1 files changed, 34 insertions, 27 deletions

diff --git a/src/OAuth/OAuthClient/Web.config b/src/OAuth/OAuthClient/Web.config
index 1e7b8a4..7971de8 100644
--- a/src/OAuth/OAuthClient/Web.config
+++ b/src/OAuth/OAuthClient/Web.config
@@ -1,40 +1,27 @@
-<?xml version="1.0"?>

+<?xml version="1.0" encoding="utf-8"?>

 <configuration>

   <configSections>

     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />

-    <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">

-			<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />

-			<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />

-      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />

-      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />

-    </sectionGroup>

-  </configSections>

+    

+  <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core"><section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" /><section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" /><section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" /></sectionGroup></configSections>

   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),

        which is necessary for OpenID urls with unicode characters in the domain/host name. 

        It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->

-	<uri>

-		<idn enabled="All"/>

-		<iriParsing enabled="true"/>

-	</uri>

+	

 

-	<system.net>

-		<defaultProxy enabled="true" />

-		<settings>

-			<!-- This setting causes .NET to check certificate revocation lists (CRL) 

-			     before trusting HTTPS certificates.  But this setting tends to not 

-			     be allowed in shared hosting environments. -->

-			<!--<servicePointManager checkCertificateRevocationList="true"/>-->

-		</settings>

-	</system.net>

+	

 

   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->

   <dotNetOpenAuth>

-    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->

-		<reporting enabled="true" />

+    

+		

 

     <!-- Relaxing SSL requirements is useful for simple samples, but NOT a good idea in production. -->

-		<messaging relaxSslRequirements="true" />

-  </dotNetOpenAuth>

+		<messaging relaxSslRequirements="true"><untrustedWebRequest><whitelistHosts><!-- Uncomment to enable communication with localhost (should generally not activate in production!) --><!--<add name="localhost" />--></whitelistHosts></untrustedWebRequest></messaging>

+  <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --><reporting enabled="true" /><!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. --><!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ --><openid><relyingParty><security requireSsl="false"><!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. --><!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">

+						<add endpoint="https://www.google.com/accounts/o8/ud" />

+					</trustedProviders>--></security><behaviors><!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible

+					     with OPs that use Attribute Exchange (in various formats). --><add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" /></behaviors></relyingParty><provider></provider></openid></dotNetOpenAuth>

   <appSettings>

     <!-- Fill in your various consumer keys and secrets here to make the sample work. -->

     <!-- You must get these values by signing up with each individual service provider. -->

@@ -44,7 +31,7 @@
     <!-- Google sign-up: https://www.google.com/accounts/ManageDomains -->

     <add key="googleConsumerKey" value="anonymous" />

     <add key="googleConsumerSecret" value="anonymous" />

-    <!-- Yammer sign-up: https://www.yammer.com/client_applications/new -->

+    <!-- Yammer sign-up: https://www.yammer.com/client_applications -->

     <add key="yammerConsumerKey" value="" />

     <add key="yammerConsumerSecret" value="" />

     <!-- Facebook sign-up: http://developers.facebook.com/setup/ -->

@@ -132,4 +119,24 @@
 	<system.webServer>

 		<modules runAllManagedModulesForAllRequests="true" />

 	</system.webServer>

-</configuration>
\ No newline at end of file
+  <runtime>

+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

+      <dependentAssembly>

+        <assemblyIdentity name="System.Net.Http" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />

+        <bindingRedirect oldVersion="0.0.0.0-2.2.13.0" newVersion="2.2.13.0" />

+      </dependentAssembly>

+    </assemblyBinding>

+  <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). --><legacyHMACWarning enabled="0" /><!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink

+		     to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.

+		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

+			<dependentAssembly>

+				<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />

+				<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />

+			</dependentAssembly>

+		</assemblyBinding>

+		 --></runtime>

+<system.net><defaultProxy enabled="true" /><settings><!-- This setting causes .NET to check certificate revocation lists (CRL) 

+			     before trusting HTTPS certificates.  But this setting tends to not 

+			     be allowed in shared hosting environments. --><!--<servicePointManager checkCertificateRevocationList="true"/>--></settings></system.net><uri><!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),

+		     which is necessary for OpenID urls with unicode characters in the domain/host name.

+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. --><idn enabled="All" /><iriParsing enabled="true" /></uri></configuration>