diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-26 19:36:18 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-26 19:36:18 -0800 |
| commit | 21d77c90dcf5e65a9c9c8999db119168cdc43828 (patch) | |
| tree | a03e540099db103a98bd021be7820b568c5aafa2 | |
| parent | afe8e06d69765504809762045780e1ef6fada446 (diff) | |
| parent | a801d4458d5cce55686b10b26a2258b812184a25 (diff) | |
| download | DotNetOpenAuth-21d77c90dcf5e65a9c9c8999db119168cdc43828.zip DotNetOpenAuth-21d77c90dcf5e65a9c9c8999db119168cdc43828.tar.gz DotNetOpenAuth-21d77c90dcf5e65a9c9c8999db119168cdc43828.tar.bz2 | |
Merge branch 'v3.0' into v3.1
20 files changed, 367 insertions, 67 deletions
diff --git a/samples/InfoCardRelyingParty/Site.Master b/samples/InfoCardRelyingParty/Site.Master index 7d3dae7..508f62c 100644 --- a/samples/InfoCardRelyingParty/Site.Master +++ b/samples/InfoCardRelyingParty/Site.Master @@ -19,9 +19,9 @@ <asp:LoginStatus ID="LoginStatus1" runat="server" /> </span> <div> - <a href="http://dotnetopenid.googlecode.com"> + <a href="http://dotnetopenauth.net"> <img runat="server" src="~/images/dotnetopenid_tiny.gif" title="Jump to the project web site." - alt="DotNetOpenId" border='0' /></a> + alt="DotNetOpenAuth" border='0' /></a> </div> <div> <asp:ContentPlaceHolder ID="Main" runat="server" /> diff --git a/samples/OpenIdProviderWebForms/Site.Master b/samples/OpenIdProviderWebForms/Site.Master index 8780550..4df9e0a 100644 --- a/samples/OpenIdProviderWebForms/Site.Master +++ b/samples/OpenIdProviderWebForms/Site.Master @@ -9,9 +9,9 @@ </head> <body> <form id="form1" runat="server"> - <div><a href="http://dotnetopenid.googlecode.com"> + <div><a href="http://dotnetopenauth.net"> <img runat="server" src="~/images/dotnetopenid_tiny.gif" title="Jump to the project web site." - alt="DotNetOpenId" border='0' /></a> </div> + alt="DotNetOpenAuth" border='0' /></a> </div> <div> <asp:ContentPlaceHolder ID="Main" runat="server" /> </div> diff --git a/samples/OpenIdProviderWebForms/Web.config b/samples/OpenIdProviderWebForms/Web.config index a6cd2eb..7f28386 100644 --- a/samples/OpenIdProviderWebForms/Web.config +++ b/samples/OpenIdProviderWebForms/Web.config @@ -43,7 +43,7 @@ </settings> </system.net> - <!-- this is an optional configuration section where aspects of dotnetopenid can be customized --> + <!-- this is an optional configuration section where aspects of DotNetOpenAuth can be customized --> <dotNetOpenAuth> <openid> <provider> @@ -118,7 +118,7 @@ </authorization> </system.web> </location> - <!-- log4net is a 3rd party (free) logger library that dotnetopenid will use if present but does not require. --> + <!-- log4net is a 3rd party (free) logger library that DotNetOpenAuth will use if present but does not require. --> <log4net> <appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender"> <file value="Provider.log"/> diff --git a/samples/OpenIdProviderWebForms/server.aspx b/samples/OpenIdProviderWebForms/server.aspx index 10030a6..e31cd68 100644 --- a/samples/OpenIdProviderWebForms/server.aspx +++ b/samples/OpenIdProviderWebForms/server.aspx @@ -25,7 +25,7 @@ <table> <tr> <td> - <a href="http://dotnetopenid.googlecode.com/">http://dotnetopenid.googlecode.com/</a> + <a href="http://dotnetopenauth.net/">http://dotnetopenauth.net/</a> </td> <td> Home of this library diff --git a/samples/OpenIdRelyingPartyClassicAsp/MembersOnly.asp b/samples/OpenIdRelyingPartyClassicAsp/MembersOnly.asp index 741a3e7..da6c18b 100644 --- a/samples/OpenIdRelyingPartyClassicAsp/MembersOnly.asp +++ b/samples/OpenIdRelyingPartyClassicAsp/MembersOnly.asp @@ -11,7 +11,7 @@ End If </head> <body> <div> - <a href="http://DotNetOpenId.googlecode.com"> + <a href="http://dotnetopenauth.net"> <img runat="server" src="images/DotNetOpenId_tiny.gif" title="Jump to the project web site." alt="DotNetOpenAuth" border='0' /></a> </div> diff --git a/samples/OpenIdRelyingPartyClassicAsp/default.asp b/samples/OpenIdRelyingPartyClassicAsp/default.asp index bdddbcc..f4d1d1d 100644 --- a/samples/OpenIdRelyingPartyClassicAsp/default.asp +++ b/samples/OpenIdRelyingPartyClassicAsp/default.asp @@ -6,7 +6,7 @@ </head> <body> <div> - <a href="http://DotNetOpenId.googlecode.com"> + <a href="http://dotnetopenauth.net"> <img runat="server" src="images/DotNetOpenId_tiny.gif" title="Jump to the project web site." alt="DotNetOpenAuth" border='0' /></a> </div> diff --git a/samples/OpenIdRelyingPartyClassicAsp/login.asp b/samples/OpenIdRelyingPartyClassicAsp/login.asp index 878ab39..7a51b67 100644 --- a/samples/OpenIdRelyingPartyClassicAsp/login.asp +++ b/samples/OpenIdRelyingPartyClassicAsp/login.asp @@ -6,7 +6,7 @@ </head> <body> <div> - <a href="http://DotNetOpenId.googlecode.com"> + <a href="http://dotnetopenauth.net"> <img runat="server" src="images/DotNetOpenId_tiny.gif" title="Jump to the project web site." alt="DotNetOpenAuth" border='0' /></a> </div> diff --git a/samples/OpenIdRelyingPartyMvc/Views/Home/Index.aspx b/samples/OpenIdRelyingPartyMvc/Views/Home/Index.aspx index 8535c7c..be4bd20 100644 --- a/samples/OpenIdRelyingPartyMvc/Views/Home/Index.aspx +++ b/samples/OpenIdRelyingPartyMvc/Views/Home/Index.aspx @@ -2,7 +2,7 @@ <asp:Content ID="indexContent" ContentPlaceHolderID="MainContentPlaceHolder" runat="server"> <h1>OpenID Relying Party </h1> - <h2>Provided by <a href="http://dotnetopenid.googlecode.com">DotNetOpenAuth</a> </h2> + <h2>Provided by <a href="http://dotnetopenauth.net">DotNetOpenAuth</a> </h2> <% if (User.Identity.IsAuthenticated) { %> <p><b>You are already logged in!</b> Try visiting the <%=Html.ActionLink("Members Only", "Index", "User") %> diff --git a/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master b/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master index d9b759c..1e79171 100644 --- a/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master +++ b/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master @@ -26,7 +26,7 @@ <div class="leftColumn"> <h2>External OpenID Links</h2> <ul> - <li><a href="http://dotnetopenid.googlecode.com">DotNetOpenAuth</a></li> + <li><a href="http://dotnetopenauth.net">DotNetOpenAuth</a></li> <li><a href="http://openid.net">About OpenID</a></li> </ul> </div> diff --git a/samples/OpenIdRelyingPartyWebForms/Site.Master b/samples/OpenIdRelyingPartyWebForms/Site.Master index 9630f78..cf8c507 100644 --- a/samples/OpenIdRelyingPartyWebForms/Site.Master +++ b/samples/OpenIdRelyingPartyWebForms/Site.Master @@ -27,9 +27,9 @@ <asp:LoginStatus ID="LoginStatus1" runat="server" OnLoggedOut="LoginStatus1_LoggedOut" /> </span> <div> - <a href="http://dotnetopenid.googlecode.com"> + <a href="http://dotnetopenauth.net"> <img runat="server" src="~/images/dotnetopenid_tiny.gif" title="Jump to the project web site." - alt="DotNetOpenId" border='0' /></a> + alt="DotNetOpenAuth" border='0' /></a> </div> <div> <asp:ContentPlaceHolder ID="Main" runat="server" /> diff --git a/samples/OpenIdRelyingPartyWebForms/Web.config b/samples/OpenIdRelyingPartyWebForms/Web.config index 7983e21..b3536b9 100644 --- a/samples/OpenIdRelyingPartyWebForms/Web.config +++ b/samples/OpenIdRelyingPartyWebForms/Web.config @@ -68,7 +68,7 @@ <trust level="Medium" originUrl=".*"/> </system.web> - <!-- log4net is a 3rd party (free) logger library that dotnetopenid will use if present but does not require. --> + <!-- log4net is a 3rd party (free) logger library that DotNetOpenAuth will use if present but does not require. --> <log4net> <appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender"> <file value="RelyingParty.log" /> diff --git a/samples/README.html b/samples/README.html index 287942a..10e0f8c 100644 --- a/samples/README.html +++ b/samples/README.html @@ -94,22 +94,22 @@ <h3>Interesting classes and methods</h3> <h4>Relying party</h4> <ul> - <li>DotNetOpenId.RelyingParty.<b>OpenIdRelyingParty</b> - programmatic access to everything + <li>DotNetOpenAuth.OpenId.RelyingParty.<b>OpenIdRelyingParty</b> - programmatic access to everything a relying party web site needs.</li> - <li>DotNetOpenId.RelyingParty.<b>OpenIdTextBox</b> - An ASP.NET control that is a bare-bones + <li>DotNetOpenAuth.OpenId.RelyingParty.<b>OpenIdTextBox</b> - An ASP.NET control that is a bare-bones text input box with a LogOn method that automatically does all the OpenId stuff for you.</li> - <li>DotNetOpenId.RelyingParty.<b>OpenIdLogin</b> - Like the OpenIdTextBox, but has a + <li>DotNetOpenAuth.OpenId.RelyingParty.<b>OpenIdLogin</b> - Like the OpenIdTextBox, but has a Login button and some other end user-friendly UI built-in. Drop this onto your web form and you're all done!</li> </ul> <h4>Provider</h4> <ul> - <li>DotNetOpenId.Provider.<b>OpenIdProvider</b> - programmatic access to everything + <li>DotNetOpenAuth.OpenId.Provider.<b>OpenIdProvider</b> - programmatic access to everything a provider web site needs.</li> - <li>DotNetOpenId.Provider.<b>ProviderEndpoint</b> - An ASP.NET control that you can + <li>DotNetOpenAuth.OpenId.Provider.<b>ProviderEndpoint</b> - An ASP.NET control that you can drop in and have an instant provider endpoint on your page.</li> - <li>DotNetOpenId.Provider.<b>IdentityEndpoint</b> - An ASP.NET control that you can + <li>DotNetOpenAuth.OpenId.Provider.<b>IdentityEndpoint</b> - An ASP.NET control that you can drop onto the page for your own or your customers' individual identity pages for discovery by Relying Parties.</li> </ul> diff --git a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd index eecaecf..61f4caa 100644 --- a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd +++ b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd @@ -4,28 +4,68 @@ elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:element name="dotNetOpenAuth"> + <xs:annotation> + <xs:documentation> + Customizations and configuration of DotNetOpenAuth behavior. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="messaging"> + <xs:annotation> + <xs:documentation> + Options for general messaging protocols, such as whitelist/blacklist hosts and maximum message age. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="untrustedWebRequest"> + <xs:annotation> + <xs:documentation> + Restrictions and settings to apply to outgoing HTTP requests to hosts that are not + trusted by this web site. Useful for OpenID-supporting hosts because HTTP connections + are initiated based on user input to arbitrary servers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="whitelistHosts"> + <xs:annotation> + <xs:documentation> + A set of host names (including domain names) to allow outgoing connections to + that would otherwise not be allowed based on security restrictions. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="add"> <xs:complexType> - <xs:attribute name="name" type="xs:string" use="required" /> + <xs:attribute name="name" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The host name to trust. For example: "localhost" or "www.mypartners.com". + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="remove"> <xs:complexType> - <xs:attribute name="name" type="xs:string" use="required" /> + <xs:attribute name="name" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The host name to NOT trust. For example: "localhost" or "www.mypartners.com". + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="clear"> + <xs:annotation> + <xs:documentation> + Clears all hosts from the whitelist. + </xs:documentation> + </xs:annotation> <xs:complexType> <!--tag is empty--> </xs:complexType> @@ -55,19 +95,42 @@ </xs:complexType> </xs:element> <xs:element name="blacklistHosts"> + <xs:annotation> + <xs:documentation> + A set of host names (including domain names) to disallow outgoing connections to + that would otherwise be allowed based on security restrictions. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="add"> <xs:complexType> - <xs:attribute name="name" type="xs:string" use="required" /> + <xs:attribute name="name" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The host name known to add to the blacklist. For example: "localhost" or "www.mypartners.com". + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="remove"> <xs:complexType> - <xs:attribute name="name" type="xs:string" use="required" /> + <xs:attribute name="name" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The host name known to remove to the blacklist. For example: "localhost" or "www.mypartners.com". + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="clear"> + <xs:annotation> + <xs:documentation> + Clears all hosts from the blacklist. + </xs:documentation> + </xs:annotation> <xs:complexType> <!--tag is empty--> </xs:complexType> @@ -97,27 +160,92 @@ </xs:complexType> </xs:element> </xs:choice> - <xs:attribute name="timeout" type="xs:string" /> - <xs:attribute name="readWriteTimeout" type="xs:string" /> - <xs:attribute name="maximumBytesToRead" type="xs:int" /> - <xs:attribute name="maximumRedirections" type="xs:int" /> + <xs:attribute name="timeout" type="xs:string"> + <xs:annotation> + <xs:documentation> + The maximum time to allow for an outgoing HTTP request to complete before giving up. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="readWriteTimeout" type="xs:string"> + <xs:annotation> + <xs:documentation> + The maximum time to allow for an outgoing HTTP request to either send or receive data before giving up. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="maximumBytesToRead" type="xs:int"> + <xs:annotation> + <xs:documentation> + The maximum bytes to read from an untrusted server during an outgoing HTTP request before cutting off the response. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="maximumRedirections" type="xs:int"> + <xs:annotation> + <xs:documentation> + The maximum redirection instructions to follow before giving up. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> </xs:choice> - <xs:attribute name="lifetime" type="xs:string" /> - <xs:attribute name="clockSkew" type="xs:string" /> + <xs:attribute name="lifetime" type="xs:string"> + <xs:annotation> + <xs:documentation> + The maximum time allowed between a message being sent to when it is received before + it is considered expired. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="clockSkew" type="xs:string"> + <xs:annotation> + <xs:documentation> + The maximum time to consider a safe difference in server clocks. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="openid"> + <xs:annotation> + <xs:documentation> + Configuration for OpenID authentication (relying parties and providers). + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="relyingParty"> + <xs:annotation> + <xs:documentation> + Configuration specific for OpenID relying parties. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="security"> + <xs:annotation> + <xs:documentation> + Security settings that apply to OpenID relying parties. + </xs:documentation> + </xs:annotation> <xs:complexType> - <xs:attribute name="requireSsl" type="xs:boolean" default="false" /> + <xs:attribute name="requireSsl" type="xs:boolean" default="false"> + <xs:annotation> + <xs:documentation> + Restricts OpenID logins to identifiers that use HTTPS throughout the discovery process, + and only uses HTTPS OpenID Provider endpoints. + </xs:documentation> + </xs:annotation> + </xs:attribute> <xs:attribute name="minimumRequiredOpenIdVersion"> + <xs:annotation> + <xs:documentation> + Optionally restricts interoperability with remote parties that + implement older versions of OpenID. + </xs:documentation> + </xs:annotation> <xs:simpleType> <xs:restriction base="xs:NMTOKEN"> <xs:enumeration value="V10" /> @@ -126,37 +254,102 @@ </xs:restriction> </xs:simpleType> </xs:attribute> - <xs:attribute name="minimumHashBitLength" type="xs:int" /> - <xs:attribute name="maximumHashBitLength" type="xs:int" /> - <xs:attribute name="privateSecretMaximumAge" type="xs:string" /> + <xs:attribute name="minimumHashBitLength" type="xs:int"> + <xs:annotation> + <xs:documentation> + Shared associations with OpenID Providers will only be formed or used if they + are willing to form associations equal to or greater than a given level of protection. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="maximumHashBitLength" type="xs:int"> + <xs:annotation> + <xs:documentation> + Shared associaitons with OpenID Providers will only be formed or used if they + are willing to form associations equal to or less than a given level of protection. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="privateSecretMaximumAge" type="xs:string"> + <xs:annotation> + <xs:documentation> + The maximum age of a secret used for private signing before it is renewed. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="store"> + <xs:annotation> + <xs:documentation> + A custom implementation of IRelyingPartyApplicationStore to use by default for new + instances of OpenIdRelyingParty. + </xs:documentation> + </xs:annotation> <xs:complexType> - <xs:attribute name="type" type="xs:string"/> + <xs:attribute name="type" type="xs:string"> + <xs:annotation> + <xs:documentation> + A fully-qualified type name of the custom implementation of IRelyingPartyApplicationStore. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> </xs:element> <xs:element name="provider"> + <xs:annotation> + <xs:documentation> + Configuration specific for OpenID providers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="security"> + <xs:annotation> + <xs:documentation> + Security settings that apply to OpenID providers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="associations"> + <xs:annotation> + <xs:documentation> + Sets maximum ages for shared associations of various strengths. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="add"> <xs:complexType> - <xs:attribute name="type" type="xs:string" use="required" /> - <xs:attribute name="lifetime" type="xs:string" use="required" /> + <xs:attribute name="type" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The OpenID association type (i.e. HMAC-SHA1 or HMAC-SHA256) + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="lifetime" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The lifetime a shared association of this type will be used for. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="remove"> <xs:complexType> - <xs:attribute name="type" type="xs:string" use="required" /> + <xs:attribute name="type" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The OpenID association type (i.e. HMAC-SHA1 or HMAC-SHA256) + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="clear"> @@ -168,30 +361,78 @@ </xs:complexType> </xs:element> </xs:choice> - <xs:attribute name="protectDownlevelReplayAttacks" type="xs:boolean" /> - <xs:attribute name="minimumHashBitLength" type="xs:int" /> - <xs:attribute name="maximumHashBitLength" type="xs:int" /> + <xs:attribute name="protectDownlevelReplayAttacks" type="xs:boolean"> + <xs:annotation> + <xs:documentation> + Provides automatic security protections to OpenID 1.x relying parties + so security is comparable to OpenID 2.0 relying parties. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="minimumHashBitLength" type="xs:int"> + <xs:annotation> + <xs:documentation> + The minimum shared association strength to form with relying parties. + </xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="maximumHashBitLength" type="xs:int"> + <xs:annotation> + <xs:documentation> + The maximum shared association strength to form with relying parties. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="store"> + <xs:annotation> + <xs:documentation> + A custom implementation of IProviderApplicationStore to use by default for new + instances of OpenIdRelyingParty. + </xs:documentation> + </xs:annotation> <xs:complexType> - <xs:attribute name="type" type="xs:string"/> + <xs:attribute name="type" type="xs:string"> + <xs:annotation> + <xs:documentation> + A fully-qualified type name of the custom implementation of IProviderApplicationStore. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> </xs:element> <xs:element name="extensionFactories"> + <xs:annotation> + <xs:documentation> + Adjusts the list of known OpenID extensions via the registration of extension factories. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="add"> <xs:complexType> - <xs:attribute name="type" type="xs:string" use="required" /> + <xs:attribute name="type" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The fully-qualified name of the type that implements IOpenIdExtensionFactory. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="remove"> <xs:complexType> - <xs:attribute name="type" type="xs:string" use="required" /> + <xs:attribute name="type" type="xs:string" use="required"> + <xs:annotation> + <xs:documentation> + The fully-qualified name of the type that implements IOpenIdExtensionFactory. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="clear"> @@ -203,16 +444,38 @@ </xs:complexType> </xs:element> </xs:choice> - <xs:attribute name="maxAuthenticationTime" type="xs:string" /> + <xs:attribute name="maxAuthenticationTime" type="xs:string"> + <xs:annotation> + <xs:documentation> + The maximum time a user can take at the Provider while logging in before a relying party considers + the authentication lost. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="oauth"> + <xs:annotation> + <xs:documentation> + Settings for OAuth consumers and service providers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="consumer"> + <xs:annotation> + <xs:documentation> + Settings applicable to OAuth Consumers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="security"> + <xs:annotation> + <xs:documentation> + Security settings applicable to OAuth Consumers. + </xs:documentation> + </xs:annotation> <xs:complexType> </xs:complexType> @@ -221,24 +484,70 @@ </xs:complexType> </xs:element> <xs:element name="serviceProvider"> + <xs:annotation> + <xs:documentation> + Settings applicable to OAuth Service Providers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="security"> + <xs:annotation> + <xs:documentation> + Security settings applicable to OAuth Service Providers. + </xs:documentation> + </xs:annotation> <xs:complexType> <xs:attribute name="minimumRequiredOAuthVersion" default="V10"> + <xs:annotation> + <xs:documentation> + Optionally restricts interoperability with OAuth consumers that implement + older versions of OAuth. + </xs:documentation> + </xs:annotation> <xs:simpleType> <xs:restriction base="xs:NMTOKEN"> - <xs:enumeration value="V10" /> - <xs:enumeration value="V10a" /> + <xs:enumeration value="V10"> + <xs:annotation> + <xs:documentation> + The initial version of OAuth, now known to be vulnerable to certain social engineering attacks. + </xs:documentation> + </xs:annotation> + </xs:enumeration> + <xs:enumeration value="V10a"> + <xs:annotation> + <xs:documentation> + The OAuth version that protects against social engineering attacks by introducing + the oauth_verifier parameter. + </xs:documentation> + </xs:annotation> + </xs:enumeration> </xs:restriction> </xs:simpleType> </xs:attribute> - <xs:attribute name="maxAuthorizationTime" type="xs:string" default="0:05" /> + <xs:attribute name="maxAuthorizationTime" type="xs:string" default="0:05"> + <xs:annotation> + <xs:documentation> + The maximum time allowed for users to authorize a consumer before request tokens expire. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> <xs:element name="store"> + <xs:annotation> + <xs:documentation> + Sets the custom type that implements the INonceStore interface to use for nonce checking. + </xs:documentation> + </xs:annotation> <xs:complexType> - <xs:attribute name="type" type="xs:string"/> + <xs:attribute name="type" type="xs:string"> + <xs:annotation> + <xs:documentation> + A fully-qualified type name of the custom implementation of INonceStore. + </xs:documentation> + </xs:annotation> + </xs:attribute> </xs:complexType> </xs:element> </xs:choice> diff --git a/src/DotNetOpenAuth/Configuration/OpenIdElement.cs b/src/DotNetOpenAuth/Configuration/OpenIdElement.cs index 0d936b2..faab26c 100644 --- a/src/DotNetOpenAuth/Configuration/OpenIdElement.cs +++ b/src/DotNetOpenAuth/Configuration/OpenIdElement.cs @@ -99,10 +99,10 @@ namespace DotNetOpenAuth.Configuration { } /// <summary> - /// Gets or sets the registered OpenID extensions. + /// Gets or sets the registered OpenID extension factories. /// </summary> [ConfigurationProperty(ExtensionFactoriesElementName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(TypeConfigurationCollection<IOpenIdMessageExtension>))] + [ConfigurationCollection(typeof(TypeConfigurationCollection<IOpenIdExtensionFactory>))] internal TypeConfigurationCollection<IOpenIdExtensionFactory> ExtensionFactories { get { return (TypeConfigurationCollection<IOpenIdExtensionFactory>)this[ExtensionFactoriesElementName] ?? new TypeConfigurationCollection<IOpenIdExtensionFactory>(); } set { this[ExtensionFactoriesElementName] = value; } diff --git a/src/DotNetOpenAuth/Loggers/ILog.cs b/src/DotNetOpenAuth/Loggers/ILog.cs index 4ddbd49..8094296 100644 --- a/src/DotNetOpenAuth/Loggers/ILog.cs +++ b/src/DotNetOpenAuth/Loggers/ILog.cs @@ -21,7 +21,7 @@ // This interface is designed to look like log4net's ILog interface. // We have this as a facade in front of it to avoid crashing if the // hosting web site chooses not to deploy log4net.dll along with -// dotnetopenid.dll. +// DotNetOpenAuth.dll. namespace DotNetOpenAuth.Loggers { diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs index 7ffeabc..91dd2fd 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs @@ -178,7 +178,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { #endregion /// <summary> - /// A special DotNetOpenId-only nonce used by the RP when talking to 1.0 OPs in order + /// A special DotNetOpenAuth-only nonce used by the RP when talking to 1.0 OPs in order /// to protect against replay attacks. /// </summary> private class CustomNonce { diff --git a/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/NistAssuranceLevel.cs b/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/NistAssuranceLevel.cs index 0a3147a..3031aad 100644 --- a/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/NistAssuranceLevel.cs +++ b/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/NistAssuranceLevel.cs @@ -18,7 +18,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy { /// <remarks> /// <para>One using this enum should review the following publication for details /// before asserting or interpreting what these levels signify, notwithstanding - /// the brief summaries attached to each level in DotNetOpenId documentation. + /// the brief summaries attached to each level in DotNetOpenAuth documentation. /// http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf</para> /// <para> /// See PAPE spec Appendix A.1.2 (NIST Assurance Levels) for high-level example classifications of authentication methods within the defined levels. diff --git a/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs b/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs index 4c31100..36a874d 100644 --- a/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs +++ b/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs @@ -136,7 +136,7 @@ namespace DotNetOpenAuth.OpenId { /// Creates a new association of a given type. /// </summary> /// <param name="protocol">The protocol.</param> - /// <param name="associationType">Type of the association.</param> + /// <param name="associationType">Type of the association (i.e. HMAC-SHA1 or HMAC-SHA256)</param> /// <param name="associationUse">A value indicating whether the new association will be used privately by the Provider for "dumb mode" authentication /// or shared with the Relying Party for "smart mode" authentication.</param> /// <param name="securitySettings">The security settings of the Provider.</param> diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs index f661789..0ffe007 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs @@ -5,7 +5,6 @@ //----------------------------------------------------------------------- [assembly: System.Web.UI.WebResource(DotNetOpenAuth.OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedScriptResourceName, "text/javascript")] -[assembly: System.Web.UI.WebResource(DotNetOpenAuth.OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedDotNetOpenIdLogoResourceName, "image/gif")] [assembly: System.Web.UI.WebResource(DotNetOpenAuth.OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedSpinnerResourceName, "image/gif")] [assembly: System.Web.UI.WebResource(DotNetOpenAuth.OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedLoginSuccessResourceName, "image/png")] [assembly: System.Web.UI.WebResource(DotNetOpenAuth.OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedLoginFailureResourceName, "image/png")] @@ -44,11 +43,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { internal const string EmbeddedScriptResourceName = Util.DefaultNamespace + ".OpenId.RelyingParty.OpenIdAjaxTextBox.js"; /// <summary> - /// The name of the manifest stream containing the dotnetopenid_16x16.gif file. - /// </summary> - internal const string EmbeddedDotNetOpenIdLogoResourceName = Util.DefaultNamespace + ".OpenId.RelyingParty.dotnetopenid_16x16.gif"; - - /// <summary> /// The name of the manifest stream containing the spinner.gif file. /// </summary> internal const string EmbeddedSpinnerResourceName = Util.DefaultNamespace + ".OpenId.RelyingParty.spinner.gif"; @@ -1190,9 +1184,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { } startupScript.AppendFormat( CultureInfo.InvariantCulture, - "initAjaxOpenId(box, {0}, {1}, {2}, {3}, {4}, {5}, {6}, {7}, {8}, {9}, {10}, {11}, {12}, {13}, {14}, {15}, {16}, {17}, function({18}, {19}, {20}) {{{21}}});{22}", + "initAjaxOpenId(box, {0}, {1}, {2}, {3}, {4}, {5}, {6}, {7}, {8}, {9}, {10}, {11}, {12}, {13}, {14}, {15}, {16}, function({17}, {18}, {19}) {{{20}}});{21}", MessagingUtilities.GetSafeJavascriptValue(this.Page.ClientScript.GetWebResourceUrl(this.GetType(), OpenIdTextBox.EmbeddedLogoResourceName)), - MessagingUtilities.GetSafeJavascriptValue(this.Page.ClientScript.GetWebResourceUrl(this.GetType(), EmbeddedDotNetOpenIdLogoResourceName)), MessagingUtilities.GetSafeJavascriptValue(this.Page.ClientScript.GetWebResourceUrl(this.GetType(), EmbeddedSpinnerResourceName)), MessagingUtilities.GetSafeJavascriptValue(this.Page.ClientScript.GetWebResourceUrl(this.GetType(), EmbeddedLoginSuccessResourceName)), MessagingUtilities.GetSafeJavascriptValue(this.Page.ClientScript.GetWebResourceUrl(this.GetType(), EmbeddedLoginFailureResourceName)), diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js index 6e5d7dd..6cfd54d 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js @@ -38,7 +38,7 @@ Array.prototype.remove = function(element) { } }; -function initAjaxOpenId(box, openid_logo_url, dotnetopenid_logo_url, spinner_url, success_icon_url, failure_icon_url, +function initAjaxOpenId(box, openid_logo_url, spinner_url, success_icon_url, failure_icon_url, throttle, timeout, assertionReceivedCode, loginButtonText, loginButtonToolTip, retryButtonText, retryButtonToolTip, busyToolTip, identifierRequiredMessage, loginInProgressMessage, @@ -221,8 +221,6 @@ function initAjaxOpenId(box, openid_logo_url, dotnetopenid_logo_url, spinner_url box.dnoi_internal.success_icon = box.dnoi_internal.constructIcon(success_icon_url, authenticatedAsToolTip, true); //box.dnoi_internal.failure_icon = box.dnoi_internal.constructIcon(failure_icon_url, authenticationFailedToolTip, true); - // Disable the display of the DotNetOpenId logo - //box.dnoi_internal.dnoi_logo = box.dnoi_internal.constructIcon(dotnetopenid_logo_url); box.dnoi_internal.dnoi_logo = box.dnoi_internal.openid_logo; box.dnoi_internal.setVisualCue = function(state, authenticatedBy, authenticatedAs) { |