Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

dotNetOpenAuth Samples issue getting the right security context

I'm going through the dotNetOpenAuth Samples (OpenIdRelyingPartyMVC and OpenIdProviderMvc) and come up to a question for better understanding...

In the MembersArea of the Relying Party App I use the OpenID "http://localhost:4864/user/bob3" for example. I get redirected to the Providers Login Page, where I use the credentials of Bob5 then. After successfully logged in, I get redirected back to the RelyingParty which says "Congratulations Bob3...".

Is this just a Binding Bug in the Relying Party App, which takes the OpenID which was submitted to the Provider, or am I authenticated in the security context of Bob3 with the credentials of Bob5 which would be an major security issue in my opinion, as I am able to authenticate as whoever I want just with one working user account at the provider.

like image 396
Jürgen Zornig Avatar asked Apr 20 '15 07:04

Jürgen Zornig


1 Answers

I think you are using an out-of-date branch which contains a security issue that was discovered 3 years ago:

http://www.zdnet.com/article/dotnet-projects-flawed-sample-code-has-crippling-authentication-exploit/

Code of the flawed controller: https://github.com/DotNetOpenAuth/DotNetOpenAuth.Samples/blob/master/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs

Fixed code: https://github.com/DotNetOpenAuth/DotNetOpenAuth/blob/develop/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs

Diff of the fix: https://github.com/DotNetOpenAuth/DotNetOpenAuth/commit/cdd3e95f4eac8076ffd78641bf4cf61d4422572a

It seems to me that the "master" branch is out of date, while the "develop" branch is the one that we should use.

like image 131
Thuan Avatar answered Oct 16 '22 10:10

Thuan