Comments on: No WWW http://blog.trevorpower.com/index.php/no-www/ Software development and other thoughts Tue, 22 Nov 2011 01:53:42 +0000 http://wordpress.org/?v=2.8.6 hourly 1 By: Trevor Power http://blog.trevorpower.com/index.php/no-www/comment-page-1/#comment-7 Trevor Power Sun, 09 Nov 2008 10:35:00 +0000 http://trevorpower.com/blog/?p=20#comment-7 Hi Andrew,<br/><br/>Thanks for the tip. I will make your suggested changes. But I will keep the redirect to avoid problems with the 'realm'. Hi Andrew,

Thanks for the tip. I will make your suggested changes. But I will keep the redirect to avoid problems with the ‘realm’.

]]> By: Andrew http://blog.trevorpower.com/index.php/no-www/comment-page-1/#comment-6 Andrew Sat, 08 Nov 2008 18:55:00 +0000 http://trevorpower.com/blog/?p=20#comment-6 Hi Trevor,<br/><br/>There shouldn't be a need to store what the OpenID the user typed in in your Session state. Instead, you should be looking at the IAuthenticationResponse's ClaimedIdentifier and FriendlyIdentifierForDisplay properties and using those when the user logs in. <br/>In general, you should never store the text value the user typed in because doing so introduces several security problems that could allow attackers to spoof identity of your users.<br/><br/>I would hope that would solve your www vs. no-www problem as well. Hi Trevor,

There shouldn’t be a need to store what the OpenID the user typed in in your Session state. Instead, you should be looking at the IAuthenticationResponse’s ClaimedIdentifier and FriendlyIdentifierForDisplay properties and using those when the user logs in.
In general, you should never store the text value the user typed in because doing so introduces several security problems that could allow attackers to spoof identity of your users.

I would hope that would solve your www vs. no-www problem as well.

]]>