Elad Benda Elad Benda - 3 months ago 20
C# Question

Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks

We use

OpenAuthAuthentiocation.dll
and get the following warning:


Raising minimum OpenID version requirement for Providers to 2.0 to
protect this stateless RP from replay attacks


How can we fix it? How can I make this warning disappear?

Answer

You can make the warning disappear by raising the minimum OpenID version requirement for Providers to 2.0 yourself in your configuration file[semi-dead link].

<dotNetOpenAuth>
    <openid>
        <relyingParty>
            <security minimumRequiredOpenIdVersion="V20" />
        </relyingParty>
    </openid>
</dotNetOpenAuth>

The effect is the same on your RP, but since you're doing it yourself, DotNetOpenAuth won't warn you that it is doing it for you.

Comments