我試圖用一個單一的HttpHandler來驗證用戶的開放ID和接收claimresponse幫助。初始身份驗證有效,但聲明響應沒有。我收到的錯誤是「這個網頁有一個重定向循環。」我究竟做錯了什麼?需要使用.NET的OpenID的HttpHandler
public class OpenIdLogin : IHttpHandler
{
private HttpContext _context = null;
public void ProcessRequest(HttpContext context)
{
_context = context;
var openid = new OpenIdRelyingParty();
var response = openid.GetResponse();
if (response == null)
{
// Stage 2: user submitting Identifier
openid.CreateRequest(context.Request.Form["openid_identifier"]).RedirectToProvider();
}
else
{
// Stage 3: OpenID Provider sending assertion response
switch (response.Status)
{
case AuthenticationStatus.Authenticated:
//FormsAuthentication.RedirectFromLoginPage(response.ClaimedIdentifier, false);
string identifier = response.ClaimedIdentifier;
//****** TODO only proceed if we don't have the user's extended info in the database **************
ClaimsResponse claim = response.GetExtension<ClaimsResponse>();
if (claim == null)
{
//IAuthenticationRequest req = openid.CreateRequest(identifier);
IAuthenticationRequest req = openid.CreateRequest(Identifier.Parse(identifier));
var fields = new ClaimsRequest();
fields.Email = DemandLevel.Request;
req.AddExtension(fields);
req.RedirectingResponse.Send(); //Is this correct?
}
else
{
context.Response.ContentType = "text/plain";
context.Response.Write(claim.Email); //claim.FullName;
}
break;
case AuthenticationStatus.Canceled:
//TODO
break;
case AuthenticationStatus.Failed:
//TODO
break;
}
}
}
謝謝!雖然,我還沒有測試過,但你的回答很有意義!那麼我需要做的是有一種機制,只要索賠一次,無論索賠請求是否成功。 – 2010-03-28 04:48:54