ASP.Net核心OpenIdConnect Steam

Question

I'm trying to implement Steam OpenId into my ASP.Net Core application, and I don't have any previous experience implementing OpenID.
Unfortunately, Steam is massively lacking documentation on their side, and simply state "just download an OpenID library", and provide you with a page to register an API key for a domain name.

There are several implementations available for full ASP.Net, but not for Core, and it seems there are some differences.

I'm trying to use Microsoft.AspNetCore.Authentication.OpenIdConnect , though I am not entirely sure if this is the right library. It seems there is a difference between "OpenID" and " OpenID Connect ".

I've set up the authentication in my Startup.cs like so:

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    DisplayName = "Steam",
    Authority = "http://steamcommunity.com/openid",
    ClientId = "MyClientId",
    ClientSecret = "ApiKeyHere",
    SignInScheme = "SignInCookie",
    CallbackPath = new PathString("/Account/SteamCallback"),
    RequireHttpsMetadata = false
});

But as soon as I hit the sign-in page, which consists of an action returning a challenge:

public IActionResult SignIn()
{
    return Challenge();
}

I get the error

JsonReaderException: Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
Newtonsoft.Json.JsonTextReader.ParseValue() InvalidOperationException:
IDX10803: Unable to obtain configuration from: ' http://steamcommunity.com/openid/.well-known/openid-configuration '.

When I look at this URL, it seems to return XML data for the configuration of OpenID:

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
    <XRD>
        <Service priority="0">
            <Type>http://specs.openid.net/auth/2.0/server</Type>        
            <URI>https://steamcommunity.com/openid/login</URI>
        </Service>
    </XRD>
</xrds:XRDS>

But the OpenID spec states that this info should be in JSON .

Next I tried registering my own OpenIdConnectMiddleware , much like how this ASP.Net implemtation does it, however, this resulted in not being able to be constructed due to missing services that the OpenIdConnectMiddleware class requires:

System.InvalidOperationException: 'A suitable constructor for type 'TestApplication.SteamOpenId.SteamAuthenticationMiddleware' could not be located. Ensure the type is concrete and services are registered for all parameters of a public constructor.'

My implementation:

public class SteamAuthenticationMiddleware : OpenIdConnectMiddleware
{
    public SteamAuthenticationMiddleware(
        RequestDelegate next,
        IDataProtectionProvider dataProtectionProvider,
        ILoggerFactory loggerFactory,
        UrlEncoder encoder,
        IServiceProvider services,
        IOptions<SharedAuthenticationOptions> sharedOptions,
        IOptions<OpenIdConnectOptions> options,
        HtmlEncoder htmlEncoder) :
        base(
            next,
            dataProtectionProvider,
            loggerFactory,
            encoder,
            services,
            sharedOptions,
            options,
            htmlEncoder)
    {
    }

    protected override AuthenticationHandler<OpenIdConnectOptions> CreateHandler() => new SteamAuthenticationHandler();
}

I know this question isn't very specific, but can anyone point me in the right direction with this? I am a little stumped.

Answer 1

It seems there is a difference between "OpenID" and "OpenID Connect".

There is: OpenID 1/2 and OpenID Connect are totally different protocols.

Steam is still using OpenID 2.0 so you can't use ASP.NET Core's OpenID Connect middleware to authenticate your users using their Steam account, as the two protocols are not compatible/interoperable.

I know this question isn't very specific, but can anyone point me in the right direction with this? I am a little stumped.

The aspnet-contrib Steam middleware you've mentioned derives from a generic OpenID 2.0 provider specially developed for ASP.NET Core and thus is probably your best option (that said, I'm the guy who's written it, so I'm likely not objective).

You can find the package on NuGet.org: https://www.nuget.org/packages/AspNet.Security.OpenId.Steam/ .