Mads Kristensen

My personal blog about everything tech

Warning! Don't use this code in production. It is an experimental implementation used for learning purposes only. 

Over the weekend I began looking more deeply into OpenID than I have before. I’ve always been intrigued by OpenID, but the information about it in terms of code samples in .NET have not been impressive. There are a few projects here and there but they all use a library for handling communication with the OpenID providers.

What I wanted was some code that demonstrated how it works. Not a pre-packaged library to code against. No, I wanted to see how the mechanisms worked so I could try it out in real life with my own code. After searching the web for hours, I finally gave up and started to look at the specs so I could write it myself from scratch. The specs are really hard to understand in terms of actual implementation. They say nothing about protocols and formats, which make it pretty hard to grasp.

After a few ours of hitting the wall with the specs in my hand, I finally found this CodePlex project that was abandoned in July 2007. For some reason, this particular project didn’t show up in Google, but I found it by searching the CodePlex site. It made it much easier to understand the mechanisms involved, but it was far from finished and way too complex for what it was trying to solve.

What is OpenID

If you don't know what OpenID is, then take a look at this short video that explains it very well.

The goal

My goal was simple. I wanted to be able to add support for OpenID authentication on existing websites. It means that I wanted to use a standard textbox for entering the OpenID into and a button that would start the whole authentication mechanism. In order to do that, I needed a class that would take care of the communication with the OpenID servers and handle the authentication for me.

So, I ended up with a single small class that can be dumped into any ASP.NET website. It handles the redirection to the OpenID provider and leaves the authentication handling up to the website, but provides all the relevant information for doing so. The class is called OpenID and is very short and simple.

Code example

If you don’t care about the code, but still wants to see how this baby works, check out my OpenID video. You can also download the small code sample at the bottom of the post.

For the following code sample, imaging you have a page called login.aspx. On that page is a textbox called txtOpenId and a button called btnLogon. The user enters his OpenID in the textbox and clicks the button. The event handler of the button’s click event now sends a login request to the OpenID class. The class then redirects the user to her OpenID provider website and is asked to confirm whether or not she will share her information. She accepts and is returned to the login.aspx page.

The login page now retrieves the information given by the OpenID provider from the class. Now the login page can have the information needed to perform the login. Here is the code-behind of the login.aspx.

protected void Page_Load(object sender, EventArgs e)

{

  if (OpenID.IsOpenIdRequest)

  {

    OpenIdData data =  OpenID.Authenticate();

    if (data.IsSuccess)

    {

      StringBuilder sb = new StringBuilder();

      sb.AppendFormat("email: {0}<br />", data.Parameters["email"]);

      sb.AppendFormat("fullname: {0}<br />", data.Parameters["fullname"]);

      sb.AppendFormat("country: {0}<br />", data.Parameters["country"]);

      sb.AppendFormat("phone: {0}<br />", data.Parameters["phone"]);

      sb.AppendFormat("language: {0}<br />", data.Parameters["language"]);

 

      Response.Write(sb.ToString());

    }

  }

 

  btnLogon.Click +=new EventHandler(btnLogon_Click);

}

 

void btnLogon_Click(object sender, EventArgs e)

{

  bool success = OpenID.Login(txtOpenId.Text, "email,fullname,phone", "country,language");

 

  if (!success)

  {

    Response.Write("The OpenID is not valid");

  }

}

I will display the OpenID class, but you can download it here. This example works even on localhost. You don’t need to be on a public IP to interact with OpenID providers.

More information

Download source

Download the code and place the OpenID.cs in the App_Code folder and the login.aspx anywhere in your ASP.NET website. 

I’ve been pretty annoyed about the fact that FireFox ignores the width property of the ASP.NET FileUpload control. It doesn’t matter if you set it by CSS or even in JavaScript, Firefox always ignores it and that results in a crippled layout since you have no control over the width of the upload input field. This actually has nothing to do with the FileUpload control, but with the rendered output of that control, which is just a standard <input type="file"...> field.

Here the width is set to 400px. The FileUpload control renders the Width attribute to the correct CSS style value of 400px at runtime.

[code:html]

<asp:FileUpload runat="server" ID="txtUpload" Width="400" />

[/code]

But as mentioned, Firefox totally ignores that. Then I remembered a forum thread I read some years ago about a size attribute. The only thing I could find was this list of available HTML attributes, but I gave it a try.

This is what I ended up with. The size attribute actually works in Firefox and IE ignores it, but adheres to the Width attribute instead.

[code:html]

<asp:FileUpload runat="server" ID="txtUpload" Width="400" size="50" />

[/code]

The size attribute determines the number of characters should be visible and then adjusts the width accordingly. It is not the same as setting a maximum length of the file name, so it doesn’t break anything.

You should think that since a size of 50 generates the same width as 400px that you could always just divide the width in pixels with 8 to find the equivalent size. That is not the case. You have to manually adjust every time until you find the right size value that matches the pixel width.

Don’t you just love these kinds of obscure browser differences?