All geek questions in one place

Single OpenID through subdomains

I use OpenID just like here in StackOverflow to authenticate my users. However, I really need to be able to work with OpenID in all subdomains of my site.

The site behaves the same as Kijiji, as each region has its own subdomain.

  • calgary.example.com
  • toronto.example.com
  • vancouver.example.com
  • etc.

When a user logs in to calgary and later writes to toronto, they will be forced to "give permission" to the provider, which will lead to a new OpenID and, as a result, also to a new login.

My application may have several OpenIDs under one account, but this will become cumbersome to manage.

Is there a way to connect the provider with the top-level domain and subsequently work in all subdomains?

I am using DotNetOpenAuth.

It seems to me that I should always force the user to log in to http://example.com , and then use the domain = ".example.com" form authentication to allow navigation across all subdomains.

+4
source share
1 answer

Yes. Set the Realm property in the ASP.NET control or your IAuthenticationRequest (if you do this programmatically) to "https: //*.example.com". Note that the scheme can be http or https, but it must match any scheme in your ReturnTo property, which will be used by default by the scheme used in the current request.

Please note that if you have existing users from Google, this one-time change to your Kingdom will cause Google to generate all new identifiers for your users, so they will all lose access to their accounts. Therefore, it is very important to make a decision and keep a united Kingdom at all times, or you will have to jump over large hoops in order to later connect your users with their accounts when you change it.

But don't worry about the template itself. When you install https: //*.example.com as your area, all of your individual sites matching this template will receive the same Google ID.

+5
source

Source: https://habr.com/ru/post/1333751/

More articles:


All Articles