public Yield UserLogin(DreamContext context, DreamMessage request, Result<DreamMessage> response) { string userSuppliedIdentifier = context.GetParam("url", null); if (String.IsNullOrEmpty(userSuppliedIdentifier)) { _log.Info("No identifier was specified"); throw new DreamBadRequestException("No identifier was specified."); } XUri returnUri = new XUri(context.GetParam("returnurl", null)); String realm = context.GetParam("realm", null); if (String.IsNullOrEmpty(realm)) { realm = returnUri.WithoutPathQueryFragment().ToString(); } IAuthenticationRequest openIdRequest; // dummy parameters required by DotNetOpenId 2.x; in 3.x, you can // just pass null to the OpenIdRelyingParty constructor. Uri identifierUri = new Uri(userSuppliedIdentifier); NameValueCollection queryCol = System.Web.HttpUtility.ParseQueryString(identifierUri.Query); OpenIdRelyingParty openid = new OpenIdRelyingParty(null, identifierUri, queryCol); // creating an OpenID request will authenticate that // the endpoint exists and is an OpenID provider. _log.DebugFormat("Creating OpenID request: identifier {0}, return URL {1}, realm {2}", userSuppliedIdentifier, returnUri.ToString(), realm); try { openIdRequest = openid.CreateRequest( userSuppliedIdentifier, realm, returnUri.ToUri()); } catch (OpenIdException ex) { _log.WarnFormat("'{0}' rejected as OpenID identifier: {1}", userSuppliedIdentifier, ex.Message); throw new DreamBadRequestException(string.Format("'{0}' is not a valid OpenID identifier. {1}", userSuppliedIdentifier, ex.Message)); } // Ask for the e-mail address on this request. // Use both SREG and AX, to increase the odds of getting it. openIdRequest.AddExtension(new ClaimsRequest{ Email = DemandLevel.Require, }); var fetch = new FetchRequest(); fetch.AddAttribute(new AttributeRequest(WellKnownAttributes.Contact.Email, true)); openIdRequest.AddExtension(fetch); // The RedirectingResponse either contains a "Location" header for // a HTTP GET, which will return in the response as 'endpoint', or // a HTML FORM which needs to be displayed to the user, which will // return in the response as 'form'. IResponse wr = openIdRequest.RedirectingResponse; XDoc result = new XDoc("openid"); if (String.IsNullOrEmpty(wr.Headers["Location"])) { System.Text.UTF8Encoding enc = new System.Text.UTF8Encoding(); string formBody = enc.GetString(wr.Body); _log.DebugFormat("OpenID redirect by HTML FORM: {0}", formBody); result.Attr("form", formBody); } else { string redirectUrl = wr.Headers["Location"]; _log.DebugFormat("OpenID redirect URL: {0}", redirectUrl); result.Attr("endpoint", redirectUrl); } response.Return(DreamMessage.Ok(result)); yield break; }