开发者

DotNetOpenAuth IAuthenticationRequest member explanation request

开发者 https://www.devze.com 2023-01-29 12:24 出处:网络
I\'m beginning to use DotNetOpenAuth and want to understand what the following members of the IAuthenticationRequest interface are meant for and how they should be used:

I'm beginning to use DotNetOpenAuth and want to understand what the following members of the IAuthenticationRequest interface are meant for and how they should be used:

IsDelegatedIdentifier: bool
IsDirectedIdentity: bool
开发者_如何学Go

And from the inherited IHostProcessedRequest interface:

Immediate: bool

Please would someone provide a brief explanation? Thanks.


These are all concepts directly from the OpenID 2.0 spec, so you can refer there for the complete answer. And by the way there is a .chm doc file that is included with DotNetOpenAuth that documents these members as well.

But here is what you're asking for:

IsDelegatedIdentifier A value indicating whether the user is hosting his own OpenID identifier that then delegates to your Provider. Not usually something you need to do anything special for as DotNetOpenAuth takes care of everything for you. But in case you had a policy of disallowing delegation, this would provide the way.

IsDirectedIdentity A value indicating whether the user/RP already knows what claimed identifier they are expecting to get back. If false, they already know and you (the Provider) need to simply verify that the logged in user controls that identifier; if true you need as the Provider to determine which user is logged in, and set the ClaimedIdentifier property to a value appropriate for that user.

Immediate A value indicating whether you must make a decision immediately about approving or rejecting an RP request. If true you are not allowed to interact with the user, you may not display UI, you may only redirect back to the RP with your decision. If false you may ask the user to log in, ask them to confirm, etc. When in immediate mode, if you can't be sure who the user is or whether the user trusts the RP, you should always return a deny response.

IAnonymousRequest comes in instead of IAuthenticationRequest when the RP doesn't want a claimed identifier at all, but instead just want responses to OpenID request extensions that are included. In other words, they don't want to know who the user is, they just want to know something about them. These kinds of requests are described in the OpenID spec but are uncommon in practice, in fact most OpenID libraries don't even support them. DotNetOpenAuth does.

0

精彩评论

暂无评论...
验证码 换一张
取 消