31 files changed, 517 insertions, 323 deletions
diff --git a/src/OpenID/OpenIdOfflineProvider/OpenIdOfflineProvider.csproj b/src/OpenID/OpenIdOfflineProvider/OpenIdOfflineProvider.csproj
index ed946e2..193a570 100644
--- a/src/OpenID/OpenIdOfflineProvider/OpenIdOfflineProvider.csproj
+++ b/src/OpenID/OpenIdOfflineProvider/OpenIdOfflineProvider.csproj
@@ -92,16 +92,54 @@
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="DotNetOpenAuth.Core">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.Core.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.InfoCard">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.InfoCard.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OAuth">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OAuth.Common">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OAuth.Consumer">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OpenId">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OpenId.Provider">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenIdInfoCard.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdInfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdInfoCard.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenIdOAuth">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
     </Reference>
-    <Reference Include="log4net, Version=1.2.10.0, Culture=neutral, PublicKeyToken=1b44e1d426115821, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
+    <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
     </Reference>
     <Reference Include="System" />
diff --git a/src/OpenID/OpenIdOfflineProvider/packages.config b/src/OpenID/OpenIdOfflineProvider/packages.config
index 7081e60..d4ed20d 100644
--- a/src/OpenID/OpenIdOfflineProvider/packages.config
+++ b/src/OpenID/OpenIdOfflineProvider/packages.config
@@ -1,8 +1,22 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />
-  <package id="DotNetOpenAuth.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Provider" version="4.0.0.12084" />
-  <package id="log4net" version="2.0.0" />
+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
+  <package id="DotNetOpenAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdInfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="log4net" version="2.0.0" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdProviderMvc/Code/FormsAuthenticationService.cs b/src/OpenID/OpenIdProviderMvc/Code/FormsAuthenticationService.cs
index 22db860..1f5ea54 100644
--- a/src/OpenID/OpenIdProviderMvc/Code/FormsAuthenticationService.cs
+++ b/src/OpenID/OpenIdProviderMvc/Code/FormsAuthenticationService.cs
@@ -10,6 +10,18 @@
 			get { return HttpContext.Current.User.Identity.Name; }
 		}
 
+		public DateTime? SignedInTimestampUtc {
+			get {
+				var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
+				if (cookie != null) {
+					var ticket = FormsAuthentication.Decrypt(cookie.Value);
+					return ticket.IssueDate.ToUniversalTime();
+				} else {
+					return null;
+				}
+			}
+		}
+
 		public void SignIn(string userName, bool createPersistentCookie) {
 			FormsAuthentication.SetAuthCookie(userName, createPersistentCookie);
 		}
diff --git a/src/OpenID/OpenIdProviderMvc/Code/IFormsAuthentication.cs b/src/OpenID/OpenIdProviderMvc/Code/IFormsAuthentication.cs
index d4c8a01..09856e9 100644
--- a/src/OpenID/OpenIdProviderMvc/Code/IFormsAuthentication.cs
+++ b/src/OpenID/OpenIdProviderMvc/Code/IFormsAuthentication.cs
@@ -17,6 +17,8 @@ using System.Web.Security;
 	public interface IFormsAuthentication {
 		string SignedInUsername { get; }
 
+		DateTime? SignedInTimestampUtc { get; }
+
 		void SignIn(string userName, bool createPersistentCookie);
 
 		void SignOut();
diff --git a/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs b/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs
index 198c434..6d2cc32 100644
--- a/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs
+++ b/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs
@@ -17,6 +17,16 @@ namespace OpenIdProviderMvc.Controllers {
 	public class OpenIdController : Controller {
 		internal static OpenIdProvider OpenIdProvider = new OpenIdProvider();
 
+		public OpenIdController()
+			: this(null) {
+		}
+
+		public OpenIdController(IFormsAuthentication formsAuthentication) {
+			this.FormsAuth = formsAuthentication ?? new FormsAuthenticationService();
+		}
+
+		public IFormsAuthentication FormsAuth { get; private set; }
+
 		[ValidateInput(false)]
 		public ActionResult Provider() {
 			IRequest request = OpenIdProvider.GetRequest();
@@ -29,6 +39,29 @@ namespace OpenIdProviderMvc.Controllers {
 				// This is apparently one that the host (the web site itself) has to respond to.
 				ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request;
 
+				// If PAPE requires that the user has logged in recently, we may be required to challenge the user to log in.
+				var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>();
+				if (papeRequest != null && papeRequest.MaximumAuthenticationAge.HasValue) {
+					TimeSpan timeSinceLogin = DateTime.UtcNow - this.FormsAuth.SignedInTimestampUtc.Value;
+					if (timeSinceLogin > papeRequest.MaximumAuthenticationAge.Value) {
+						// The RP wants the user to have logged in more recently than he has.  
+						// We'll have to redirect the user to a login screen.
+						return this.RedirectToAction("LogOn", "Account", new { returnUrl = this.Url.Action("ProcessAuthRequest") });
+					}
+				}
+
+				return this.ProcessAuthRequest();
+			} else {
+				// No OpenID request was recognized.  This may be a user that stumbled on the OP Endpoint.  
+				return this.View();
+			}
+		}
+
+		public ActionResult ProcessAuthRequest() {
+			if (ProviderEndpoint.PendingRequest == null) {
+				return this.RedirectToAction("Index", "Home");
+			}
+
 				// Try responding immediately if possible.
 				ActionResult response;
 				if (this.AutoRespondIfPossible(out response)) {
@@ -42,10 +75,6 @@ namespace OpenIdProviderMvc.Controllers {
 				}
 
 				return this.RedirectToAction("AskUser");
-			} else {
-				// No OpenID request was recognized.  This may be a user that stumbled on the OP Endpoint.  
-				return this.View();
-			}
 		}
 
 		/// <summary>
@@ -133,6 +162,17 @@ namespace OpenIdProviderMvc.Controllers {
 
 					pendingRequest.AddResponseExtension(claimsResponse);
 				}
+
+				// Look for PAPE requests.
+				var papeRequest = pendingRequest.GetExtension<PolicyRequest>();
+				if (papeRequest != null) {
+					var papeResponse = new PolicyResponse();
+					if (papeRequest.MaximumAuthenticationAge.HasValue) {
+						papeResponse.AuthenticationTimeUtc = this.FormsAuth.SignedInTimestampUtc;
+					}
+
+					pendingRequest.AddResponseExtension(papeResponse);
+				}
 			}
 
 			return OpenIdProvider.PrepareResponse(pendingRequest).AsActionResult();
diff --git a/src/OpenID/OpenIdProviderMvc/OpenIdProviderMvc.csproj b/src/OpenID/OpenIdProviderMvc/OpenIdProviderMvc.csproj
index db65a1c..1a2f03a 100644
--- a/src/OpenID/OpenIdProviderMvc/OpenIdProviderMvc.csproj
+++ b/src/OpenID/OpenIdProviderMvc/OpenIdProviderMvc.csproj
@@ -38,23 +38,56 @@
     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.Core.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.InfoCard, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.InfoCard.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OAuth.Consumer, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenIdInfoCard.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdInfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdInfoCard.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenIdOAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
+    </Reference>
+    <Reference Include="log4net">
+      <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Contracts">
       <HintPath>..\..\..\packages\CodeContracts.Unofficial.1.0.0.2\lib\net35-client\Microsoft.Contracts.dll</HintPath>
diff --git a/src/OpenID/OpenIdProviderMvc/Views/Web.config b/src/OpenID/OpenIdProviderMvc/Views/Web.config
index df0103b..8bc9c19 100644
--- a/src/OpenID/OpenIdProviderMvc/Views/Web.config
+++ b/src/OpenID/OpenIdProviderMvc/Views/Web.config
@@ -12,9 +12,9 @@
         To change this behavior apply the ValidateInputAttribute to a
         controller or action.
     -->
-    <pages validateRequest="false" pageParserFilterType="System.Web.Mvc.ViewTypeParserFilter, System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" pageBaseType="System.Web.Mvc.ViewPage, System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" userControlBaseType="System.Web.Mvc.ViewUserControl, System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+    <pages validateRequest="false" pageParserFilterType="System.Web.Mvc.ViewTypeParserFilter, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" pageBaseType="System.Web.Mvc.ViewPage, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" userControlBaseType="System.Web.Mvc.ViewUserControl, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <controls>
-        <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" namespace="System.Web.Mvc" tagPrefix="mvc" />
+        <add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" namespace="System.Web.Mvc" tagPrefix="mvc" />
       </controls>
     </pages>
   </system.web>
diff --git a/src/OpenID/OpenIdProviderMvc/Web.config b/src/OpenID/OpenIdProviderMvc/Web.config
index 8c0056c..c5ab254 100644
--- a/src/OpenID/OpenIdProviderMvc/Web.config
+++ b/src/OpenID/OpenIdProviderMvc/Web.config
@@ -3,16 +3,28 @@
   <configSections>
     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
     <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
+      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
       <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
       <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
       <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
     </sectionGroup>
-    <section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
   </configSections>
   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
        which is necessary for OpenID urls with unicode characters in the domain/host name. 
        It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
+  <uri>
+    <idn enabled="All" />
+    <iriParsing enabled="true" />
+  </uri>
+  <system.net>
+    <defaultProxy enabled="true" />
+    <settings>
+      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. -->
+      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
+    </settings>
+  </system.net>
   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->
   <dotNetOpenAuth>
     <openid>
@@ -29,6 +41,19 @@
         <!-- Uncomment the following to activate the sample custom store.  -->
         <!--<store type="RelyingPartyWebForms.CustomStore, RelyingPartyWebForms" />-->
       </provider>
+      <relyingParty>
+        <security requireSsl="false">
+          <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
+          <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
+						<add endpoint="https://www.google.com/accounts/o8/ud" />
+					</trustedProviders>-->
+        </security>
+        <behaviors>
+          <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
+					     with OPs that use Attribute Exchange (in various formats). -->
+          <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
+        </behaviors>
+      </relyingParty>
     </openid>
     <messaging>
       <untrustedWebRequest>
@@ -51,7 +76,7 @@
     -->
     <compilation debug="true" targetFramework="4.0">
       <assemblies>
-        <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
+        <add assembly="System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
         <remove assembly="DotNetOpenAuth.Contracts" />
         <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
         <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
@@ -109,7 +134,7 @@
       </namespaces>
     </pages>
     <httpHandlers>
-      <add verb="*" path="*.mvc" validate="false" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
+      <add verb="*" path="*.mvc" validate="false" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
     </httpHandlers>
   </system.web>
   <system.web.extensions />
@@ -123,48 +148,18 @@
     <handlers>
       <remove name="MvcHttpHandler" />
       <remove name="UrlRoutingHandler" />
-      <add name="MvcHttpHandler" preCondition="integratedMode" verb="*" path="*.mvc" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
+      <add name="MvcHttpHandler" preCondition="integratedMode" verb="*" path="*.mvc" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
     </handlers>
   </system.webServer>
   <runtime>
-    <!-- When targeting ASP.NET MVC 2, this assemblyBinding makes MVC 1 references relink
-         to MVC 2 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it. -->
+    <legacyHMACWarning enabled="0" />
+    <!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink
+         to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it. -->
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
-        <assemblyIdentity name="DotNetOpenAuth.OpenId.RelyingParty" publicKeyToken="2780ccd10d57b246" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="DotNetOpenAuth.OpenId" publicKeyToken="2780ccd10d57b246" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.0.0.12030" newVersion="4.0.0.12030" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="DotNetOpenAuth.Core" publicKeyToken="2780ccd10d57b246" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.0.0.12030" newVersion="4.0.0.12030" />
         <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
-      </dependentAssembly>
-      <dependentAssembly>
-        <assemblyIdentity name="DotNetOpenAuth.Core.UI" publicKeyToken="2780ccd10d57b246" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.0.0.12030" newVersion="4.0.0.12030" />
+        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
       </dependentAssembly>
     </assemblyBinding>
-    <legacyHMACWarning enabled="0" />
   </runtime>
-  <system.net>
-    <defaultProxy enabled="true" />
-    <settings>
-      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
-			     before trusting HTTPS certificates.  But this setting tends to not 
-			     be allowed in shared hosting environments. -->
-      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
-    </settings>
-  </system.net>
-  <uri>
-    <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
-	     which is necessary for OpenID urls with unicode characters in the domain/host name. 
-	     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
-    <idn enabled="All" />
-    <iriParsing enabled="true" />
-  </uri>
 </configuration>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdProviderMvc/packages.config b/src/OpenID/OpenIdProviderMvc/packages.config
index cfe9741..d4ed20d 100644
--- a/src/OpenID/OpenIdProviderMvc/packages.config
+++ b/src/OpenID/OpenIdProviderMvc/packages.config
@@ -1,10 +1,22 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />
-  <package id="DotNetOpenAuth.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Provider" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.0.0.12084" />
+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
+  <package id="DotNetOpenAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdInfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="log4net" version="2.0.0" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj b/src/OpenID/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj
index d4e2b90..4a01678 100644
--- a/src/OpenID/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj
+++ b/src/OpenID/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj
@@ -53,38 +53,53 @@
     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.InfoCard, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.InfoCard.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.InfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.InfoCard.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.Consumer, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.Consumer, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Consumer.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Consumer.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OAuth.ServiceProvider, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.ServiceProvider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.ServiceProvider.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenIdOAuth, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenIdInfoCard.UI, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdInfoCard.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdInfoCard.UI.dll</HintPath>
+    </Reference>
+    <Reference Include="DotNetOpenAuth.OpenIdOAuth, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenIdOAuth.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenIdOAuth.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
diff --git a/src/OpenID/OpenIdProviderWebForms/Web.config b/src/OpenID/OpenIdProviderWebForms/Web.config
index 49058f0..0be2d51 100644
--- a/src/OpenID/OpenIdProviderWebForms/Web.config
+++ b/src/OpenID/OpenIdProviderWebForms/Web.config
@@ -4,14 +4,27 @@
     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
     <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
       <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
+      <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
       <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
       <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
-      <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
     </sectionGroup>
   </configSections>
   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
        which is necessary for OpenID urls with unicode characters in the domain/host name. 
        It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
+  <uri>
+    <idn enabled="All" />
+    <iriParsing enabled="true" />
+  </uri>
+  <system.net>
+    <defaultProxy enabled="true" />
+    <settings>
+      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. -->
+      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
+    </settings>
+  </system.net>
   <!-- this is an optional configuration section where aspects of DotNetOpenAuth can be customized -->
   <dotNetOpenAuth>
     <openid>
@@ -26,6 +39,19 @@
         <!-- Uncomment the following to activate the sample custom store.  -->
         <!--<store type="OpenIdProviderWebForms.Code.CustomStore, OpenIdProviderWebForms" />-->
       </provider>
+      <relyingParty>
+        <security requireSsl="false">
+          <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
+          <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
+						<add endpoint="https://www.google.com/accounts/o8/ud" />
+					</trustedProviders>-->
+        </security>
+        <behaviors>
+          <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
+					     with OPs that use Attribute Exchange (in various formats). -->
+          <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
+        </behaviors>
+      </relyingParty>
     </openid>
     <messaging>
       <untrustedWebRequest>
@@ -111,27 +137,10 @@
       <level value="INFO" />
     </logger>
   </log4net>
-  <uri>
-    <!-- See an error due to this section?  When targeting .NET 3.5, please add the following line to your <configSections> at the top of this file:
-		<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
-		-->
-    <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
-	     which is necessary for OpenID urls with unicode characters in the domain/host name. 
-	     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
-    <idn enabled="All" />
-    <iriParsing enabled="true" />
-  </uri>
-  <system.net>
-    <defaultProxy enabled="true" />
-    <settings>
-      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
-			     before trusting HTTPS certificates.  But this setting tends to not 
-			     be allowed in shared hosting environments. -->
-      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
-    </settings>
-  </system.net>
   <runtime>
-    <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->
     <legacyHMACWarning enabled="0" />
   </runtime>
+  <system.webServer>
+    <modules runAllManagedModulesForAllRequests="true" />
+  </system.webServer>
 </configuration>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdProviderWebForms/packages.config b/src/OpenID/OpenIdProviderWebForms/packages.config
index f09d52e..d4ed20d 100644
--- a/src/OpenID/OpenIdProviderWebForms/packages.config
+++ b/src/OpenID/OpenIdProviderWebForms/packages.config
@@ -1,16 +1,22 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />
-  <package id="DotNetOpenAuth.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OAuth.Common" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OAuth.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Provider" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.0.0.12084" />
-  <package id="log4net" version="2.0.0" />
+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
+  <package id="DotNetOpenAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.InfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Consumer" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OAuth.ServiceProvider" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdInfoCard.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenIdOAuth" version="4.1.0.12182" targetFramework="net40" />
+  <package id="log4net" version="2.0.0" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdRelyingPartyMvc/OpenIdRelyingPartyMvc.csproj b/src/OpenID/OpenIdRelyingPartyMvc/OpenIdRelyingPartyMvc.csproj
index 8249a65..7c21b74 100644
--- a/src/OpenID/OpenIdRelyingPartyMvc/OpenIdRelyingPartyMvc.csproj
+++ b/src/OpenID/OpenIdRelyingPartyMvc/OpenIdRelyingPartyMvc.csproj
@@ -38,23 +38,23 @@
     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
diff --git a/src/OpenID/OpenIdRelyingPartyMvc/Web.config b/src/OpenID/OpenIdRelyingPartyMvc/Web.config
index 123f3dd..bd74a19 100644
--- a/src/OpenID/OpenIdRelyingPartyMvc/Web.config
+++ b/src/OpenID/OpenIdRelyingPartyMvc/Web.config
@@ -2,7 +2,6 @@
 <configuration>
   <configSections>
     <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
-      <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
       <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
       <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
       <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
@@ -120,12 +119,9 @@
     <legacyHMACWarning enabled="0" />
   </runtime>
   <uri>
-    <!-- See an error due to this section?  When targeting .NET 3.5, please add the following line to your <configSections> at the top of this file:
-		<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
-		-->
     <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
-	     which is necessary for OpenID urls with unicode characters in the domain/host name. 
-	     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
+		     which is necessary for OpenID urls with unicode characters in the domain/host name.
+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
     <idn enabled="All" />
     <iriParsing enabled="true" />
   </uri>
diff --git a/src/OpenID/OpenIdRelyingPartyMvc/packages.config b/src/OpenID/OpenIdRelyingPartyMvc/packages.config
index cffb581..7819b1e 100644
--- a/src/OpenID/OpenIdRelyingPartyMvc/packages.config
+++ b/src/OpenID/OpenIdRelyingPartyMvc/packages.config
@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />
-  <package id="DotNetOpenAuth.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.0.0.12084" />
-  <package id="log4net" version="2.0.0" />
+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="log4net" version="2.0.0" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdRelyingPartyWebForms/Code/CustomStore.cs b/src/OpenID/OpenIdRelyingPartyWebForms/Code/CustomStore.cs
index f521c0e..1572c05 100644
--- a/src/OpenID/OpenIdRelyingPartyWebForms/Code/CustomStore.cs
+++ b/src/OpenID/OpenIdRelyingPartyWebForms/Code/CustomStore.cs
@@ -84,7 +84,7 @@ namespace OpenIdRelyingPartyWebForms.Code {
 
 		public CryptoKey GetKey(string bucket, string handle) {
 			var assocRow = dataSet.CryptoKey.FindByBucketHandle(bucket, handle);
-			return new CryptoKey(assocRow.Secret, assocRow.ExpiresUtc);
+			return assocRow == null ? null : new CryptoKey(assocRow.Secret, assocRow.ExpiresUtc);
 		}
 
 		public IEnumerable<KeyValuePair<string, CryptoKey>> GetKeys(string bucket) {
diff --git a/src/OpenID/OpenIdRelyingPartyWebForms/MembersOnly/Default.aspx b/src/OpenID/OpenIdRelyingPartyWebForms/MembersOnly/Default.aspx
index cbc13ee..59a4eed 100644
--- a/src/OpenID/OpenIdRelyingPartyWebForms/MembersOnly/Default.aspx
+++ b/src/OpenID/OpenIdRelyingPartyWebForms/MembersOnly/Default.aspx
@@ -18,6 +18,9 @@
 	<% }
 	foreach (string policy in State.PapePolicies.ActualPolicies) { %>
 		<li><%=HttpUtility.HtmlEncode(policy) %></li>
+	<% }
+	if (State.PapePolicies.AuthenticationTimeUtc.HasValue) { %>		
+		<li>The provider authenticated the user at <%=State.PapePolicies.AuthenticationTimeUtc.Value.ToLocalTime() %> (local time)</li>
 	<% } %>
 	</ul>
 <% } %>
diff --git a/src/OpenID/OpenIdRelyingPartyWebForms/Web.config b/src/OpenID/OpenIdRelyingPartyWebForms/Web.config
index 3a667c2..cdd0754 100644
--- a/src/OpenID/OpenIdRelyingPartyWebForms/Web.config
+++ b/src/OpenID/OpenIdRelyingPartyWebForms/Web.config
@@ -1,7 +1,6 @@
 <?xml version="1.0"?>
 <configuration>
 	<configSections>
-		<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
 		<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
 		<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
 			<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
@@ -71,7 +70,7 @@
 
 	<system.web>
 		<!--<sessionState cookieless="true" />-->
-		<compilation debug="true">
+		<compilation debug="true" targetFramework="4.0">
 			<assemblies>
 				<remove assembly="DotNetOpenAuth.Contracts"/>
 			</assemblies>
@@ -88,6 +87,7 @@
 		Low: doesn't work because WebPermission.Connect is denied.
 		-->
 		<trust level="Medium" originUrl=".*"/>
+		<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
 	</system.web>
 
 	<!-- log4net is a 3rd party (free) logger library that DotNetOpenAuth will use if present but does not require. -->
@@ -123,4 +123,7 @@
 	<runtime>
 		<legacyHMACWarning enabled="0" />
 	</runtime>
+	<system.webServer>
+		<modules runAllManagedModulesForAllRequests="true" />
+	</system.webServer>
 </configuration>
diff --git a/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx b/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx
index 98eee7a..17a230a 100644
--- a/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx
+++ b/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx
@@ -20,6 +20,10 @@
 			<asp:ListItem Text="Request physical multi-factor authentication" Value="http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical" />
 			<asp:ListItem Text="Request PPID identifier" Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" />
 		</asp:CheckBoxList>
+		<p>Request that the Provider have authenticated the user in the last 
+			<asp:TextBox runat="server" ID="maxAuthTimeBox" MaxLength="4" Columns="4" />
+			seconds.
+		</p>
 		<p>Try the PPID identifier functionality against the OpenIDProviderMvc sample.</p>
 	</fieldset>
 	<p><a href="loginGoogleApps.aspx">Log in using Google Apps for Domains</a>. </p>
diff --git a/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.cs b/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.cs
index 6721e9b..3b5466c 100644
--- a/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.cs
+++ b/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.cs
@@ -45,12 +45,18 @@ namespace OpenIdRelyingPartyWebForms {
 			}
 
 			// Add the PAPE extension if any policy was requested.
+			var pape = new PolicyRequest();
 			if (policies.Count > 0) {
-				var pape = new PolicyRequest();
 				foreach (string policy in policies) {
 					pape.PreferredPolicies.Add(policy);
 				}
+			}
+
+			if (this.maxAuthTimeBox.Text.Length > 0) {
+				pape.MaximumAuthenticationAge = TimeSpan.FromSeconds(double.Parse(this.maxAuthTimeBox.Text));
+			}
 
+			if (pape.PreferredPolicies.Count > 0 || pape.MaximumAuthenticationAge.HasValue) {
 				request.AddExtension(pape);
 			}
 		}
diff --git a/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.designer.cs b/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.designer.cs
index 017d259..9ee9edc 100644
--- a/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.designer.cs
+++ b/src/OpenID/OpenIdRelyingPartyWebForms/login.aspx.designer.cs
@@ -40,6 +40,15 @@ namespace OpenIdRelyingPartyWebForms {
         protected global::System.Web.UI.WebControls.CheckBoxList papePolicies;
         
         /// <summary>
+        /// maxAuthTimeBox control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.TextBox maxAuthTimeBox;
+        
+        /// <summary>
         /// yahooLoginButton control.
         /// </summary>
         /// <remarks>
diff --git a/src/OpenID/OpenIdRelyingPartyWebFormsVB/Global.asax.vb b/src/OpenID/OpenIdRelyingPartyWebFormsVB/Global.asax.vb
index 257e11a..7622d2d 100644
--- a/src/OpenID/OpenIdRelyingPartyWebFormsVB/Global.asax.vb
+++ b/src/OpenID/OpenIdRelyingPartyWebFormsVB/Global.asax.vb
@@ -6,60 +6,61 @@ Imports System.Text
 Imports System.Web
 Imports DotNetOpenAuth.ApplicationBlock
 Imports OpenIdRelyingPartyWebFormsVB
+Imports log4net
 
 Public Class Global_asax
-	Inherits HttpApplication
+    Inherits HttpApplication
 
-	Public Shared Logger As log4net.ILog = log4net.LogManager.GetLogger(GetType(Global_asax))
+    Public Shared Logger As ILog = log4net.LogManager.GetLogger(GetType(Global_asax))
 
-	Friend Shared LogMessages As StringBuilder = New StringBuilder
+    Friend Shared LogMessages As StringBuilder = New StringBuilder
 
-	Public Shared Function CollectionToString(ByVal collection As NameValueCollection) As String
-		Dim sw As StringWriter = New StringWriter
-		For Each key As String In collection.Keys
-			sw.WriteLine("{0} = '{1}'", key, collection(key))
-		Next
-		Return sw.ToString
-	End Function
+    Public Shared Function CollectionToString(ByVal collection As NameValueCollection) As String
+        Dim sw As StringWriter = New StringWriter
+        For Each key As String In collection.Keys
+            sw.WriteLine("{0} = '{1}'", key, collection(key))
+        Next
+        Return sw.ToString
+    End Function
 
-	Protected Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
-		log4net.Config.XmlConfigurator.Configure()
-		Logger.Info("Sample starting...")
-	End Sub
+    Protected Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
+        log4net.Config.XmlConfigurator.Configure()
+        Logger.Info("Sample starting...")
+    End Sub
 
-	Protected Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
-		Logger.Info("Sample shutting down...")
-		' this would be automatic, but in partial trust scenarios it is not.
-		log4net.LogManager.Shutdown()
-	End Sub
+    Protected Sub Application_End(ByVal sender As Object, ByVal e As EventArgs)
+        Logger.Info("Sample shutting down...")
+        ' this would be automatic, but in partial trust scenarios it is not.
+        log4net.LogManager.Shutdown()
+    End Sub
 
-	Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
-		' System.Diagnostics.Debugger.Launch();
-		Logger.DebugFormat("Processing {0} on {1} ", Request.HttpMethod, stripQueryString(Request.Url))
-		If (Request.QueryString.Count > 0) Then
-			Logger.DebugFormat("Querystring follows: " & vbLf & "{0}", CollectionToString(Request.QueryString))
-		End If
-		If (Request.Form.Count > 0) Then
-			Logger.DebugFormat("Posted form follows: " & vbLf & "{0}", CollectionToString(Request.Form))
-		End If
-	End Sub
+    Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
+        ' System.Diagnostics.Debugger.Launch();
+        Logger.DebugFormat("Processing {0} on {1} ", Request.HttpMethod, stripQueryString(Request.Url))
+        If (Request.QueryString.Count > 0) Then
+            Logger.DebugFormat("Querystring follows: " & vbLf & "{0}", CollectionToString(Request.QueryString))
+        End If
+        If (Request.Form.Count > 0) Then
+            Logger.DebugFormat("Posted form follows: " & vbLf & "{0}", CollectionToString(Request.Form))
+        End If
+    End Sub
 
-	Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
-		Logger.DebugFormat("User {0} authenticated.", (Not (HttpContext.Current.User) Is Nothing))
-		'TODO: Warning!!!, inline IF is not supported ?
-	End Sub
+    Protected Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
+        Logger.DebugFormat("User {0} authenticated.", (Not (HttpContext.Current.User) Is Nothing))
+        'TODO: Warning!!!, inline IF is not supported ?
+    End Sub
 
-	Protected Sub Application_EndRequest(ByVal sender As Object, ByVal e As EventArgs)
+    Protected Sub Application_EndRequest(ByVal sender As Object, ByVal e As EventArgs)
 
-	End Sub
+    End Sub
 
-	Protected Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
-		Logger.ErrorFormat("An unhandled exception was raised. Details follow: {0}", HttpContext.Current.Server.GetLastError)
-	End Sub
+    Protected Sub Application_Error(ByVal sender As Object, ByVal e As EventArgs)
+        Logger.ErrorFormat("An unhandled exception was raised. Details follow: {0}", HttpContext.Current.Server.GetLastError)
+    End Sub
 
-	Private Shared Function stripQueryString(ByVal uri As Uri) As String
-		Dim builder As UriBuilder = New UriBuilder(uri)
-		builder.Query = Nothing
-		Return builder.ToString
-	End Function
+    Private Shared Function stripQueryString(ByVal uri As Uri) As String
+        Dim builder As UriBuilder = New UriBuilder(uri)
+        builder.Query = Nothing
+        Return builder.ToString
+    End Function
 End Class
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdRelyingPartyWebFormsVB/OpenIdRelyingPartyWebFormsVB.vbproj b/src/OpenID/OpenIdRelyingPartyWebFormsVB/OpenIdRelyingPartyWebFormsVB.vbproj
index de7d05c..dfc0818 100644
--- a/src/OpenID/OpenIdRelyingPartyWebFormsVB/OpenIdRelyingPartyWebFormsVB.vbproj
+++ b/src/OpenID/OpenIdRelyingPartyWebFormsVB/OpenIdRelyingPartyWebFormsVB.vbproj
@@ -49,23 +49,23 @@
     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0-RC1\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.Core.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.0.0-RC1\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.0.0-RC1\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.0.0-RC1\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.1.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.0.0-RC1\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
     </Reference>
     <Reference Include="DotNetOpenAuth.OpenId.UI">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.0.0-RC1\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
     </Reference>
     <Reference Include="log4net">
       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>
diff --git a/src/OpenID/OpenIdRelyingPartyWebFormsVB/Web.config b/src/OpenID/OpenIdRelyingPartyWebFormsVB/Web.config
index 98bc562..cb23a00 100644
--- a/src/OpenID/OpenIdRelyingPartyWebFormsVB/Web.config
+++ b/src/OpenID/OpenIdRelyingPartyWebFormsVB/Web.config
@@ -1,10 +1,9 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0"?>
 <configuration>
   <configSections>
-    <section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
     <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
-      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
+			<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
       <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
       <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
       <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
@@ -13,19 +12,21 @@
   <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
        which is necessary for OpenID urls with unicode characters in the domain/host name. 
        It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
-  <uri>
-    <idn enabled="All" />
-    <iriParsing enabled="true" />
-  </uri>
-  <system.net>
-    <defaultProxy enabled="true" />
-    <settings>
-      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
-           before trusting HTTPS certificates.  But this setting tends to not 
-           be allowed in shared hosting environments. -->
-      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
-    </settings>
-  </system.net>
+	<uri>
+		<idn enabled="All"/>
+		<iriParsing enabled="true"/>
+	</uri>
+
+	<system.net>
+		<defaultProxy enabled="true" />
+		<settings>
+			<!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. -->
+			<!--<servicePointManager checkCertificateRevocationList="true"/>-->
+		</settings>
+	</system.net>
+
   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->
   <dotNetOpenAuth>
     <openid>
@@ -33,29 +34,29 @@
         <security requireSsl="false">
           <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
           <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
-            <add endpoint="https://www.google.com/accounts/o8/ud" />
-          </trustedProviders>-->
+						<add endpoint="https://www.google.com/accounts/o8/ud" />
+					</trustedProviders>-->
         </security>
         <behaviors>
           <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
-               with OPs that use Attribute Exchange (in various formats). -->
+					     with OPs that use Attribute Exchange (in various formats). -->
           <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
-          <!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth.OpenId.RelyingParty" />-->
+					<!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth.OpenId.RelyingParty" />-->
         </behaviors>
-        <!-- Uncomment the following to activate the sample custom store.  -->
-        <!--<store type="OpenIdRelyingPartyWebFormsVB.CustomStore, OpenIdRelyingPartyWebFormsVB" />-->
+				<!-- Uncomment the following to activate the sample custom store.  -->
+				<!--<store type="OpenIdRelyingPartyWebFormsVB.CustomStore, OpenIdRelyingPartyWebFormsVB" />-->
       </relyingParty>
     </openid>
-    <messaging>
-      <untrustedWebRequest>
-        <whitelistHosts>
-          <!-- since this is a sample, and will often be used with localhost -->
-          <add name="localhost" />
-        </whitelistHosts>
-      </untrustedWebRequest>
-    </messaging>
-    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
-    <reporting enabled="true" />
+		<messaging>
+			<untrustedWebRequest>
+				<whitelistHosts>
+					<!-- since this is a sample, and will often be used with localhost -->
+					<add name="localhost" />
+				</whitelistHosts>
+			</untrustedWebRequest>
+		</messaging>
+		<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
+		<reporting enabled="true" />
   </dotNetOpenAuth>
   <appSettings>
     <!-- Fill in your various consumer keys and secrets here to make the sample work. -->
@@ -73,8 +74,7 @@
     </compilation>
     <customErrors mode="RemoteOnly" />
     <authentication mode="Forms">
-      <forms name="OpenIdRelyingPartyVBSession" />
-      <!-- named cookie prevents conflicts with other samples -->
+			<forms name="OpenIdRelyingPartyVBSession"/> <!-- named cookie prevents conflicts with other samples -->
     </authentication>
     <trace enabled="false" writeToDiagnosticsTrace="true" />
     <!-- Trust level discussion:
@@ -117,11 +117,8 @@
   </log4net>
   <runtime>
     <legacyHMACWarning enabled="0" />
-    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
-      </dependentAssembly>
-    </assemblyBinding>
   </runtime>
+	<system.webServer>
+		<modules runAllManagedModulesForAllRequests="true" />
+	</system.webServer>
 </configuration>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdRelyingPartyWebFormsVB/packages.config b/src/OpenID/OpenIdRelyingPartyWebFormsVB/packages.config
index e4866e8..736a50a 100644
--- a/src/OpenID/OpenIdRelyingPartyWebFormsVB/packages.config
+++ b/src/OpenID/OpenIdRelyingPartyWebFormsVB/packages.config
@@ -1,11 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />
-  <package id="DotNetOpenAuth.Core" version="4.0.0-RC1" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.0.0-RC1" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.0.0-RC1" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.0.0-RC1" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.0.0-RC1" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.0.0-RC1" />
-  <package id="log4net" version="2.0.0" />
+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="log4net" version="2.0.0" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdWebRingSsoProvider/OpenIdWebRingSsoProvider.csproj b/src/OpenID/OpenIdWebRingSsoProvider/OpenIdWebRingSsoProvider.csproj
index 2f1460d..80cd64e 100644
--- a/src/OpenID/OpenIdWebRingSsoProvider/OpenIdWebRingSsoProvider.csproj
+++ b/src/OpenID/OpenIdWebRingSsoProvider/OpenIdWebRingSsoProvider.csproj
@@ -42,23 +42,23 @@
     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.Provider.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Provider.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.Provider.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Data" />
diff --git a/src/OpenID/OpenIdWebRingSsoProvider/Web.config b/src/OpenID/OpenIdWebRingSsoProvider/Web.config
index 1c16c9a..227faa7 100644
--- a/src/OpenID/OpenIdWebRingSsoProvider/Web.config
+++ b/src/OpenID/OpenIdWebRingSsoProvider/Web.config
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <configSections>
-    <section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />
     <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
       <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
@@ -21,8 +20,8 @@
     <defaultProxy enabled="true" />
     <settings>
       <!-- This setting causes .NET to check certificate revocation lists (CRL) 
-           before trusting HTTPS certificates.  But this setting tends to not 
-           be allowed in shared hosting environments. -->
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. -->
       <!--<servicePointManager checkCertificateRevocationList="true"/>-->
     </settings>
   </system.net>
@@ -82,7 +81,7 @@
         -->
     <authentication mode="Windows" />
     <!--<authentication mode="Forms">
-      -->
+			-->
     <!-- named cookie prevents conflicts with other samples -->
     <!--
       <forms name="OpenIDWebRingSsoProvider"/>
@@ -105,14 +104,11 @@
         The system.webServer section is required for running ASP.NET AJAX under Internet
         Information Services 7.0.  It is not necessary for previous version of IIS.
     -->
+  <system.webServer>
+    <modules runAllManagedModulesForAllRequests="true" />
+  </system.webServer>
   <runtime>
     <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->
     <legacyHMACWarning enabled="0" />
-    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-      <dependentAssembly>
-        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
-        <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" />
-      </dependentAssembly>
-    </assemblyBinding>
   </runtime>
 </configuration>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdWebRingSsoProvider/packages.config b/src/OpenID/OpenIdWebRingSsoProvider/packages.config
index cfe9741..f40554e 100644
--- a/src/OpenID/OpenIdWebRingSsoProvider/packages.config
+++ b/src/OpenID/OpenIdWebRingSsoProvider/packages.config
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />
-  <package id="DotNetOpenAuth.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Provider" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.0.0.12084" />
+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Provider.UI" version="4.1.0.12182" targetFramework="net40" />
 </packages>
 \ No newline at end of file
diff --git a/src/OpenID/OpenIdWebRingSsoRelyingParty/OpenIdWebRingSsoRelyingParty.csproj b/src/OpenID/OpenIdWebRingSsoRelyingParty/OpenIdWebRingSsoRelyingParty.csproj
index 0fcbf1b..4c2442e 100644
--- a/src/OpenID/OpenIdWebRingSsoRelyingParty/OpenIdWebRingSsoRelyingParty.csproj
+++ b/src/OpenID/OpenIdWebRingSsoRelyingParty/OpenIdWebRingSsoRelyingParty.csproj
@@ -42,23 +42,23 @@
     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="DotNetOpenAuth.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.Core.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.Core.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.RelyingParty.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.RelyingParty.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.RelyingParty.UI.dll</HintPath>
     </Reference>
-    <Reference Include="DotNetOpenAuth.OpenId.UI, Version=4.0.0.0, Culture=neutral, PublicKeyToken=2780ccd10d57b246, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
+    <Reference Include="DotNetOpenAuth.OpenId.UI">
+      <HintPath>..\..\..\packages\DotNetOpenAuth.OpenId.Core.UI.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OpenId.UI.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Data" />
diff --git a/src/OpenID/OpenIdWebRingSsoRelyingParty/Web.config b/src/OpenID/OpenIdWebRingSsoRelyingParty/Web.config
index 1fd2d6c..3316415 100644
--- a/src/OpenID/OpenIdWebRingSsoRelyingParty/Web.config
+++ b/src/OpenID/OpenIdWebRingSsoRelyingParty/Web.config
@@ -14,16 +14,6 @@
        It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
   <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized -->
   <dotNetOpenAuth>
-    <messaging>
-      <untrustedWebRequest>
-        <whitelistHosts>
-          <!-- since this is a sample, and will often be used with localhost -->
-          <add name="localhost" />
-        </whitelistHosts>
-      </untrustedWebRequest>
-    </messaging>
-    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
-    <reporting enabled="true" />
     <openid>
       <relyingParty>
         <security requireSsl="false">
@@ -36,9 +26,22 @@
           <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
 					     with OPs that use Attribute Exchange (in various formats). -->
           <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
+          <!--<add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.GsaIcamProfile, DotNetOpenAuth.OpenId.RelyingParty" />-->
         </behaviors>
+        <!-- Uncomment the following to activate the sample custom store.  -->
+        <!--<store type="OpenIdRelyingPartyWebForms.CustomStore, OpenIdRelyingPartyWebForms" />-->
       </relyingParty>
     </openid>
+    <messaging>
+      <untrustedWebRequest>
+        <whitelistHosts>
+          <!-- since this is a sample, and will often be used with localhost -->
+          <add name="localhost" />
+        </whitelistHosts>
+      </untrustedWebRequest>
+    </messaging>
+    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
+    <reporting enabled="true" />
   </dotNetOpenAuth>
   <appSettings>
     <add key="SsoProviderOPIdentifier" value="http://localhost:39167/" />
@@ -103,6 +106,9 @@
       </authorization>
     </system.web>
   </location>
+  <system.webServer>
+    <modules runAllManagedModulesForAllRequests="true" />
+  </system.webServer>
   <system.net>
     <defaultProxy enabled="true" />
     <settings>
@@ -117,12 +123,9 @@
     <legacyHMACWarning enabled="0" />
   </runtime>
   <uri>
-    <!-- See an error due to this section?  When targeting .NET 3.5, please add the following line to your <configSections> at the top of this file:
-		<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
-		-->
     <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
-	     which is necessary for OpenID urls with unicode characters in the domain/host name. 
-	     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
+		     which is necessary for OpenID urls with unicode characters in the domain/host name.
+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
     <idn enabled="All" />
     <iriParsing enabled="true" />
   </uri>
diff --git a/src/OpenID/OpenIdWebRingSsoRelyingParty/packages.config b/src/OpenID/OpenIdWebRingSsoRelyingParty/packages.config
index 7528b62..eb04872 100644
--- a/src/OpenID/OpenIdWebRingSsoRelyingParty/packages.config
+++ b/src/OpenID/OpenIdWebRingSsoRelyingParty/packages.config
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />
-  <package id="DotNetOpenAuth.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.0.0.12084" />
-  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.0.0.12084" />
+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.Core.UI" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty" version="4.1.0.12182" targetFramework="net40" />
+  <package id="DotNetOpenAuth.OpenId.RelyingParty.UI" version="4.1.0.12182" targetFramework="net40" />
 </packages>
 \ No newline at end of file