Storing DotNetOpenAuth information and user info retrieval Storing DotNetOpenAuth information and user info retrieval asp.net asp.net

Storing DotNetOpenAuth information and user info retrieval


asp.net database dotnetopenauth

1.Is the response.ClaimedIdentifier the correct piece of information to be storing against a user?

Yes. And make sure the column you store it in the database with is case sensitive. Here is a table schema that demonstrates how to make sure it is case sensitive. This comes out of the DotNetOpenAuth project template's database schema. The "CS" bit of the specified collation stand for Case Sensitive.

CREATE TABLE [dbo].[AuthenticationToken] (    [AuthenticationTokenId]    INT            IDENTITY (1, 1) NOT NULL,    [UserId]                   INT            NOT NULL,    [OpenIdClaimedIdentifier]  NVARCHAR (250) COLLATE SQL_Latin1_General_CP1_CS_AS NOT NULL,    [OpenIdFriendlyIdentifier] NVARCHAR (250) NULL,    [CreatedOn]                DATETIME       NOT NULL,    [LastUsed]                 DATETIME       NOT NULL,    [UsageCount]               INT            NOT NULL);

2.Is FormAuthentication.SetAuthCookie the preferred way to forms authentication? Or is there a better way?

For MVC apps it definitely is, since you still can return your preferred ActionResult from the method.

3.When I call SetAuthCookie, there is no data relating to the user except for the ClaimedIdentifier. If I'm consistently referring to their UserId, is a better idea to create the user, then store that UserId in the cookie instead of the ClaimedIdentifier?

That sounds like personal preference. But I would typically go with user_id, since it might result in a faster database lookup every time an HTTP request comes in that requires you to look up any user information.

4.If I'm using that UserId in a number of places, how do I either retrieve it from the cookie, or store it somewhere else more logical/useful?

FormsAuthentication does provide a way to store more information in its encrypted cookie than just username, but it is harder than you'd expect to use it. This snippet comes out of DotNetOpenAuth's web SSO RP sample:

const int TimeoutInMinutes = 100; // TODO: look up the right value from the web.config filevar ticket = new FormsAuthenticationTicket(    2, // magic number used by FormsAuth    response.ClaimedIdentifier, // username    DateTime.Now,    DateTime.Now.AddMinutes(TimeoutInMinutes),    false, // "remember me"    "your extra data goes here");HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket));Response.SetCookie(cookie);Response.Redirect(Request.QueryString["ReturnUrl"] ?? FormsAuthentication.DefaultUrl);

Then you can get at that extra data in a future HTTP request with this:

var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];if (cookie != null) {    var ticket = FormsAuthentication.Decrypt(cookie.Value);    if (!string.IsNullOrEmpty(ticket.UserData)) {        // do something cool with the extra data here    }}

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last