/XRDS document, including matching capitalization.
My first thought is that your realm URL (http://www.daimokuchart.com/yadis), seems to redirect to http://blog.daimokuchart.com/yadis when I attempt to browse there. The following writeup (linked from Yahoo's OpenID FAQ) mentions that the realm URI can't redirect:
Why Yahoo! says your OpenID site's identity is not confirmed
Yahoo! OpenID - FAQ
Related
Why do I continuously receive "The provided value for the input parameter 'redirect_uri' is not valid."?
My site is hosted in Azure. I'm trying to Login via the Microsoft sign-in button. I haven't really made many changes from the default ASP.Net MVC out-of-the-box template. All I've really changed was to uncomment the app.UseMicrosoftAccountAuthentication line and add the clientId and clientSecret.
Do I have the Redirect URL set up incorrectly?
Site: http://mysite.azurewebsites.net
Redirect URL: http://mysite.azurewebsites.net/
I read somewhere that you need to specify a Redirect URL in the form of http://www.mysite.azurewebsites.net. Can anyone confirm or deny that? I do not need the www in my current set up.
The error I consistently receive is:
https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The provided value for the input parameter 'redirect_uri' is not valid. The expected value is 'https://login.live.com/oauth20_desktop.srf' or a URL which matches the redirect URI registered for this client application.&state=SomeLongPossiblyEncryptedString
This message is displayed on the page returned after an attempt to login:
Microsoft Account
We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later.
3/26/2014 Update: No luck so far, here's some screen shots of my settings in case it helps.
Basic Information
API Settings
Is this a problem on Microsoft's side or am I doing something wrong?
From the default MVC what works for me (just tested about 5 minutes ago) for the redirect URL is
http://testcrap.azurewebsites.net/signin-microsoft
All the documentation I've found says to use
http://testcrap.azurewebsites.net/login/microsoftaccount
But that doesn't work for me...
signin-microsoft does
OR if that doesn't work then use something like firebug to see what the request to the oauth provider looks like and then whatever the redirecturi is inside of that request is what you need to use..
For web application you need to set the redirect url in the Live Connect Developer Center.
In API Settings->Redirect URLs you must set:
http://www.yourdomain.com/signin-microsoft
Hope it's helpful :)
You need to provide the redirect url in the Live Connect Developer Center. I've attached a screenshot. This is part of the application validation to prevent malicious applications.
It seems Microsoft change the url again. This what works for me
.auth/login/microsoftaccount/callback
My redirect url is
https://yyyyyyyy.azurewebsites.net/.auth/login/microsoftaccount/callback
To get this url, use Fiddler or any http debug tool and look for request to login.live.com. The redirect_url is in the query string.
https://login.live.com/oauth20_authorize.srf?client_id=00000000551716B9&redirect_uri=https%3A%2F%2Fyyyyyyyyyy.azurewebsites.net%2F.auth%2Flogin%2Fmicrosoftaccount%2Fcallback&response_type=code&scope=wl.basic+wl.offline_access+wl.signin+wl.birthday+wl.calendars+wl.calendars_update+wl.contacts_birthday+wl.contacts_create+wl.contacts_calendars+wl.contacts_photos+wl.contacts_skydrive+wl.emails+wl.events_create&state=nonce%3Dfe7e6b678b8844f48f079cceadf1f426_20151206145117%26redir%3D%2F
Since I need 3 more reputation points to write a comment to your post I have to ask it here. Sorry about that.
Are you getting this error while trying it out on the real domain or while testing it from your localhost?
If the second is the case you need to setup a DNS entry for a dummy hostname in your local host file that points to 127.0.0.1 and use that dummy name when registering with live. Furthermore it needs IIS, not IIS Express.
Not sure if it is a clean way nor if it is complete, but it is the furthest I got when trying out the new ASP.NET Identitiy Provider. Sadly there is only a example in the official documentation which shows how to use it with google...
I, too, would appreciate a clean answer to this.
Redirect URIs are "SSL sensitive" and you probably always want the SSL version.
I am working on cakephp project I have URL like :
http://www.example.com/
As CakePHP takes an url like
http://www.exaple.com/controll/function_name
I was going through the web-master tools site verification where I was verifying my site,
Google provides verification file(HTML) which I need to store in root directory.
The problem is that CakePHP does not allow to put .HTML in the URL, so how can verify my site then ?
They also offer a meta tag that you can use for verification. Use that instead.
There is another option that isn't mentioned yet to my surprise, but you can put files you would like to serve "as is" under the app/webroot folder. So if you create app/webroot/google-site-verification-a12bc345.html, you (and more importantly, Google) can access that page through
http://cakeapp.com/google-site-verification-a12bc345.html
In addition to what John said, Google Webmaster tools can be verified via Google Analytics's if you use one.
However for Google Analytic's verification, Google Analytics JavaScript tracking code must be in the <head> (not the <body>) section of your page. Sometimes GA code exist in other JS files or at the bottom of the page, which is problematic.
If you do not have Google Analytic's implemented (and you are not planning to) the simplest solution is what John has said - using meta tag verification.
I'm trying to implement an OpenId provider using DotNetOpenAuth. I'm using their 2 samples together, an MVC replying party and an MVC provider.
Provider hosted at: http://localhost:4864/OpenId/Provider
Relying hosting: http://localhost:54347/User/Login
I tried it with google (https://www.google.com/accounts/o8/id), and I got authenticated. When I tried http://localhost:4864/OpenId/Provider. The relying party said no openId endpoint was found. When I set a breakpoint on the provider, this code returns null:
IRequest request = OpenIdProvider.GetRequest()
So the comment for when request is null is this: No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint.
So I guess my problem is at the provider end. What do I need to do to fix this?
in the dotnetopenauth sample, when the login screen asks for a provider and you want to use the sample mvc provider, the identifier to use in your case will be http://localhost:4864/
and not http://localhost:4864/OpenId/Provider
For me, I was using the sample MVC provider. Its HomeControllerhad the [Authorize] attribute. This meant the xrds request failed and so an exceptions 'Sequence contains no elements' and 'No OpenID endpoint found' were reported. Removing the [Authorize] attribute allows the xrds request to succeed and you can log in to a site being debugged in one instance of Visual Studio using OpenID from a site being debugged in another instance of Visual Studio.
For security reasons, DotNetOpenAuth RP defaults to disallowing OpenIDs that start with http://localhost/. For your testing purposes you can whitelist localhost so that it works for you:
<dotNetOpenAuth>
<messaging>
<untrustedWebRequest>
<whitelistHosts>
<!-- since this is a sample, and will often be used with localhost -->
<add name="localhost" />
</whitelistHosts>
</untrustedWebRequest>
</messaging>
</dotNetOpenAuth>
PS:- please dont say use this devise, omniauth or any other plugin/gem you know.
I am looking for some example code for google login using authlogic for ruby on rails 3.
Here is what i have tried/checked:-
authlogic-google-account-oauth --- This is sample code for twitter, not google (One of the top rated google result. )
http://www.manu-j.com/blog/add-google-oauth-ruby-on-rails-sites/214/ --> generating keys for google login? There was nothing like this while implementing facebook / twitter or linkedin login. All I need is secret key and application id from the respective sites.
Tons of links on stackoverflow, No-one is giving the solution just recommending other gems/ outdated blog posts like
Ruby on Rails: Best way to add Facebook login, Twitter login, OpenID login, etc
Configuring authlogic-oauth with google and many more.
Anybody knows any running example/ sample code for google login with authlogic in rail 3
EDIT
Have you noticed these warnings, this is from your code. The code you provided is running on my local machine:--
Attempting discovery to verify endpoint
Performing discovery on https://www.google.com/accounts /o8/id?id=AItOawlFBZciVpNUBSlYbz0wHzTgmJWu9PpCvyk
WARNING: making https request to https://www.google.com/accounts/o8/id?id=AItOawlFBZciVpNUBSlYbz0wHzTgmJWu9PpCvyk without verifying server certificate; no CA path was specified.
Using 'check_authentication' with https://www.google.com/accounts/o8/ud
WARNING: making https request to https://www.google.com/accounts/o8/ud without verifying server certificate; no CA path was specified.
You inspired me to hack away at this.
This blog basically worked for me http://blog.sethladd.com/2010/09/ruby-rails-openid-and-google.html
My code is extra ugly though, because it wasn't the first one I tried.
Other resources:
Ruby open_id_authentication with Google OpenID
http://toddsedano.blogspot.com/search?updated-max=2010-05-29T11%3A59%3A00-07%3A00&max-results=7
http://railscasts.com/episodes/170-openid-with-authlogic
Anywho, the rough code that is working for me is here:
https://github.com/softwaregravy/google_authlogic
and here is the running code
It's still very much a prototype. Hope it helps.
I am trying to set up OpenID on an ASP.Net 2 website that I am making right now, and using DotNetOpenAuth. But it seems I've run into a brick wall that won't budge no matter how many things I try.
While trying to sign-in with Google I am getting "Web request to 'https://www.google.com/accounts/o8/ud' failed." as response.
The weird thing is that Google displays the sign-in screen correctly which asks me to confirm whether I want to give the site access.
Additionally the sign-in data from Google is correctly being appended to the querystring.
So why isn't OpenID.GetResponse able to fetch me the correct data?
I can potentially get the sign-in data from the querystring myself. But is that a good idea?
Thank you for replying!
Edit: Just want to clarify here that the behaviour is on Localhost.
If your web server is behind a firewall or requires a proxy to make outbound HTTP requests, make sure your web.config file includes a snippet to use the system default proxy (or a specifically named one.
<system.net>
<defaultProxy enabled="true" />
</system.net>
And no don't just retrieve the sign-in data from the query string yourself. There's lots of validation that has to be done on that string to avoid anyone being able to log in as anyone just by writing up the query string themselves. In fact it sounds like DotNetOpenAuth is failing during verification, so you're not likely to be able to do it yourself either until this outbound HTTP request problem is solved.
The tricky part here is why DNOA was able to send you to Google, but unable to contact Google later to verify the positive assertion. Can you enable logging and add the logs to your question if what I've shown above doesn't work?