I'm developing a site that uses OpenID for authentication, which is working fine however... I often work on it while travelling without an internet connection. If the session expires and I need to login again, I can't until I have connectivity again.
What I'd like to do is setup a really dumb OpenID provider on a local IIS, that I can use to login while disconnected. By really dumb I mean just that - it just needs to be a hard coded URL that responds correctly as an openID provider and allows login.
I've had a quick look at the OpenIdProviderMvc sample included with DotNetOpenAuth, but it didn't compile out of the box (couldn't resolve assembly ApplicationServices). Before I dig in deeper, I thought someone might have already been through this process.
So I figured this out. The OpenIdProviderMvc sample project included in DotNetOpenAuth works fine.
Main thing that I got stuck on is that the relying party site needs to have localhost whitelisted as follows:
In the configSections section of web.config:
<section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true"/>
And this as a new config section:
<dotNetOpenAuth>
<messaging>
<untrustedWebRequest>
<whitelistHosts>
<add name="localhost" />
</whitelistHosts>
</untrustedWebRequest>
</messaging>
</dotNetOpenAuth>
If you're interested, I've also knocked together an even more dumbed down provider "localid" which let you login using an OpenID like this: http://localid/member/anythingyoulike. No login screens, just an infinite array of valid OpenID identifiers. More info here.