DotNetOpenAuth中的OpenId查询长度问题？ [英] OpenId query length issue in DotNetOpenAuth?

问题描述

我使用DotnetOpenAuth，我需要使用SetCallbackArgument传递一些数据，但是问题是某些openId提供程序，例如
http://pip.verisignlabs.com/
http://clickpass.com/public/username
使用超过2048个字符的查询字符串重定向到我的网站，IIS可以应付。我得到404-找不到文件或目录。错误导致他们重定向太大。
在这种情况下该怎么办？

I use DotnetOpenAuth, i need to pass some data with SetCallbackArgument, but the problem is that some openId provider such as http://pip.verisignlabs.com/ http://clickpass.com/public/username redirect to my site with query string more than 2048 character and IIS can't handle it. I got 404 - File or directory not found. error cause that they redirect is too big. What should I do in this case?

推荐答案

OpenID规范指出，应使用太大的OpenID响应表单POST而不是301重定向有助于避免此问题。我不知道verisign或clickpass是否忽略了规范的这一部分。但是总的来说，您的回调参数应该简短些，以避免此类问题。当然，如果您的回调参数很大，则由于回调参数必须始终位于查询字符串中，因此无法期望它起作用。

The OpenID spec states that OpenID responses that are too large should use form POST instead of 301 redirects which helps to avoid this problem. I don't know if verisign or clickpass is neglecting that part of the spec or not. But in general your callback arguments should be kept short to avoid this kind of problem. And certainly if your callback argument is very large it could never be expected to work since the callback arguments must always be in the query string.

通常，如果您希望在用户返回时获得大量数据，则可以将其存储在db，用户会话或cookie中，并且仅在回调参数中存储对该数据的小引用。

Typically if you want a large bit of data available when the user returns, you can store it in a db, in the user session, or in a cookie, and only store a small reference to that data in the callback argument.

请记住，回调参数中的任何内容都应由用户，第三方（如果整个过程中未使用HTTPS）以及甚至可能被篡改都进行检查。 DNOA为回调参数提供可选的篡改保护，但不提供机密性。

Remember that anything in the callback argument is subject to inspection by the user, any third party if HTTPS isn't used for the whole thing, and even possible tampering. DNOA provides optional tampering protection for callback arguments, but not confidentiality.

这篇关于DotNetOpenAuth中的OpenId查询长度问题？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！