开发者

Do I store all of the ClaimedIdentifier?

I am using dotnetopenauth and I am wondering what should I be storing from claimedIdentifier. I thought it would be just an id but it seems to have a url too.

When I do something like

Identifier claimedIdentifier = openIdRelayingParty.ClaimedIdentifier;

I get

//yahoo

https://me.yahoo.com/a/2RCv_bQ7341PA3v4irf5tzu_9K_fF1414afa414

// google

https://www.google.com/accounts/o8/id?id=AItOawmMvmoomT7lOO5jwEaAd1414dfafaf241VUI

So do I store this whole thing or just the long 开发者_JAVA百科string? If I should store the the long string then how to I extract it out? It seems like each provider formatting is a bit different.


You should store the entire URL, including the fragment part. The fragment part is the #fragment at the end of some URLs. For example, I think every Yahoo ClaimedIdentifier actually includes a fragment like this:

https://me.yahoo.com/a/2RCv_bQ7341PA3v4irf5tzu_9K_fF1414afa414#aHd88

It is vitally important that the entire ClaimedIdentifier be stored, and later used to identify the same person. Also, be sure your identity check is case sensitive. Do not use the System.Uri.Equals method to verify that two ClaimedIds are equivalent. It would return true in cases where only the #fragment is different, which is not correct. You should use Identifier.Equals or the simple String.Equals(string, string, StringComparison.Ordinal) method.

Or if you're looking up the user from your users table in a database, be certain that your users table is configured to be case sensitive for the ClaimedId column.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜