Limited Use OpenID

dotnetopenauthopenid

I'm looking to implement OpenID as a provider for a group of partner sites. The thing is this site is for kids (younger than 13) so I have business restrictions that need to be dealt with – mainly the account can't be used on any non-partner sites (we work with every approved partner to ensure they meet industry privacy/security regulations).

In the past we rolled our own membership and partner system but I want to move to an industry-accepted engine to make life easier for ourselves and our partners.

So, is there a built-in way to limit OpenID access to only some sites or would I need to do some deep code changes to the code and permissions to accomplish this?

Best Answer

Yes, absolutely. Based on your dotnetopenid tag I take it that's the library you're using, which is great. The IAuthenticationRequest that comes in has a Realm property on it. Use that to check that the Realm value appears on your whitelist of partner sites' realm URLs. If it does, go ahead through the normal authentication steps and set IAuthenticationRequest.IsAuthenticated to true and return. If the Realm is not recognized, then this < 13 year old is trying to use their OpenID to log into a non-partner site, and you can just set IsAuthenticated = false and return which will abort their login.

If you have further questions on your specific scenario feel free to email dotnetopenid@googlegroups.com

Related Topic