1 files changed, 57 insertions, 33 deletions

diff --git a/src/OAuth/OAuthAuthorizationServer/Web.config b/src/OAuth/OAuthAuthorizationServer/Web.config
index 71b76f0..fc869c3 100644
--- a/src/OAuth/OAuthAuthorizationServer/Web.config
+++ b/src/OAuth/OAuthAuthorizationServer/Web.config
@@ -11,17 +11,17 @@
       <sectionGroup name="oauth2" type="DotNetOpenAuth.Configuration.OAuth2SectionGroup, DotNetOpenAuth.OAuth2">

         <section name="authorizationServer" type="DotNetOpenAuth.Configuration.OAuth2AuthorizationServerSection, DotNetOpenAuth.OAuth2.AuthorizationServer" requirePermission="false" allowLocation="true" />

       </sectionGroup>

-      

-      

-      

-    <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" /></sectionGroup>

+      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />

+      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />

+      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />

+    </sectionGroup>

   </configSections>

   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),

 	     which is necessary for OpenID urls with unicode characters in the domain/host name. 

 	     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->

   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->

   <dotNetOpenAuth>

-    

+

     <oauth2>

       <authorizationServer></authorizationServer>

     </oauth2>

@@ -31,15 +31,33 @@
         <whitelistHosts>

           <!-- since this is a sample, and will often be used with localhost -->

           <add name="localhost" />

-        <!-- Uncomment to enable communication with localhost (should generally not activate in production!) --><!--<add name="localhost" />--></whitelistHosts>

+          <!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->

+          <!--<add name="localhost" />-->

+        </whitelistHosts>

       </untrustedWebRequest>

     </messaging>

-    

-    

-  <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --><reporting enabled="true" /><!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. --><!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ --><openid><relyingParty><security requireSsl="false"><!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. --><!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">

+

+

+    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->

+    <reporting enabled="true" />

+    <!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. -->

+    <!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ -->

+    <openid>

+      <relyingParty>

+        <security requireSsl="false">

+          <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->

+          <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">

 						<add endpoint="https://www.google.com/accounts/o8/ud" />

-					</trustedProviders>--></security><behaviors><!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible

-					     with OPs that use Attribute Exchange (in various formats). --><add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" /></behaviors></relyingParty></openid></dotNetOpenAuth>

+					</trustedProviders>-->

+        </security>

+        <behaviors>

+          <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible

+					     with OPs that use Attribute Exchange (in various formats). -->

+          <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />

+        </behaviors>

+      </relyingParty>

+    </openid>

+  </dotNetOpenAuth>

   <log4net>

     <!-- Setup the root category, add the appenders and set the default level -->

     <root>

@@ -60,9 +78,9 @@
       <assemblies>

         <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

         <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

-        <add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

-        <add assembly="System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

-        <add assembly="System.Web.WebPages, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

+        <add assembly="System.Web.Mvc, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

+        <add assembly="System.Web.Helpers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

+        <add assembly="System.Web.WebPages, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />

       </assemblies>

     </compilation>

     <authentication mode="Forms">

@@ -88,33 +106,39 @@
 		     to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it. -->

     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

       <dependentAssembly>

-        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />

-        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="3.0.0.0" />

-      </dependentAssembly>

-      <dependentAssembly>

         <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />

         <bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />

       </dependentAssembly>

+      <dependentAssembly>

+        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />

+        <bindingRedirect oldVersion="0.0.0.0-4.0.0.1" newVersion="4.0.0.1" />

+      </dependentAssembly>

     </assemblyBinding>

-    

-  <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). --><legacyHMACWarning enabled="0" /><!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink

-		     to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.

-		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

-			<dependentAssembly>

-				<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />

-				<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />

-			</dependentAssembly>

-		</assemblyBinding>

-		 --></runtime>

-  

-  

+

+    <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->

+    <legacyHMACWarning enabled="0" />

+  </runtime>

+

+

 

   <appSettings>

     <add key="ClientValidationEnabled" value="false" />

     <add key="UnobtrusiveJavaScriptEnabled" value="false" />

   </appSettings>

-<system.net><defaultProxy enabled="true" /><settings><!-- This setting causes .NET to check certificate revocation lists (CRL) 

+  <system.net>

+    <defaultProxy enabled="true" />

+    <settings>

+      <!-- This setting causes .NET to check certificate revocation lists (CRL) 

 			     before trusting HTTPS certificates.  But this setting tends to not 

-			     be allowed in shared hosting environments. --><!--<servicePointManager checkCertificateRevocationList="true"/>--></settings></system.net><uri><!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),

+			     be allowed in shared hosting environments. -->

+      <!--<servicePointManager checkCertificateRevocationList="true"/>-->

+    </settings>

+  </system.net>

+  <uri>

+    <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),

 		     which is necessary for OpenID urls with unicode characters in the domain/host name.

-		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. --><idn enabled="All" /><iriParsing enabled="true" /></uri></configuration>
\ No newline at end of file
+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->

+    <idn enabled="All" />

+    <iriParsing enabled="true" />

+  </uri>

+</configuration>
\ No newline at end of file