6

This has already been asked Here, but not by me and the OP accepted an answer which did not help me. Thus far, I've tried logging in from different browsers, changing the web config, clearing cookies, and loading from an external machine.

In fact, I eventually did discover that the problem is specific to my own machine; when I published to another machine, it worked fine. Any suggestions for where to look for solutions? I deliberately used the simplest test code I could think of, a clean empty aspx page and a simple Page_Load function.

Edit: To clarify, like the author of the original question, I am getting a "This message has already been processed" error. This is printed out to screen with Response.Write(response.Exception.ToString());. I believe the issue is configuration-related, unlike the other author, since the symptoms only show up on my local box. Note that the symptoms are independent of whether I test on the same box as the code is running on.

 protected void Page_Load(object sender, EventArgs e) { using (OpenIdRelyingParty openid = new OpenIdRelyingParty()) { IAuthenticationResponse response = openid.GetResponse(); if (response != null) { try { Response.Write(response.Exception.ToString()); } catch (Exception) { } return; } } using (OpenIdRelyingParty openid = new OpenIdRelyingParty()) { IAuthenticationRequest request = openid.CreateRequest(@"https://www.google.com/accounts/o8/id"); request.RedirectToProvider(); } }

Error Message:

DotNetOpenAuth.Messaging.Bindings.ReplayedMessageException: This message has already been processed. This could indicate a replay attack in progress. at DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Bindings\StandardReplayProtectionBindingElement.cs:line 129 at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 990 at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172 at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 375 at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 498

Logs:

2010-02-01 14:19:57,238 (GMT-5) [4] INFO DotNetOpenAuth - DotNetOpenAuth, Version=3.4.0.10015, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official) 2010-02-01 14:19:57,253 (GMT-5) [4] INFO DotNetOpenAuth - Reporting will use isolated storage with scope: User, Domain, Assembly 2010-02-01 14:19:57,270 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1] 2010-02-01 14:19:57,272 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming HTTP request: GET http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=[snip4]%3A[snip5]%3A[snip6]&openid.return_to=http%3A%2F%2Fmymachine%2FOpenIDGizmo%2Fsnort.aspx%3Fdnoa.userSuppliedIdentifier%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252Fo8%252Fid&openid.assoc_handle=[snip3]&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=[snip2]%2F[snip7]%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1]&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3D[snip1] 2010-02-01 14:19:57,360 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Incoming request received: PositiveAssertionResponse 2010-02-01 14:19:57,364 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming PositiveAssertionResponse (2.0) message: openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1] openid.identity: https://www.google.com/accounts/o8/id?id=[snip1] openid.sig: [snip2]/[snip7]= openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle openid.assoc_handle: [snip3] openid.op_endpoint: https://www.google.com/accounts/o8/ud openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid openid.response_nonce: [snip4]:[snip5]:[snip6] openid.mode: id_res openid.ns: http://specs.openid.net/auth/2.0 dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id 2010-02-01 14:19:57,373 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 2010-02-01 14:19:57,374 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message. 2010-02-01 14:19:57,376 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Verifying incoming PositiveAssertionResponse message signature of: [snip2]= 2010-02-01 14:19:57,388 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Preparing to send CheckAuthenticationRequest (2.0) message. 2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message. 2010-02-01 14:19:57,399 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message. 2010-02-01 14:19:57,400 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message. 2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 2010-02-01 14:19:57,401 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 2010-02-01 14:19:57,402 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 2010-02-01 14:19:57,403 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing CheckAuthenticationRequest (2.0) message for https://www.google.com/accounts/o8/ud: openid.return_to: http://mymachine/OpenIDGizmo/snort.aspx?dnoa.userSuppliedIdentifier=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid openid.mode: check_authentication openid.ns: http://specs.openid.net/auth/2.0 openid.claimed_id: https://www.google.com/accounts/o8/id?id=[snip1] openid.identity: https://www.google.com/accounts/o8/id?id=[snip1] openid.sig: [snip2]= openid.signed: op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle openid.assoc_handle: [snip3] openid.op_endpoint: https://www.google.com/accounts/o8/ud openid.response_nonce: [snip4]:[snip5]:[snip6] dnoa.userSuppliedIdentifier: https://www.google.com/accounts/o8/id 2010-02-01 14:19:57,403 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Sending CheckAuthenticationRequest request. 2010-02-01 14:19:57,916 (GMT-5) [4] DEBUG DotNetOpenAuth.Http - HTTP POST https://www.google.com/accounts/o8/ud 2010-02-01 14:19:57,992 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - Received CheckAuthenticationResponse response. 2010-02-01 14:19:57,992 (GMT-5) [4] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming CheckAuthenticationResponse (2.0) message: is_valid: true ns: http://specs.openid.net/auth/2.0 2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToSignatureBindingElement did not apply to message. 2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.BackwardCompatibilityBindingElement did not apply to message. 2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement did not apply to message. 2010-02-01 14:19:57,993 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did not apply to message. 2010-02-01 14:19:57,994 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement did not apply to message. 2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ReturnToNonceBindingElement did not apply to message. 2010-02-01 14:19:57,995 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.RelyingPartySecurityOptions did not apply to message. 2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement did not apply to message. 2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Channel - After binding element processing, the received CheckAuthenticationResponse (2.0) message is: is_valid: true ns: http://specs.openid.net/auth/2.0 2010-02-01 14:19:57,997 (GMT-5) [4] DEBUG DotNetOpenAuth.Messaging.Bindings - Binding element DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement applied to message.

web.config:

<?xml version="1.0"?> <configuration> <configSections> <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" /> <section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> <section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true"/> </configSections> <uri> <idn enabled="All"/> <iriParsing enabled="true"/> </uri> <appSettings/> <connectionStrings/> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation debug="true" /> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Windows" /> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm" /> <error statusCode="404" redirect="FileNotFound.htm" /> </customErrors> --> </system.web> <dotNetOpenAuth> <openid maxAuthenticationTime="0:05" cacheDiscovery="true"> <relyingParty> <security requireSsl="false" minimumRequiredOpenIdVersion="V10" minimumHashBitLength="160" maximumHashBitLength="256" requireDirectedIdentity="false" requireAssociation="false" rejectUnsolicitedAssertions="false" rejectDelegatingIdentifiers="false" ignoreUnsignedExtensions="false" privateSecretMaximumAge="07:00:00" /> <behaviors> <!-- <add type="Fully.Qualified.ClassName, Assembly" /> --> </behaviors> <store type="Fully.Qualified.ClassName, Assembly" /> </relyingParty> <provider> <security requireSsl="false" protectDownlevelReplayAttacks="true" minimumHashBitLength="160" maximumHashBitLength="512"> <associations> <add type="HMAC-SHA1" lifetime="14.00:00:00" /> <add type="HMAC-SHA256" lifetime="14.00:00:00" /> </associations> </security> <behaviors> <!-- <add type="Fully.Qualified.ClassName, Assembly" /> --> </behaviors> <store type="Fully.Qualified.ClassName, Assembly" /> </provider> <extensionFactories> <add type="FullyQualifiedClass.Implementing.IOpenIdExtensionFactory, Assembly" /> </extensionFactories> </openid> <messaging clockSkew="00:10:00" lifetime="00:03:00"> <untrustedWebRequest timeout="00:01:10" readWriteTimeout="00:00:21.500" maximumBytesToRead="1048576" maximumRedirections="10"> <whitelistHosts> <!-- since this is a sample, and will often be used with localhost --> <!-- <add name="localhost" /> --> </whitelistHosts> <whitelistHostsRegex> <!-- since this is a sample, and will often be used with localhost --> <!-- <add name="\.owndomain\.com$" /> --> </whitelistHostsRegex> <blacklistHosts> </blacklistHosts> <blacklistHostsRegex> </blacklistHostsRegex> </untrustedWebRequest> </messaging> </dotNetOpenAuth> <!-- log4net is a 3rd party (free) logger library that dotnetopenid will use if present but does not require. --> <log4net> <appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender"> <file value="c:\\tmp\\toto\\RelyingParty2.log" /> <appendToFile value="true" /> <immediateFlush value="true" /> <rollingStyle value="Size" /> <maxSizeRollBackups value="10" /> <maximumFileSize value="100KB" /> <staticLogFileName value="true" /> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" /> </layout> </appender> <appender name="TracePageAppender" type="OpenIdRelyingPartyWebForms.Code.TracePageAppender, OpenIdRelyingPartyWebForms"> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline" /> </layout> </appender> <!-- Setup the root category, add the appenders and set the default level --> <root> <level value="INFO" /> <appender-ref ref="RollingFileAppender" /> <!--<appender-ref ref="TracePageAppender" />--> </root> <!-- Specify the level for some specific categories --> <logger name="DotNetOpenAuth"> <level value="ALL" /> </logger> </log4net> </configuration>
Improve this question
8
  • It would be helpful if you would include, on this question, what the actual problem is. As you didn't find the other question helpful, others will not find this one helpful either, and people will have a hard time answering your question... Commented Jan 29, 2010 at 22:38
  • @Rick: OK, I tried to clarify with some edits. Commented Jan 29, 2010 at 22:46
  • Please include the logs. :) dotnetopenauth.net/developers/code-snippets/… Commented Jan 30, 2010 at 2:19
  • These logs don't show the problem. They show just one check_authentication message, which comes back positive. Can you include more of the log? Also, the parts of it that you're scrubbing actually will likely be useful -- and they don't actually expose any security-compromising details. Signatures... nonces... these aren't secrets. They're assurances that messages haven't changed. Commented Feb 2, 2010 at 5:12
  • 1
    My suggestion (as clearly outlined in the link I provided) was to set a config entry to 0:10 - and you have it set as 0:05. Commented Feb 10, 2010 at 10:44

1 Answer 1

Reset to default
8

In some versions of dotnetopenauth you can also get:

This message has already been processed. This could indicate a replay attack in progress.

if your maxAuthenticationTime value is too low (which is obviously not related to the error in any way - but that is a different issue). I experienced this just today.

To increase this value, edit the config entry as shown at https://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Configuration (I suggest setting to 0:10).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, that worked for me also. Confused the heck out of me because it has been working fine for months.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.