The number of applications which an average person uses has increased drastically over the years.An average user may have an official and personal email-id’s, Facebook id and lot many.Having so many different id’s has the implication of remembering too many passwords.Now if a user registers to more applications then there is always the risk and overhead of managing so many passwords.
The OpenID protocol requires identity providers to authenticate the end user instead of requiring the applications to do the authentication.For example a website may not directly authenticate the end user but will rather redirect the user to third party OpenID provider website for authentication.If the user is authenticated by OpenID provider then he is redirected back to the original site along with the authentication token.
The website doesn’t manage the user account information but rather fetches these details from the provider.
The main advantages of using the OpenID protocol are:
- User is not required to create a new set of credentials for the websites that he visits but can rather use the existing set of credentials.
- Website or the application is not required to manage the credentials of the user by implementing authentication in the application.
Implementation in MVC
To implement OpenID authentication in our MVC application we can use the DotNetOpenAuth library.We can install it using NuGet.But if we create a new MVC project using internet application template then the references are added by default:
If we are using any other project template then we can add the reference to the DotNetOpenAuth using the following command on the powershell console:
To validate the user we use the OpenIdRelyingParty class in the DotNetOpenAuth library.This method returns an IAuthenticationResponse instance which represents the Identity as verified by the provider.
Following are the main steps required to implement OpenID authentication using the DotNetOpenAuth library.
public ActionResult LogOn()
//1. create a new object for OpenID authentication
OpenIdRelyingParty openid = new OpenIdRelyingParty();
IAuthenticationResponse response = openid.GetResponse();
if (response == null)
//2.Submit the request to OpenID provider to authenticate the user
//3.following will create an identity from the string value in the form
if (Identifier.TryParse(Request.Form["UserId"], out id))
//4.create a new openId request
var request = openid.CreateRequest(
//5.Start the authentication process
//User is authenticated
//User is not authenticated
////User is not authenticated
There are many OpenID providers available today.Some of the main providers are:
Final specifications of OpenID Connect were launched in February , 2014.