tag:blogger.com,1999:blog-68945522010-02-05T18:11:05.819-08:00JMPInlineRead up on .NET news, tips, cautions... and other areas of technological interest.Andrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.comBlogger13812547.71828-122.197026This is an XML content feed. It is intended to be viewed in a newsreader or syndicated to another site, subject to copyright and fair use.tag:blogger.com,1999:blog-6894552.post-46430785075061587682010-01-16T08:49:00.001-08:002010-01-16T08:49:23.329-08:002010-01-16T08:49:23.329-08:00DotNetOpenAuth’s “call home” reportingAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0A few months ago I asked how people would feel if DotNetOpenAuth collected feature statistics and sent them back to the library's authors so we get a better feel for what features are used, errors that are common.  The feedback I got was positive, so v3.4 has reporting turned on by default, but you can opt out either entirely or just omit certain details from the report by adding some simple tags<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=fmSVnuT69dY:rACK6h3yHpo:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=fmSVnuT69dY:rACK6h3yHpo:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=fmSVnuT69dY:rACK6h3yHpo:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=fmSVnuT69dY:rACK6h3yHpo:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=fmSVnuT69dY:rACK6h3yHpo:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=fmSVnuT69dY:rACK6h3yHpo:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=fmSVnuT69dY:rACK6h3yHpo:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=fmSVnuT69dY:rACK6h3yHpo:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/fmSVnuT69dY" height="1" width="1"/>http://blog.nerdbank.net/2010/01/dotnetopenauths-call-home-reporting.htmltag:blogger.com,1999:blog-6894552.post-83603484616709802492010-01-15T15:20:00.001-08:002010-01-16T08:50:28.409-08:002010-01-16T08:50:28.409-08:00DotNetOpenAuth v3.4 now availableAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0You can go download DotNetOpenAuth v3.4 today.  Highlights of the new version include: Support for Google Apps for Domains issued OpenIDs.  This required special work since Google has their own flavor of OpenID discovery that had to be supported until something like Google’s scenario get’s standardized. Identifier discovery extensibility (this is how Google Apps support was enabled, but <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ihyTDHYwo8A:HZAD1zWK7zo:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=ihyTDHYwo8A:HZAD1zWK7zo:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ihyTDHYwo8A:HZAD1zWK7zo:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ihyTDHYwo8A:HZAD1zWK7zo:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=ihyTDHYwo8A:HZAD1zWK7zo:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ihyTDHYwo8A:HZAD1zWK7zo:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=ihyTDHYwo8A:HZAD1zWK7zo:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ihyTDHYwo8A:HZAD1zWK7zo:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/ihyTDHYwo8A" height="1" width="1"/>http://blog.nerdbank.net/2010/01/dotnetopenauth-v34-now-available.htmltag:blogger.com,1999:blog-6894552.post-32588012727324756062009-12-08T12:12:00.001-08:002009-12-08T12:12:21.055-08:002009-12-08T12:12:21.055-08:00Rest in peace, ExtremeSwank OpenID and OAuthAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0ExtremeSwankOpenID and ExtremeSwankOAuth, both libraries authored by John Ehn, have been discontinued according to the project sites respective home pages which have a new note that reads: “Note: This … Consumer is no longer in development.” ExtremeSwankOpenID was stagnant in development lately, and when a recent OpenID vulnerability was identified as impacting the ExtremeSwankOpenID library due<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=HAE3TTevwks:p2rh91j9dPs:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=HAE3TTevwks:p2rh91j9dPs:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=HAE3TTevwks:p2rh91j9dPs:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=HAE3TTevwks:p2rh91j9dPs:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=HAE3TTevwks:p2rh91j9dPs:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=HAE3TTevwks:p2rh91j9dPs:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=HAE3TTevwks:p2rh91j9dPs:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=HAE3TTevwks:p2rh91j9dPs:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/HAE3TTevwks" height="1" width="1"/>http://blog.nerdbank.net/2009/12/rest-in-peace-extremeswank-openid-and.htmltag:blogger.com,1999:blog-6894552.post-58605118183646169082009-12-03T01:23:00.001-08:002009-12-03T01:25:39.973-08:002009-12-03T01:25:39.973-08:00DotNetOpenAuth v3.3 is releasedAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com6It’s been nearly six months since v3.2 was released.  So what’s in v3.3 that took so long to bake?  Well, a lot of it was waiting for and getting used to Code Contracts to mature enough to bet on the technology.  The most exciting changes though are the new OpenIdSelector control, and the new project template that helps you get going fast and strong with a new web site that accepts OpenID and/<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=m8OLQRFSZRk:qLx-hHnv-uQ:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=m8OLQRFSZRk:qLx-hHnv-uQ:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=m8OLQRFSZRk:qLx-hHnv-uQ:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=m8OLQRFSZRk:qLx-hHnv-uQ:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=m8OLQRFSZRk:qLx-hHnv-uQ:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=m8OLQRFSZRk:qLx-hHnv-uQ:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=m8OLQRFSZRk:qLx-hHnv-uQ:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=m8OLQRFSZRk:qLx-hHnv-uQ:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/m8OLQRFSZRk" height="1" width="1"/>http://blog.nerdbank.net/2009/12/dotnetopenauth-v33-is-released.htmltag:blogger.com,1999:blog-6894552.post-57879164461474125722009-10-22T15:57:00.001-07:002009-10-22T15:57:44.216-07:002009-10-22T15:57:44.216-07:00Feedback requested: New OpenID RP login UX prototypeAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com4OpenID RP login UX Live demo location: http://openidux.dotnetopenauth.net/ Design considerations The DNOA login UX design document contains the design spec, and some of the reasoning that went into that design. One high-level goal of all this work is to produce a set of HTML, CSS, and JS files that can work on any web platform, so that ruby, python, php, coldfusion, and (of course) ASP.NET <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=-23YGt-4310:9F9XtGz4-1I:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=-23YGt-4310:9F9XtGz4-1I:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=-23YGt-4310:9F9XtGz4-1I:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=-23YGt-4310:9F9XtGz4-1I:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=-23YGt-4310:9F9XtGz4-1I:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=-23YGt-4310:9F9XtGz4-1I:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=-23YGt-4310:9F9XtGz4-1I:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=-23YGt-4310:9F9XtGz4-1I:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/-23YGt-4310" height="1" width="1"/>http://blog.nerdbank.net/2009/10/feedback-requested-new-openid-rp-login.htmltag:blogger.com,1999:blog-6894552.post-26775415549013988472009-10-10T15:57:00.002-07:002009-10-13T15:28:49.820-07:002009-10-13T15:28:49.820-07:00Minify your EmbeddedResource .js and .css files in your MSBuild projectAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com1If you write a C# or VB.NET class library that contains ASP.NET controls that also have .js or .css files embedded in your assembly, you probably want to minify those files for optimal download size in production, but keep the files readable for coding and debugging. What if you could add a single <Import&gt; to your class library’s project file that would automatically minify these files in <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ftINBIm0z1Y:40CCPlAS9Gg:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=ftINBIm0z1Y:40CCPlAS9Gg:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ftINBIm0z1Y:40CCPlAS9Gg:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ftINBIm0z1Y:40CCPlAS9Gg:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=ftINBIm0z1Y:40CCPlAS9Gg:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ftINBIm0z1Y:40CCPlAS9Gg:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=ftINBIm0z1Y:40CCPlAS9Gg:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=ftINBIm0z1Y:40CCPlAS9Gg:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/ftINBIm0z1Y" height="1" width="1"/>http://blog.nerdbank.net/2009/10/minify-your-embeddedresource-js-and-css.htmltag:blogger.com,1999:blog-6894552.post-5597638198218960162009-10-09T11:22:00.001-07:002009-10-09T12:08:31.418-07:002009-10-09T12:08:31.418-07:00VS2008 project template for OpenID and InfoCard relying partiesAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com3I finally built a project template to make it easier to write an OpenID relying party web site using C# and ASP.NET.  Up to this point all we had were the sample RPs that ship with DotNetOpenAuth, which were deliberately kept simple.  They didn’t use a real database, didn’t follow some best practices, and weren’t very real.  Now you can start your next web site with OpenID and InfoCard logins <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Rm26dfekG7c:IysmceoA8Qc:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Rm26dfekG7c:IysmceoA8Qc:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Rm26dfekG7c:IysmceoA8Qc:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Rm26dfekG7c:IysmceoA8Qc:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Rm26dfekG7c:IysmceoA8Qc:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Rm26dfekG7c:IysmceoA8Qc:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Rm26dfekG7c:IysmceoA8Qc:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Rm26dfekG7c:IysmceoA8Qc:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/Rm26dfekG7c" height="1" width="1"/>http://blog.nerdbank.net/2009/10/vs2008-project-template-for-openid-and.htmltag:blogger.com,1999:blog-6894552.post-4633302104963487332009-09-25T21:47:00.001-07:002009-09-25T21:47:43.712-07:002009-09-25T21:47:43.712-07:00Optimal OpenID UX finally underwayAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com2I’m finally making progress on building a set of HTML and javascript files that can be used on any OpenID relying party web site to allow visitors to easily log in with OpenID, without even knowing what OpenID is.  I mentioned my goal to do this some time ago, and now I have a small partially functional prototype.  Please try it out, and keep coming back and letting me know what you think of it <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=EJ-ph-wW6ss:kUDdOy14KYU:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=EJ-ph-wW6ss:kUDdOy14KYU:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=EJ-ph-wW6ss:kUDdOy14KYU:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=EJ-ph-wW6ss:kUDdOy14KYU:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=EJ-ph-wW6ss:kUDdOy14KYU:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=EJ-ph-wW6ss:kUDdOy14KYU:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=EJ-ph-wW6ss:kUDdOy14KYU:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=EJ-ph-wW6ss:kUDdOy14KYU:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/EJ-ph-wW6ss" height="1" width="1"/>http://blog.nerdbank.net/2009/09/optimal-openid-ux-finally-underway.htmltag:blogger.com,1999:blog-6894552.post-17521871039534604652009-09-07T16:20:00.001-07:002009-09-07T16:20:17.959-07:002009-09-07T16:20:17.959-07:00How to easily fetch OpenID attributes, regardless of the ProviderAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0In a previous article, I bemoan the pain of writing an OpenID Relying Party that wants to fetch user attributes from their OpenID Provider, because of the at least 4 ways in which those attributes must be requested.  And then later I promised that DotNetOpenAuth would offer help to alleviate that pain.  That help has come.  It actually came way back on June 26, 2009.  But only now did I <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XR1ybdKL2JA:jAD80MlkTJA:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XR1ybdKL2JA:jAD80MlkTJA:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XR1ybdKL2JA:jAD80MlkTJA:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XR1ybdKL2JA:jAD80MlkTJA:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XR1ybdKL2JA:jAD80MlkTJA:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XR1ybdKL2JA:jAD80MlkTJA:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XR1ybdKL2JA:jAD80MlkTJA:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XR1ybdKL2JA:jAD80MlkTJA:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/XR1ybdKL2JA" height="1" width="1"/>http://blog.nerdbank.net/2009/09/how-to-easily-fetch-openid-attributes.htmltag:blogger.com,1999:blog-6894552.post-22538507658289539162009-06-27T08:04:00.001-07:002009-06-27T08:04:21.345-07:002009-06-27T08:04:21.345-07:00DotNetOpenAuth v3.2 is doneAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com9DotNetOpenAuth v3.2 just came off the presses.  Lots of feature work and a few interop fixes in this release.  The biggest highlights being: Very simple story for both RPs and OPs interested in interoperating with others whether they use sreg or one of the several AX formats (finally!) OAuth 1.0a support PPID generation for OPs to protect customers' privacy. Go download it. As <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=h_IHh0wyms0:JRYCw-SE6xA:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=h_IHh0wyms0:JRYCw-SE6xA:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=h_IHh0wyms0:JRYCw-SE6xA:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=h_IHh0wyms0:JRYCw-SE6xA:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=h_IHh0wyms0:JRYCw-SE6xA:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=h_IHh0wyms0:JRYCw-SE6xA:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=h_IHh0wyms0:JRYCw-SE6xA:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=h_IHh0wyms0:JRYCw-SE6xA:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/h_IHh0wyms0" height="1" width="1"/>http://blog.nerdbank.net/2009/06/dotnetopenauth-v32-is-done.htmltag:blogger.com,1999:blog-6894552.post-44145999076836888722009-06-24T20:37:00.001-07:002009-06-24T20:37:38.784-07:002009-06-24T20:37:38.784-07:00How to get ILMerge to work with .PFX filesAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com1ILMerge is an excellent tool for “linking” multiple assemblies into one.  But one of its switches, /keyfile:, which allows it to sign the resulting merged assembly, only accepts .snk files.  It reports no error if you feed it a password-protected .pfx key-pair file, but the resulting assembly is invalid.  &gt;ilmerge /keyfile:some.pfx /out:merged\some.dll some.dll someother.dll &gt;sn -v merged\<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=FbBKBOcTons:LhjI0wpgx3Y:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=FbBKBOcTons:LhjI0wpgx3Y:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=FbBKBOcTons:LhjI0wpgx3Y:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=FbBKBOcTons:LhjI0wpgx3Y:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=FbBKBOcTons:LhjI0wpgx3Y:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=FbBKBOcTons:LhjI0wpgx3Y:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=FbBKBOcTons:LhjI0wpgx3Y:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=FbBKBOcTons:LhjI0wpgx3Y:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/FbBKBOcTons" height="1" width="1"/>http://blog.nerdbank.net/2009/06/how-to-get-ilmerge-to-work-with-pfx.htmltag:blogger.com,1999:blog-6894552.post-46631813563322106172009-06-20T07:23:00.001-07:002009-06-20T07:23:20.859-07:002009-06-20T07:23:20.859-07:00Help is coming for the Sreg/AX interop problem for OpenIDAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com2Just to get your mouth watering for DotNetOpenAuth v3.2... V3.2 has a new "behaviors" plugin capability that lets RPs and OPs get additional functionality with very little effort.  For example, OPs can add PPID identifier support very easily with just a few lines of code.  But of most interest I suspect is the sreg/AX interop behavior, which if activated in your web.config file (1 line), will <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=B_LgVgQFaCE:jv70TF9MI4M:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=B_LgVgQFaCE:jv70TF9MI4M:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=B_LgVgQFaCE:jv70TF9MI4M:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=B_LgVgQFaCE:jv70TF9MI4M:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=B_LgVgQFaCE:jv70TF9MI4M:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=B_LgVgQFaCE:jv70TF9MI4M:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=B_LgVgQFaCE:jv70TF9MI4M:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=B_LgVgQFaCE:jv70TF9MI4M:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/B_LgVgQFaCE" height="1" width="1"/>http://blog.nerdbank.net/2009/06/help-is-coming-for-sregax-interop.htmltag:blogger.com,1999:blog-6894552.post-91724576770128458432009-06-12T15:49:00.001-07:002009-06-12T15:50:38.494-07:002009-06-12T15:50:38.494-07:00Reverse engineering ASP.NET Membership passwords and saltsAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com2I’m working on a project that was using the ASP.NET SQL Membership and I needed to remove the Membership provider from the system since we wanted more control over the user tables.  Our existing users had passwords that ASP.NET Membership had hashed and salted, and we needed to be able to maintain those user accounts, which means we have to be able to validate logins against the salted passwords.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=QrIWS02DAEc:mFHK70YdVMs:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=QrIWS02DAEc:mFHK70YdVMs:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=QrIWS02DAEc:mFHK70YdVMs:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=QrIWS02DAEc:mFHK70YdVMs:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=QrIWS02DAEc:mFHK70YdVMs:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=QrIWS02DAEc:mFHK70YdVMs:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=QrIWS02DAEc:mFHK70YdVMs:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=QrIWS02DAEc:mFHK70YdVMs:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/QrIWS02DAEc" height="1" width="1"/>http://blog.nerdbank.net/2009/06/reverse-engineering-aspnet-membership.htmltag:blogger.com,1999:blog-6894552.post-5198037601224362802009-05-26T17:03:00.001-07:002009-05-26T17:06:45.563-07:002009-05-26T17:06:45.563-07:00Caching results of .NET IEnumerable<T> generator methodsAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0If you're already familiar with generator methods and want to jump to intelligent caching of their results, skip further down in this blog post. In C#, generator methods are methods that use yield return to return an IEnumerable<T&gt; where the elements enumerated over are generated on-demand.  These are useful for a couple of scenarios.  One is deferred execution – not doing work until you <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XTGXyXcUfIo:mqfROuMzX5c:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XTGXyXcUfIo:mqfROuMzX5c:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XTGXyXcUfIo:mqfROuMzX5c:G79ilh31hkQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=G79ilh31hkQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XTGXyXcUfIo:mqfROuMzX5c:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XTGXyXcUfIo:mqfROuMzX5c:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XTGXyXcUfIo:mqfROuMzX5c:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XTGXyXcUfIo:mqfROuMzX5c:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XTGXyXcUfIo:mqfROuMzX5c:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/XTGXyXcUfIo" height="1" width="1"/>http://blog.nerdbank.net/2009/05/caching-results-of-net-ienumerable.htmltag:blogger.com,1999:blog-6894552.post-62771297819470550452009-05-11T16:59:00.002-07:002009-05-12T08:47:23.962-07:002009-05-12T08:47:23.962-07:00Uri.EscapeDataPath and HttpUtility.UrlEncode are NOT the sameAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com2For some reason Microsoft defined URI escaping twice: Uri.EscapeDataString and HttpUtility.UrlEncode seem to cover the same need. There’s another pair: Uri.EscapeUriString and HttpUtility.UrlPathEncode which again seem to be redundant with each other. But in particular I found a small difference in behavior between the first two methods that should be called out. <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=OzMCzuzk_QI:2opIDFKJ-nU:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=OzMCzuzk_QI:2opIDFKJ-nU:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=OzMCzuzk_QI:2opIDFKJ-nU:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=OzMCzuzk_QI:2opIDFKJ-nU:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=OzMCzuzk_QI:2opIDFKJ-nU:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=OzMCzuzk_QI:2opIDFKJ-nU:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=OzMCzuzk_QI:2opIDFKJ-nU:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/OzMCzuzk_QI" height="1" width="1"/>http://blog.nerdbank.net/2009/05/uriescapedatapath-and.htmltag:blogger.com,1999:blog-6894552.post-37472449495454472392009-04-21T11:23:00.001-07:002009-04-21T18:32:10.531-07:002009-04-21T18:32:10.531-07:00Recent OpenID relying party vulnerabilitiesAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0The OSIS I5 OpenID interop testing is well underway.  Last weekend while testing some OpenID relying party web sites, John Bradley happened upon a web site that failed a particularly alarming test.  Further investigation revealed that the security hole affected all OpenID relying parties based on Janrain’s Ruby OpenID library.  Perhaps Janrain is using its Ruby library for RPXNow, because I <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=AW6m_6GqOLU:LLXgT242y9w:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=AW6m_6GqOLU:LLXgT242y9w:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=AW6m_6GqOLU:LLXgT242y9w:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=AW6m_6GqOLU:LLXgT242y9w:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=AW6m_6GqOLU:LLXgT242y9w:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=AW6m_6GqOLU:LLXgT242y9w:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=AW6m_6GqOLU:LLXgT242y9w:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/AW6m_6GqOLU" height="1" width="1"/>http://blog.nerdbank.net/2009/04/recent-openid-relying-party.htmltag:blogger.com,1999:blog-6894552.post-90822934041608205922009-04-16T11:40:00.001-07:002009-04-16T11:40:01.509-07:002009-04-16T11:40:01.509-07:00DotNetOpenAuth 3.0 releasedAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com1Download it now. Previously named DotNetOpenId in its v1.x and 2.x releases, the v3.0 release is rechristened DotNetOpenAuth to reflect its support for multiple authentication and authorization protocols.  Sporting OpenID, OAuth and InfoCard support in its initial incarnation, it has been re-architected and largely rewritten to make adding more protocols fast and less error-prone. Even if you’<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XQerRr-3pSI:YBpzvjc_9yo:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XQerRr-3pSI:YBpzvjc_9yo:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XQerRr-3pSI:YBpzvjc_9yo:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XQerRr-3pSI:YBpzvjc_9yo:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XQerRr-3pSI:YBpzvjc_9yo:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=XQerRr-3pSI:YBpzvjc_9yo:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=XQerRr-3pSI:YBpzvjc_9yo:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/XQerRr-3pSI" height="1" width="1"/>http://blog.nerdbank.net/2009/04/dotnetopenauth-30-released.htmltag:blogger.com,1999:blog-6894552.post-19795168951006298052009-03-30T15:15:00.001-08:002009-03-30T15:15:28.004-08:002009-03-30T15:15:28.004-08:00How to pretty much guarantee that you might get an email address with OpenIDAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com1OpenID itself is just an authentication protocol.  It takes OpenID extensions to get more information about the user like their name or email address.  In fact there are two popular extensions that can provide this kind of information: Simple Registration (sreg) and Attribute Exchange (AX).  A web site that wants to accept OpenID logins (this site is called a relying party, or “RP”) and also <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=obXQM-giyn0:7XePlesnMxg:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=obXQM-giyn0:7XePlesnMxg:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=obXQM-giyn0:7XePlesnMxg:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=obXQM-giyn0:7XePlesnMxg:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=obXQM-giyn0:7XePlesnMxg:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=obXQM-giyn0:7XePlesnMxg:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=obXQM-giyn0:7XePlesnMxg:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/obXQM-giyn0" height="1" width="1"/>http://blog.nerdbank.net/2009/03/how-to-pretty-much-guarantee-that-you.htmltag:blogger.com,1999:blog-6894552.post-65359094261244998692009-03-16T13:10:00.001-08:002009-03-16T13:10:22.206-08:002009-03-16T13:10:22.206-08:00Need access to that internal? Don’t touch that dial!Andrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0The blessing and curse of open source is that the source can be easily changed.  Internal types and members don’t need to be backward compatible with previous versions. This makes fixing bugs and feature enhancements much easier in future versions of the software.  Making types and members internal cuts down on documentation that must be written, read and maintained.  It protects callers from <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=O9c7Sq9cMnM:8UCX8Fz0gmk:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=O9c7Sq9cMnM:8UCX8Fz0gmk:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=O9c7Sq9cMnM:8UCX8Fz0gmk:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=O9c7Sq9cMnM:8UCX8Fz0gmk:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=O9c7Sq9cMnM:8UCX8Fz0gmk:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=O9c7Sq9cMnM:8UCX8Fz0gmk:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=O9c7Sq9cMnM:8UCX8Fz0gmk:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/O9c7Sq9cMnM" height="1" width="1"/>http://blog.nerdbank.net/2009/03/need-access-to-that-internal-dont-touch.htmltag:blogger.com,1999:blog-6894552.post-41997508722842304692009-03-11T20:47:00.001-08:002009-03-11T20:47:26.342-08:002009-03-11T20:47:26.342-08:00DotNetOpenAuth 3.0 Beta 2 releasedAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0DotNetOpenAuth, previously named DotNetOpenId, is getting nearer to its major 3.0 release.   With beta 2, we have a security reviewed, feature complete library for .NET use of the OAuth and OpenID protocols.  Although Beta 1 was very rough and was not recommended for use in production, Beta 2 has passed enough security, interop and stability tests to warrant live web sites to use this version.<div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Xw3fkvjy680:wgWeA6_sTMs:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Xw3fkvjy680:wgWeA6_sTMs:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Xw3fkvjy680:wgWeA6_sTMs:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Xw3fkvjy680:wgWeA6_sTMs:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Xw3fkvjy680:wgWeA6_sTMs:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Xw3fkvjy680:wgWeA6_sTMs:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Xw3fkvjy680:wgWeA6_sTMs:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/Xw3fkvjy680" height="1" width="1"/>http://blog.nerdbank.net/2009/03/dotnetopenauth-30-beta-2-released.htmltag:blogger.com,1999:blog-6894552.post-85849061557935224492009-03-07T21:34:00.001-08:002009-03-07T21:34:32.578-08:002009-03-07T21:34:32.578-08:00Replay protection for OpenID 1.x relying partiesAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0If you’re writing an OpenID Provider, you should have a strong appreciation for the security of your customers’ identities that you will be protecting.  One aspect of that protection is against replay attacks, where a man-in-the-middle sniffs the identity assertion from a Provider and replays it against the same relying party and manages to log in as the victim.  OpenID 2.0 provides built-in <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=UXs9UQdgeMY:1UN75etIiAE:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=UXs9UQdgeMY:1UN75etIiAE:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=UXs9UQdgeMY:1UN75etIiAE:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=UXs9UQdgeMY:1UN75etIiAE:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=UXs9UQdgeMY:1UN75etIiAE:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=UXs9UQdgeMY:1UN75etIiAE:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=UXs9UQdgeMY:1UN75etIiAE:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/UXs9UQdgeMY" height="1" width="1"/>http://blog.nerdbank.net/2009/03/replay-protection-for-openid-1x-relying.htmltag:blogger.com,1999:blog-6894552.post-76567719007511079832009-03-07T21:14:00.001-08:002009-03-07T21:14:22.017-08:002009-03-07T21:14:22.017-08:00OpenID association poisoningAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0As part of the OpenID protocol a relying party often establishes shared secrets (called ‘associations’) with identity providers that are used to verify identity assertions.  It occurred to me that an OpenID relying party might easily introduce a major security hole in the process of establishing an association that could allow identity spoofing. Each association is assigned a handle, which is a <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=efdjYA48e2M:ZdIyEmFsgl8:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=efdjYA48e2M:ZdIyEmFsgl8:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=efdjYA48e2M:ZdIyEmFsgl8:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=efdjYA48e2M:ZdIyEmFsgl8:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=efdjYA48e2M:ZdIyEmFsgl8:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=efdjYA48e2M:ZdIyEmFsgl8:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=efdjYA48e2M:ZdIyEmFsgl8:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/efdjYA48e2M" height="1" width="1"/>http://blog.nerdbank.net/2009/03/openid-association-poisoning.htmltag:blogger.com,1999:blog-6894552.post-1878752987155239662009-02-28T19:35:00.001-08:002009-02-28T19:35:38.290-08:002009-02-28T19:35:38.290-08:00Fixing the OpenID login user experienceAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com9The user experience of OpenID at Relying Party web sites is so important to get right.  OpenID is right for your web site's visitors – no doubt in my mind about that.  But we need to make sure it's very easy for your visitors to use so you don’t lose them when they've been pre-wired for the password anti-pattern.  Several big companies like Yahoo and Google have invested a lot of effort into <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Wm0QCz-jLcY:t5RXIJlAjPI:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Wm0QCz-jLcY:t5RXIJlAjPI:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Wm0QCz-jLcY:t5RXIJlAjPI:gIN9vFwOqvQ"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Wm0QCz-jLcY:t5RXIJlAjPI:gIN9vFwOqvQ" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Wm0QCz-jLcY:t5RXIJlAjPI:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Jmpinline?i=Wm0QCz-jLcY:t5RXIJlAjPI:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Jmpinline?a=Wm0QCz-jLcY:t5RXIJlAjPI:cGdyc7Q-1BI"><img src="http://feeds.feedburner.com/~ff/Jmpinline?d=cGdyc7Q-1BI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/Wm0QCz-jLcY" height="1" width="1"/>http://blog.nerdbank.net/2009/02/fixing-openid-login-user-experience.htmltag:blogger.com,1999:blog-6894552.post-81012427826984931782009-02-04T22:21:00.001-08:002009-02-04T22:21:41.103-08:002009-02-04T22:21:41.103-08:00DotNetOpenId v3.0 Beta 1 releasedAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com2Tonight DotNetOpenId, soon to be renamed DotNetOpenAuth, released beta 1 of the major v3.0 release.  You can download the bits from Ohloh.  Although downloads should remember that as a beta this version should not be used in production, there are several new features that should be worth investigating and building a web application around while the final release is still in development: OAuth<div class="feedflare"> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=k3bw1Wwa"><img src="http://feeds.feedburner.com/~f/Jmpinline?i=k3bw1Wwa" border="0"></img></a> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=2BQJbCJO"><img src="http://feeds.feedburner.com/~f/Jmpinline?i=2BQJbCJO" border="0"></img></a> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=P8yioW7O"><img src="http://feeds.feedburner.com/~f/Jmpinline?i=P8yioW7O" border="0"></img></a> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=UsRxCboq"><img src="http://feeds.feedburner.com/~f/Jmpinline?d=131" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/NRlaONUHmRw" height="1" width="1"/>http://blog.nerdbank.net/2009/02/dotnetopenid-v30-beta-1-released.htmltag:blogger.com,1999:blog-6894552.post-59282352895475191372009-02-02T07:00:00.001-08:002009-02-02T07:00:52.690-08:002009-02-02T07:00:52.690-08:00DotNetOpenId is looking for a new homeAndrewhttp://www.blogger.com/profile/13632400519774640095noreply@blogger.com0DotNetOpenId started on Google Code.  But we’re outgrowing it.  We’d like to move to a shared hosting server where we can have automated tests, nightly builds, and a better web site and online documentation.  This new web site will cost real money though, which is beyond my FOSS-hobby budget. Please if you like DotNetOpenId, consider making a donation toward making this happen! <div class="feedflare"> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=s9wAQilX"><img src="http://feeds.feedburner.com/~f/Jmpinline?i=s9wAQilX" border="0"></img></a> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=dl2R3GR3"><img src="http://feeds.feedburner.com/~f/Jmpinline?i=dl2R3GR3" border="0"></img></a> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=IQsXZt7u"><img src="http://feeds.feedburner.com/~f/Jmpinline?i=IQsXZt7u" border="0"></img></a> <a href="http://feeds.feedburner.com/~f/Jmpinline?a=x1sxvLBy"><img src="http://feeds.feedburner.com/~f/Jmpinline?d=131" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Jmpinline/~4/WluynKUr_1Y" height="1" width="1"/>http://blog.nerdbank.net/2009/02/dotnetopenid-is-looking-for-new-home.html