Using OpenID for website Authentication

Question

I'd like to implement OpenID in a new application using ASP.NET 2.0 and SQL Server 2005.

I chosen Twitter, Facebook and Google as potential OpenID providers.

I've found the Twitter implementation in .NET and I was studying Google's OpenID implementation, but I want to make sure that my design is (mostly!) flawless.

1. Is my database schema correct? I've associated a Reader with an ProviderOpenID which contains only a nullable Name column. I store the OauthToken and use that at every request to gain access to his profile and verify the login. Am I missing something?

2. Can anyone tell me if there is an Open Source Library for the .NET implementation of the OpenID provider for Google? I found the following tutorial on Google but I don't understand how it works. Has anyone tried this? Is this the best way to do this?

Answer 1

Facebook and Twitter are not OpenID Providers. It looks like you've already found solutions to their proprietary mechanisms however. But I just wanted to clarify what it is and isn't.

Yes, Google is an OpenID Provider. And for ASP.NET 2.0 DotNetOpenId, which you linked to, is the way to go IMO. Don't mind the wiki (which was down at the time but is up now). That's to the new DotNetOpenAuth library which targets .NET 3.5. Since you're targeting .NET 2.0 specifically (is this intentional?) you need to go with the DotNetOpenId that is on the Google Code project site (http://dotnetopenid.googlecode.com/) and ignore the "We've Moved" link, since that leads you to the .NET 3.5 library. What you want is DotNetOpenId v2.5.5. It comes with samples that show you how to get OpenID going.

Note that Google has a few peculiarities with how they do OpenID, the most notable of which is that typing "google.com" as the openid identifier doesn't work (currently). You have to type the longer https://www.google.com/accounts/o8/id