Menu
You've probably solved this before.
I need to be able to use open id in an environment that does not have session stickiness. The servers do preserve the headers.
I'm using ASP.NET MVC and dotNetOpenId version 3.2.0.9177. Although the authentication on the 3rd party web site goes without a hitch when returning the response I get an error and authentication fails.
Any thoughts?
474
Stateful
The most optimized method is to write a custom persistence store that implements IRelyingPartyApplicationStore for the "secrets" that OpenID RPs require, and pass your instance to the OpenIdRelyingParty(IRelyingPartyApplicationStore) constructor, or register it in your web.config file.
Stateless
A much easier solution that will suffice for most scenarios is to use stateless mode instead, so that no state needs to be shared across your web farm's servers.
You can activate stateless mode by instantiating OpenIdRelyingParty passing null in as your application store instance. Calling the default constructor will cause DNOA to use its in-memory store, which breaks on server farms, so the default constructor is insufficient.
Or if you're using the ASP.NET controls, just set Stateless = true on the control.
186
Here's how we're enabling stateless mode:
var uri = new Uri(Request.Url, Request.RawUrl);
var openid = new OpenIdRelyingParty(null, uri,
Request.HttpMethod == "GET" ? Request.QueryString : Request.Form);
Seems to work so far, though per Andrew there's a small performance hit. Not sure that matters since login is a fairly rare activity.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
