public override bool ValidateUser(string username, string password) { bool ret = true; try { Uri userUri = Utility.NormalizeIdentityUrl(username); HttpContext Context = HttpContext.Current; HttpSessionState Session = Context.Session; HttpRequest Request = Context.Request; HttpResponse Response = Context.Response; Janrain.OpenId.Consumer.Consumer consumer; if (consumerSession == null) { consumerSession = new Janrain.OpenId.Session.SimpleSessionState(); } consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession, Janrain.OpenId.Store.MemoryStore.GetInstance()); if (username != null) { try { AuthRequest request = consumer.Begin(userUri); // Build the trust root UriBuilder builder = new UriBuilder(Request.Url.AbsoluteUri); builder.Query = null; builder.Password = null; builder.UserName = null; builder.Fragment = null; builder.Path = Request.ApplicationPath; // The following approach does not append port 80 in the // no port case. string trustRoot = (new Uri(builder.ToString())).ToString(); // Build the return_to URL builder = new UriBuilder(Request.Url.AbsoluteUri); NameValueCollection col = new NameValueCollection(); col["ReturnUrl"] = Request.QueryString["ReturnUrl"]; builder.Query = Janrain.OpenId.UriUtil.CreateQueryString(col); Uri returnTo = new Uri(builder.ToString()); Uri redirectUrl = request.CreateRedirect(trustRoot, returnTo, AuthRequest.Mode.SETUP); // The following illustrates how to use SREG. String uriString = redirectUrl.AbsoluteUri + "&openid.sreg.optional=" + _optionalInformation; // Get the current page _loginURL = Context.Request.Url.AbsoluteUri; // Redirect the user to the OpenID provider Page Response.Redirect(uriString, true); } catch (System.Threading.ThreadAbortException) { // Consume. This is normal during redirect. } } else { ret = false; } } catch { return(false); } return(ret); }