C# compiler warning fixes.

author: Andrew Arnott <andrewarnott@gmail.com> 2013-02-10 21:31:06 -0800
committer: Andrew Arnott <andrewarnott@gmail.com> 2013-02-10 21:31:06 -0800
commit: 938a79f28b0fb5718cc58f8f20be5d4207bc189f (patch)
tree: 46ba83af2172889824c42e1ef452d8cfd2789b16
parent: 8d530aa91c05b14be12c5b1177f39eb5f62c669e (diff)
download: DotNetOpenAuth-938a79f28b0fb5718cc58f8f20be5d4207bc189f.zip
DotNetOpenAuth-938a79f28b0fb5718cc58f8f20be5d4207bc189f.tar.gz
DotNetOpenAuth-938a79f28b0fb5718cc58f8f20be5d4207bc189f.tar.bz2
90 files changed, 818 insertions, 604 deletions
diff --git a/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs b/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs
index fd6a3e6..d684116 100644
--- a/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs
+++ b/projecttemplates/MvcRelyingParty/Code/OpenIdRelyingPartyService.cs
@@ -82,7 +82,7 @@
 
 		public async Task<ActionResult> AjaxDiscoveryAsync(Identifier userSuppliedIdentifier, Realm realm, Uri returnTo, Uri privacyPolicy, CancellationToken cancellationToken = default(CancellationToken)) {
 			return (await relyingParty.AsAjaxDiscoveryResultAsync(
-				await this.CreateRequestsAsync(userSuppliedIdentifier, realm, returnTo, privacyPolicy, cancellationToken), 
+				await this.CreateRequestsAsync(userSuppliedIdentifier, realm, returnTo, privacyPolicy, cancellationToken),
 				cancellationToken)).AsActionResult();
 		}
 
diff --git a/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs b/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs
index 4842e96..a6a6e9f 100644
--- a/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs
+++ b/samples/DotNetOpenAuth.ApplicationBlock/GoogleConsumer.cs
@@ -179,6 +179,7 @@ namespace DotNetOpenAuth.ApplicationBlock
 		/// </summary>
 		/// <param name="consumer">The Google consumer previously constructed using <see cref="CreateWebConsumer"/> or <see cref="CreateDesktopConsumer"/>.</param>
 		/// <param name="requestedAccessScope">The requested access scope.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		public static async Task RequestAuthorizationAsync(WebConsumer consumer, Applications requestedAccessScope, CancellationToken cancellationToken = default(CancellationToken)) {
 			if (consumer == null) {
 				throw new ArgumentNullException("consumer");
@@ -196,10 +197,13 @@ namespace DotNetOpenAuth.ApplicationBlock
 		/// <summary>
 		/// Requests authorization from Google to access data from a set of Google applications.
 		/// </summary>
-		/// <param name="consumer">The Google consumer previously constructed using <see cref="CreateWebConsumer"/> or <see cref="CreateDesktopConsumer"/>.</param>
+		/// <param name="consumer">The Google consumer previously constructed using <see cref="CreateWebConsumer" /> or <see cref="CreateDesktopConsumer" />.</param>
 		/// <param name="requestedAccessScope">The requested access scope.</param>
-		/// <param name="requestToken">The unauthorized request token assigned by Google.</param>
-		/// <returns>The URI to redirect to and the request token.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The URI to redirect to and the request token.
+		/// </returns>
+		/// <exception cref="System.ArgumentNullException">consumer</exception>
 		public static Task<Tuple<Uri, string>> RequestAuthorizationAsync(DesktopConsumer consumer, Applications requestedAccessScope, CancellationToken cancellationToken = default(CancellationToken)) {
 			if (consumer == null) {
 				throw new ArgumentNullException("consumer");
@@ -219,7 +223,11 @@ namespace DotNetOpenAuth.ApplicationBlock
 		/// <param name="accessToken">The access token previously retrieved.</param>
 		/// <param name="maxResults">The maximum number of entries to return. If you want to receive all of the contacts, rather than only the default maximum, you can specify a very large number here.</param>
 		/// <param name="startIndex">The 1-based index of the first result to be retrieved (for paging).</param>
-		/// <returns>An XML document returned by Google.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// An XML document returned by Google.
+		/// </returns>
+		/// <exception cref="System.ArgumentNullException">consumer</exception>
 		public static async Task<XDocument> GetContactsAsync(ConsumerBase consumer, string accessToken, int maxResults = 25, int startIndex = 1, CancellationToken cancellationToken = default(CancellationToken)) {
 			if (consumer == null) {
 				throw new ArgumentNullException("consumer");
diff --git a/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs b/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs
index 0cec2da..48e6b4b 100644
--- a/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs
+++ b/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs
@@ -159,8 +159,8 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			var imageAttachment = new StreamContent(File.OpenRead(image));
 			imageAttachment.Headers.ContentType = new MediaTypeHeaderValue("image/" + Path.GetExtension(image).Substring(1).ToLowerInvariant());
 			var parts = new List<MultipartContentMember> {
-				new MultipartContentMember(imageAttachment , "image"),
-				new MultipartContentMember(new StringContent(tile.ToString().ToLowerInvariant()) , "tile"),
+				new MultipartContentMember(imageAttachment, "image"),
+				new MultipartContentMember(new StringContent(tile.ToString().ToLowerInvariant()), "tile"),
 			};
 			HttpRequestMessage request = await twitter.PrepareAuthorizedRequestAsync(UpdateProfileBackgroundImageEndpoint, accessToken, parts, cancellationToken);
 			request.Headers.ExpectContinue = false;
@@ -181,7 +181,7 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			var imageAttachment = new StreamContent(image);
 			imageAttachment.Headers.ContentType = new MediaTypeHeaderValue(contentType);
 			var parts = new List<MultipartContentMember> {
-				new MultipartContentMember(imageAttachment,"image", "twitterPhoto"),
+				new MultipartContentMember(imageAttachment, "image", "twitterPhoto"),
 			};
 
 			HttpRequestMessage request = await twitter.PrepareAuthorizedRequestAsync(UpdateProfileImageEndpoint, accessToken, parts, cancellationToken);
@@ -214,9 +214,12 @@ namespace DotNetOpenAuth.ApplicationBlock {
 		/// Prepares a redirect that will send the user to Twitter to sign in.
 		/// </summary>
 		/// <param name="forceNewLogin">if set to <c>true</c> the user will be required to re-enter their Twitter credentials even if already logged in to Twitter.</param>
-		/// <returns>The redirect message.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The redirect message.
+		/// </returns>
 		/// <remarks>
-		/// Call <see cref="OutgoingWebResponse.Send"/> or
+		/// Call <see cref="OutgoingWebResponse.Send" /> or
 		/// <c>return StartSignInWithTwitter().<see cref="MessagingUtilities.AsActionResult">AsActionResult()</see></c>
 		/// to actually perform the redirect.
 		/// </remarks>
@@ -234,6 +237,7 @@ namespace DotNetOpenAuth.ApplicationBlock {
 		/// Checks the incoming web request to see if it carries a Twitter authentication response,
 		/// and provides the user's Twitter screen name and unique id if available.
 		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A tuple with the screen name and Twitter unique user ID if successful; otherwise <c>null</c>.
 		/// </returns>
diff --git a/samples/OAuthClient/SampleWcf2.aspx.cs b/samples/OAuthClient/SampleWcf2.aspx.cs
index b45434e..e1b778b 100644
--- a/samples/OAuthClient/SampleWcf2.aspx.cs
+++ b/samples/OAuthClient/SampleWcf2.aspx.cs
@@ -1,147 +1,146 @@
-namespace OAuthClient {
-	using System;
-	using System.Collections.Generic;
-	using System.Globalization;
-	using System.Linq;
-	using System.Net;
-	using System.ServiceModel;
-	using System.ServiceModel.Channels;
-	using System.ServiceModel.Security;
-	using System.Threading;
-	using System.Threading.Tasks;
-	using System.Web;
-	using System.Web.UI;
-	using System.Web.UI.WebControls;
-	using DotNetOpenAuth.OAuth2;
-	using SampleResourceServer;
-
-	using DotNetOpenAuth.Messaging;
-
-	public partial class SampleWcf2 : System.Web.UI.Page {
-		/// <summary>
-		/// The OAuth 2.0 client object to use to obtain authorization and authorize outgoing HTTP requests.
-		/// </summary>
-		private static readonly WebServerClient Client;
-
-		/// <summary>
-		/// The details about the sample OAuth-enabled WCF service that this sample client calls into.
-		/// </summary>
-		private static AuthorizationServerDescription authServerDescription = new AuthorizationServerDescription {
-			TokenEndpoint = new Uri("http://localhost:50172/OAuth/Token"),
-			AuthorizationEndpoint = new Uri("http://localhost:50172/OAuth/Authorize"),
-		};
-
-		/// <summary>
-		/// Initializes static members of the <see cref="SampleWcf2"/> class.
-		/// </summary>
-		static SampleWcf2() {
-			Client = new WebServerClient(authServerDescription, "sampleconsumer", "samplesecret");
-		}
-
-		/// <summary>
-		/// Gets or sets the authorization details for the logged in user.
-		/// </summary>
-		/// <value>The authorization details.</value>
-		/// <remarks>
-		/// Because this is a sample, we simply store the authorization information in memory with the user session.
-		/// A real web app should store at least the access and refresh tokens in this object in a database associated with the user.
-		/// </remarks>
-		private static IAuthorizationState Authorization {
-			get { return (AuthorizationState)HttpContext.Current.Session["Authorization"]; }
-			set { HttpContext.Current.Session["Authorization"] = value; }
-		}
-
-		protected async void Page_Load(object sender, EventArgs e) {
-			if (!IsPostBack) {
-				// Check to see if we're receiving a end user authorization response.
-				var authorization = await Client.ProcessUserAuthorizationAsync(new HttpRequestWrapper(Request), Response.ClientDisconnectedToken);
-				if (authorization != null) {
-					// We are receiving an authorization response.  Store it and associate it with this user.
-					Authorization = authorization;
-					Response.Redirect(Request.Path); // get rid of the /?code= parameter
-				}
-			}
-
-			if (Authorization != null) {
-				// Indicate to the user that we have already obtained authorization on some of these.
-				foreach (var li in this.scopeList.Items.OfType<ListItem>().Where(li => Authorization.Scope.Contains(li.Value))) {
-					li.Selected = true;
-				}
-				this.authorizationLabel.Text = "Authorization received!";
-				if (Authorization.AccessTokenExpirationUtc.HasValue) {
-					TimeSpan timeLeft = Authorization.AccessTokenExpirationUtc.Value - DateTime.UtcNow;
-					this.authorizationLabel.Text += string.Format(CultureInfo.CurrentCulture, "  (access token expires in {0} minutes)", Math.Round(timeLeft.TotalMinutes, 1));
-				}
-			}
-
-			this.getNameButton.Enabled = this.getAgeButton.Enabled = this.getFavoriteSites.Enabled = Authorization != null;
-		}
-
-		protected async void getAuthorizationButton_Click(object sender, EventArgs e) {
-			string[] scopes = (from item in this.scopeList.Items.OfType<ListItem>()
-							   where item.Selected
-							   select item.Value).ToArray();
-
-			var request = await Client.PrepareRequestUserAuthorizationAsync(scopes, cancellationToken: Response.ClientDisconnectedToken);
-			await request.SendAsync();
-		}
-
-		protected async void getNameButton_Click(object sender, EventArgs e) {
-			try {
-				this.nameLabel.Text = await this.CallServiceAsync(client => client.GetName(), Response.ClientDisconnectedToken);
-			} catch (SecurityAccessDeniedException) {
-				this.nameLabel.Text = "Access denied!";
-			} catch (MessageSecurityException) {
-				this.nameLabel.Text = "Access denied!";
-			}
-		}
-
-		protected async void getAgeButton_Click(object sender, EventArgs e) {
-			try {
-				int? age = await this.CallServiceAsync(client => client.GetAge(), Response.ClientDisconnectedToken);
-				this.ageLabel.Text = age.HasValue ? age.Value.ToString(CultureInfo.CurrentCulture) : "not available";
-			} catch (SecurityAccessDeniedException) {
-				this.ageLabel.Text = "Access denied!";
-			} catch (MessageSecurityException) {
-				this.ageLabel.Text = "Access denied!";
-			}
-		}
-
-		protected async void getFavoriteSites_Click(object sender, EventArgs e) {
-			try {
-				string[] favoriteSites = await this.CallServiceAsync(client => client.GetFavoriteSites(), Response.ClientDisconnectedToken);
-				this.favoriteSitesLabel.Text = string.Join(", ", favoriteSites);
-			} catch (SecurityAccessDeniedException) {
-				this.favoriteSitesLabel.Text = "Access denied!";
-			} catch (MessageSecurityException) {
-				this.favoriteSitesLabel.Text = "Access denied!";
-			}
-		}
-
-		private async Task<T> CallServiceAsync<T>(Func<DataApiClient, T> predicate, CancellationToken cancellationToken) {
-			if (Authorization == null) {
-				throw new InvalidOperationException("No access token!");
-			}
-
-			var wcfClient = new DataApiClient();
-
-			// Refresh the access token if it expires and if its lifetime is too short to be of use.
-			if (Authorization.AccessTokenExpirationUtc.HasValue) {
-				if (await Client.RefreshAuthorizationAsync(Authorization, TimeSpan.FromSeconds(30))) {
-					TimeSpan timeLeft = Authorization.AccessTokenExpirationUtc.Value - DateTime.UtcNow;
-					this.authorizationLabel.Text += string.Format(CultureInfo.CurrentCulture, " - just renewed for {0} more minutes)", Math.Round(timeLeft.TotalMinutes, 1));
-				}
-			}
-
-			var httpRequest = (HttpWebRequest)WebRequest.Create(wcfClient.Endpoint.Address.Uri);
-			ClientBase.AuthorizeRequest(httpRequest, Authorization.AccessToken);
-
-			var httpDetails = new HttpRequestMessageProperty();
-			httpDetails.Headers[HttpRequestHeader.Authorization] = httpRequest.Headers[HttpRequestHeader.Authorization];
-			using (var scope = new OperationContextScope(wcfClient.InnerChannel)) {
-				OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpDetails;
-				return predicate(wcfClient);
-			}
-		}
-	}
+namespace OAuthClient {
+	using System;
+	using System.Collections.Generic;
+	using System.Globalization;
+	using System.Linq;
+	using System.Net;
+	using System.ServiceModel;
+	using System.ServiceModel.Channels;
+	using System.ServiceModel.Security;
+	using System.Threading;
+	using System.Threading.Tasks;
+	using System.Web;
+	using System.Web.UI;
+	using System.Web.UI.WebControls;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuth2;
+	using SampleResourceServer;
+
+	public partial class SampleWcf2 : System.Web.UI.Page {
+		/// <summary>
+		/// The OAuth 2.0 client object to use to obtain authorization and authorize outgoing HTTP requests.
+		/// </summary>
+		private static readonly WebServerClient Client;
+
+		/// <summary>
+		/// The details about the sample OAuth-enabled WCF service that this sample client calls into.
+		/// </summary>
+		private static AuthorizationServerDescription authServerDescription = new AuthorizationServerDescription {
+			TokenEndpoint = new Uri("http://localhost:50172/OAuth/Token"),
+			AuthorizationEndpoint = new Uri("http://localhost:50172/OAuth/Authorize"),
+		};
+
+		/// <summary>
+		/// Initializes static members of the <see cref="SampleWcf2"/> class.
+		/// </summary>
+		static SampleWcf2() {
+			Client = new WebServerClient(authServerDescription, "sampleconsumer", "samplesecret");
+		}
+
+		/// <summary>
+		/// Gets or sets the authorization details for the logged in user.
+		/// </summary>
+		/// <value>The authorization details.</value>
+		/// <remarks>
+		/// Because this is a sample, we simply store the authorization information in memory with the user session.
+		/// A real web app should store at least the access and refresh tokens in this object in a database associated with the user.
+		/// </remarks>
+		private static IAuthorizationState Authorization {
+			get { return (AuthorizationState)HttpContext.Current.Session["Authorization"]; }
+			set { HttpContext.Current.Session["Authorization"] = value; }
+		}
+
+		protected async void Page_Load(object sender, EventArgs e) {
+			if (!IsPostBack) {
+				// Check to see if we're receiving a end user authorization response.
+				var authorization = await Client.ProcessUserAuthorizationAsync(new HttpRequestWrapper(Request), Response.ClientDisconnectedToken);
+				if (authorization != null) {
+					// We are receiving an authorization response.  Store it and associate it with this user.
+					Authorization = authorization;
+					Response.Redirect(Request.Path); // get rid of the /?code= parameter
+				}
+			}
+
+			if (Authorization != null) {
+				// Indicate to the user that we have already obtained authorization on some of these.
+				foreach (var li in this.scopeList.Items.OfType<ListItem>().Where(li => Authorization.Scope.Contains(li.Value))) {
+					li.Selected = true;
+				}
+				this.authorizationLabel.Text = "Authorization received!";
+				if (Authorization.AccessTokenExpirationUtc.HasValue) {
+					TimeSpan timeLeft = Authorization.AccessTokenExpirationUtc.Value - DateTime.UtcNow;
+					this.authorizationLabel.Text += string.Format(CultureInfo.CurrentCulture, "  (access token expires in {0} minutes)", Math.Round(timeLeft.TotalMinutes, 1));
+				}
+			}
+
+			this.getNameButton.Enabled = this.getAgeButton.Enabled = this.getFavoriteSites.Enabled = Authorization != null;
+		}
+
+		protected async void getAuthorizationButton_Click(object sender, EventArgs e) {
+			string[] scopes = (from item in this.scopeList.Items.OfType<ListItem>()
+							   where item.Selected
+							   select item.Value).ToArray();
+
+			var request = await Client.PrepareRequestUserAuthorizationAsync(scopes, cancellationToken: Response.ClientDisconnectedToken);
+			await request.SendAsync();
+		}
+
+		protected async void getNameButton_Click(object sender, EventArgs e) {
+			try {
+				this.nameLabel.Text = await this.CallServiceAsync(client => client.GetName(), Response.ClientDisconnectedToken);
+			} catch (SecurityAccessDeniedException) {
+				this.nameLabel.Text = "Access denied!";
+			} catch (MessageSecurityException) {
+				this.nameLabel.Text = "Access denied!";
+			}
+		}
+
+		protected async void getAgeButton_Click(object sender, EventArgs e) {
+			try {
+				int? age = await this.CallServiceAsync(client => client.GetAge(), Response.ClientDisconnectedToken);
+				this.ageLabel.Text = age.HasValue ? age.Value.ToString(CultureInfo.CurrentCulture) : "not available";
+			} catch (SecurityAccessDeniedException) {
+				this.ageLabel.Text = "Access denied!";
+			} catch (MessageSecurityException) {
+				this.ageLabel.Text = "Access denied!";
+			}
+		}
+
+		protected async void getFavoriteSites_Click(object sender, EventArgs e) {
+			try {
+				string[] favoriteSites = await this.CallServiceAsync(client => client.GetFavoriteSites(), Response.ClientDisconnectedToken);
+				this.favoriteSitesLabel.Text = string.Join(", ", favoriteSites);
+			} catch (SecurityAccessDeniedException) {
+				this.favoriteSitesLabel.Text = "Access denied!";
+			} catch (MessageSecurityException) {
+				this.favoriteSitesLabel.Text = "Access denied!";
+			}
+		}
+
+		private async Task<T> CallServiceAsync<T>(Func<DataApiClient, T> predicate, CancellationToken cancellationToken) {
+			if (Authorization == null) {
+				throw new InvalidOperationException("No access token!");
+			}
+
+			var wcfClient = new DataApiClient();
+
+			// Refresh the access token if it expires and if its lifetime is too short to be of use.
+			if (Authorization.AccessTokenExpirationUtc.HasValue) {
+				if (await Client.RefreshAuthorizationAsync(Authorization, TimeSpan.FromSeconds(30))) {
+					TimeSpan timeLeft = Authorization.AccessTokenExpirationUtc.Value - DateTime.UtcNow;
+					this.authorizationLabel.Text += string.Format(CultureInfo.CurrentCulture, " - just renewed for {0} more minutes)", Math.Round(timeLeft.TotalMinutes, 1));
+				}
+			}
+
+			var httpRequest = (HttpWebRequest)WebRequest.Create(wcfClient.Endpoint.Address.Uri);
+			ClientBase.AuthorizeRequest(httpRequest, Authorization.AccessToken);
+
+			var httpDetails = new HttpRequestMessageProperty();
+			httpDetails.Headers[HttpRequestHeader.Authorization] = httpRequest.Headers[HttpRequestHeader.Authorization];
+			using (var scope = new OperationContextScope(wcfClient.InnerChannel)) {
+				OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpDetails;
+				return predicate(wcfClient);
+			}
+		}
+	}
 }
 \ No newline at end of file
diff --git a/samples/OAuthClient/SignInWithTwitter.aspx.cs b/samples/OAuthClient/SignInWithTwitter.aspx.cs
index bd6163a..dfc3f7a 100644
--- a/samples/OAuthClient/SignInWithTwitter.aspx.cs
+++ b/samples/OAuthClient/SignInWithTwitter.aspx.cs
@@ -10,9 +10,8 @@
 	using System.Xml.Linq;
 	using System.Xml.XPath;
 	using DotNetOpenAuth.ApplicationBlock;
-	using DotNetOpenAuth.OAuth;
-
 	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuth;
 
 	public partial class SignInWithTwitter : System.Web.UI.Page {
 		protected async void Page_Load(object sender, EventArgs e) {
diff --git a/samples/OAuthClient/WindowsLive.aspx.cs b/samples/OAuthClient/WindowsLive.aspx.cs
index 7a3a707..b9e094a 100644
--- a/samples/OAuthClient/WindowsLive.aspx.cs
+++ b/samples/OAuthClient/WindowsLive.aspx.cs
@@ -9,9 +9,8 @@
 	using System.Web.UI.WebControls;
 	using DotNetOpenAuth.ApplicationBlock;
 	using DotNetOpenAuth.ApplicationBlock.Facebook;
-	using DotNetOpenAuth.OAuth2;
-
 	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuth2;
 
 	public partial class WindowsLive : System.Web.UI.Page {
 		private static readonly WindowsLiveClient client = new WindowsLiveClient {
diff --git a/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
index 0038b2e..091c9bb 100644
--- a/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
+++ b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
@@ -88,6 +88,7 @@
 		/// Submits this response to a WCF response context.  Only available when no response body is included.
 		/// </summary>
 		/// <param name="responseContext">The response context to apply the response to.</param>
+		/// <param name="responseMessage">The response message.</param>
 		private void Respond(OutgoingWebResponseContext responseContext, HttpResponseMessage responseMessage) {
 			responseContext.StatusCode = responseMessage.StatusCode;
 			responseContext.SuppressEntityBody = true;
diff --git a/samples/OAuthServiceProvider/Members/Authorize.aspx.cs b/samples/OAuthServiceProvider/Members/Authorize.aspx.cs
index 822d6d0..a68f076 100644
--- a/samples/OAuthServiceProvider/Members/Authorize.aspx.cs
+++ b/samples/OAuthServiceProvider/Members/Authorize.aspx.cs
@@ -7,12 +7,11 @@
 	using System.Web.UI;
 	using System.Web.UI.WebControls;
 	using DotNetOpenAuth;
+	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OAuth;
 	using DotNetOpenAuth.OAuth.Messages;
 	using OAuthServiceProvider.Code;
 
-	using DotNetOpenAuth.Messaging;
-
 	/// <summary>
 	/// Conducts the user through a Consumer authorization process.
 	/// </summary>
diff --git a/samples/OpenIdOfflineProvider/MainWindow.xaml.cs b/samples/OpenIdOfflineProvider/MainWindow.xaml.cs
index 00f4a6a..ad96edd 100644
--- a/samples/OpenIdOfflineProvider/MainWindow.xaml.cs
+++ b/samples/OpenIdOfflineProvider/MainWindow.xaml.cs
@@ -99,6 +99,31 @@ namespace DotNetOpenAuth.OpenIdOfflineProvider {
 		}
 
 		/// <summary>
+		/// Adds a set of HTTP headers to an <see cref="HttpResponse"/> instance,
+		/// taking care to set some headers to the appropriate properties of
+		/// <see cref="HttpResponse" />
+		/// </summary>
+		/// <param name="headers">The headers to add.</param>
+		/// <param name="response">The <see cref="HttpListenerResponse"/> instance to set the appropriate values to.</param>
+		private static void ApplyHeadersToResponse(HttpResponseHeaders headers, HttpListenerResponse response) {
+			Requires.NotNull(headers, "headers");
+			Requires.NotNull(response, "response");
+
+			foreach (var header in headers) {
+				switch (header.Key) {
+					case "Content-Type":
+						response.ContentType = header.Value.First();
+						break;
+
+					// Add more special cases here as necessary.
+					default:
+						response.AddHeader(header.Key, header.Value.First());
+						break;
+				}
+			}
+		}
+
+		/// <summary>
 		/// Processes an incoming request at the OpenID Provider endpoint.
 		/// </summary>
 		/// <param name="requestInfo">The request info.</param>
@@ -156,31 +181,6 @@ namespace DotNetOpenAuth.OpenIdOfflineProvider {
 		}
 
 		/// <summary>
-		/// Adds a set of HTTP headers to an <see cref="HttpResponse"/> instance,
-		/// taking care to set some headers to the appropriate properties of
-		/// <see cref="HttpResponse" />
-		/// </summary>
-		/// <param name="headers">The headers to add.</param>
-		/// <param name="response">The <see cref="HttpListenerResponse"/> instance to set the appropriate values to.</param>
-		private static void ApplyHeadersToResponse(HttpResponseHeaders headers, HttpListenerResponse response) {
-			Requires.NotNull(headers, "headers");
-			Requires.NotNull(response, "response");
-
-			foreach (var header in headers) {
-				switch (header.Key) {
-					case "Content-Type":
-						response.ContentType = header.Value.First();
-						break;
-
-					// Add more special cases here as necessary.
-					default:
-						response.AddHeader(header.Key, header.Value.First());
-						break;
-				}
-			}
-		}
-
-		/// <summary>
 		/// Starts the provider.
 		/// </summary>
 		private void startProvider() {
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/DotNetOpenAuthWebConsumer.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/DotNetOpenAuthWebConsumer.cs
index 2a67dab..a87a678 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/DotNetOpenAuthWebConsumer.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/DotNetOpenAuthWebConsumer.cs
@@ -55,13 +55,12 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// The prepare authorized request.
 		/// </summary>
-		/// <param name="profileEndpoint">
-		/// The profile endpoint.
-		/// </param>
-		/// <param name="accessToken">
-		/// The access token.
-		/// </param>
-		/// <returns>An HTTP request.</returns>
+		/// <param name="profileEndpoint">The profile endpoint.</param>
+		/// <param name="accessToken">The access token.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// An HTTP request.
+		/// </returns>
 		public Task<HttpRequestMessage> PrepareAuthorizedRequestAsync(MessageReceivingEndpoint profileEndpoint, string accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
 			return this.webConsumer.PrepareAuthorizedRequestAsync(profileEndpoint, accessToken, cancellationToken);
 		}
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/IOAuthWebWorker.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/IOAuthWebWorker.cs
index 9651f52..91fca59 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/IOAuthWebWorker.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/IOAuthWebWorker.cs
@@ -22,13 +22,12 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// The prepare authorized request.
 		/// </summary>
-		/// <param name="profileEndpoint">
-		/// The profile endpoint.
-		/// </param>
-		/// <param name="accessToken">
-		/// The access token.
-		/// </param>
-		/// <returns>An HTTP request.</returns>
+		/// <param name="profileEndpoint">The profile endpoint.</param>
+		/// <param name="accessToken">The access token.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// An HTTP request.
+		/// </returns>
 		Task<HttpRequestMessage> PrepareAuthorizedRequestAsync(MessageReceivingEndpoint profileEndpoint, string accessToken, CancellationToken cancellationToken = default(CancellationToken));
 
 		/// <summary>
@@ -40,9 +39,8 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// The request authentication.
 		/// </summary>
-		/// <param name="callback">
-		/// The callback.
-		/// </param>
+		/// <param name="callback">The callback.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		Task<HttpResponseMessage> RequestAuthenticationAsync(Uri callback, CancellationToken cancellationToken = default(CancellationToken));
 
 		#endregion
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/LinkedInClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/LinkedInClient.cs
index 365b4c1..2445db5 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/LinkedInClient.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/LinkedInClient.cs
@@ -100,7 +100,7 @@ namespace DotNetOpenAuth.AspNet.Clients {
 			HttpRequestMessage request = await this.WebWorker.PrepareAuthorizedRequestAsync(profileEndpoint, accessToken, cancellationToken);
 
 			try {
-				using(var httpClient = new HttpClient()) {
+				using (var httpClient = new HttpClient()) {
 					using (HttpResponseMessage profileResponse = await httpClient.SendAsync(request, cancellationToken)) {
 						using (Stream responseStream = await profileResponse.Content.ReadAsStreamAsync()) {
 							XDocument document = LoadXDocumentFromStream(responseStream);
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs
index dd48bf6..fb6ba3d 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/OAuthClient.cs
@@ -105,12 +105,9 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// Attempts to authenticate users by forwarding them to an external website, and upon succcess or failure, redirect users back to the specified url.
 		/// </summary>
-		/// <param name="context">
-		/// The context.
-		/// </param>
-		/// <param name="returnUrl">
-		/// The return url after users have completed authenticating against external website. 
-		/// </param>
+		/// <param name="context">The context.</param>
+		/// <param name="returnUrl">The return url after users have completed authenticating against external website.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		public virtual Task RequestAuthenticationAsync(HttpContextBase context, Uri returnUrl, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(returnUrl, "returnUrl");
 			Requires.NotNull(context, "context");
@@ -122,11 +119,10 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// Check if authentication succeeded after user is redirected back from the service provider.
 		/// </summary>
-		/// <param name="context">
-		/// The context.
-		/// </param>
+		/// <param name="context">The context.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
-		/// An instance of <see cref="AuthenticationResult"/> containing authentication result. 
+		/// An instance of <see cref="AuthenticationResult" /> containing authentication result.
 		/// </returns>
 		public virtual async Task<AuthenticationResult> VerifyAuthenticationAsync(HttpContextBase context, CancellationToken cancellationToken = default(CancellationToken)) {
 			AuthorizedTokenResponse response = await this.WebWorker.ProcessUserAuthorizationAsync(cancellationToken);
@@ -178,6 +174,7 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <param name="response">
 		/// The response token returned from service provider 
 		/// </param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// Authentication result 
 		/// </returns>
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs
index c2dcf95..3cfa36f 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth/TwitterClient.cs
@@ -82,11 +82,10 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// Check if authentication succeeded after user is redirected back from the service provider.
 		/// </summary>
-		/// <param name="response">
-		/// The response token returned from service provider 
-		/// </param>
+		/// <param name="response">The response token returned from service provider</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
-		/// Authentication result 
+		/// Authentication result
 		/// </returns>
 		[SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes",
 			Justification = "We don't care if the request for additional data fails.")]
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OAuth2/OAuth2Client.cs b/src/DotNetOpenAuth.AspNet/Clients/OAuth2/OAuth2Client.cs
index 60f6a5e..317a46d 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OAuth2/OAuth2Client.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OAuth2/OAuth2Client.cs
@@ -59,12 +59,9 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// Attempts to authenticate users by forwarding them to an external website, and upon succcess or failure, redirect users back to the specified url.
 		/// </summary>
-		/// <param name="context">
-		/// The context.
-		/// </param>
-		/// <param name="returnUrl">
-		/// The return url after users have completed authenticating against external website. 
-		/// </param>
+		/// <param name="context">The context.</param>
+		/// <param name="returnUrl">The return url after users have completed authenticating against external website.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		public virtual async Task RequestAuthenticationAsync(HttpContextBase context, Uri returnUrl, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(context, "context");
 			Requires.NotNull(returnUrl, "returnUrl");
@@ -76,12 +73,12 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// Check if authentication succeeded after user is redirected back from the service provider.
 		/// </summary>
-		/// <param name="context">
-		/// The context.
-		/// </param>
+		/// <param name="context">The context.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
-		/// An instance of <see cref="AuthenticationResult"/> containing authentication result. 
+		/// An instance of <see cref="AuthenticationResult" /> containing authentication result.
 		/// </returns>
+		/// <exception cref="System.InvalidOperationException"></exception>
 		public Task<AuthenticationResult> VerifyAuthenticationAsync(HttpContextBase context, CancellationToken cancellationToken = default(CancellationToken)) {
 			throw new InvalidOperationException(WebResources.OAuthRequireReturnUrl);
 		}
@@ -91,6 +88,7 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// </summary>
 		/// <param name="context">The context.</param>
 		/// <param name="returnPageUrl">The return URL which should match the value passed to RequestAuthentication() method.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// An instance of <see cref="AuthenticationResult"/> containing authentication result.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.AspNet/Clients/OpenID/OpenIDClient.cs b/src/DotNetOpenAuth.AspNet/Clients/OpenID/OpenIDClient.cs
index 741b51b..0d6d6ca 100644
--- a/src/DotNetOpenAuth.AspNet/Clients/OpenID/OpenIDClient.cs
+++ b/src/DotNetOpenAuth.AspNet/Clients/OpenID/OpenIDClient.cs
@@ -87,6 +87,7 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <param name="returnUrl">
 		/// The return url after users have completed authenticating against external website. 
 		/// </param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		[SuppressMessage("Microsoft.Usage", "CA2234:PassSystemUriObjectsInsteadOfStrings",
 			Justification = "We don't have a Uri object handy.")]
 		public virtual async Task RequestAuthenticationAsync(HttpContextBase context, Uri returnUrl, CancellationToken cancellationToken = default(CancellationToken)) {
@@ -104,12 +105,12 @@ namespace DotNetOpenAuth.AspNet.Clients {
 		/// <summary>
 		/// Check if authentication succeeded after user is redirected back from the service provider.
 		/// </summary>
-		/// <param name="context">
-		/// The context of the current request. 
-		/// </param>
+		/// <param name="context">The context of the current request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
-		/// An instance of <see cref="AuthenticationResult"/> containing authentication result. 
+		/// An instance of <see cref="AuthenticationResult" /> containing authentication result.
 		/// </returns>
+		/// <exception cref="System.InvalidOperationException"></exception>
 		public virtual async Task<AuthenticationResult> VerifyAuthenticationAsync(HttpContextBase context, CancellationToken cancellationToken = default(CancellationToken)) {
 			IAuthenticationResponse response = await RelyingParty.GetResponseAsync(context.Request, cancellationToken);
 			if (response == null) {
diff --git a/src/DotNetOpenAuth.AspNet/IAuthenticationClient.cs b/src/DotNetOpenAuth.AspNet/IAuthenticationClient.cs
index bca32c6..b13f0d1 100644
--- a/src/DotNetOpenAuth.AspNet/IAuthenticationClient.cs
+++ b/src/DotNetOpenAuth.AspNet/IAuthenticationClient.cs
@@ -22,22 +22,19 @@ namespace DotNetOpenAuth.AspNet {
 		/// <summary>
 		/// Attempts to authenticate users by forwarding them to an external website, and upon succcess or failure, redirect users back to the specified url.
 		/// </summary>
-		/// <param name="context">
-		/// The context of the current request. 
-		/// </param>
-		/// <param name="returnUrl">
-		/// The return url after users have completed authenticating against external website. 
-		/// </param>
+		/// <param name="context">The context of the current request.</param>
+		/// <param name="returnUrl">The return url after users have completed authenticating against external website.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>A task that completes with the async operation.</returns>
 		Task RequestAuthenticationAsync(HttpContextBase context, Uri returnUrl, CancellationToken cancellationToken = default(CancellationToken));
 
 		/// <summary>
 		/// Check if authentication succeeded after user is redirected back from the service provider.
 		/// </summary>
-		/// <param name="context">
-		/// The context of the current request. 
-		/// </param>
+		/// <param name="context">The context of the current request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
-		/// An instance of <see cref="AuthenticationResult"/> containing authentication result. 
+		/// An instance of <see cref="AuthenticationResult" /> containing authentication result.
 		/// </returns>
 		Task<AuthenticationResult> VerifyAuthenticationAsync(HttpContextBase context, CancellationToken cancellationToken = default(CancellationToken));
 	}
diff --git a/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationCollection.cs b/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationCollection.cs
index 0eab939..fa146a2 100644
--- a/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationCollection.cs
+++ b/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationCollection.cs
@@ -41,7 +41,10 @@ namespace DotNetOpenAuth.Configuration {
 		/// Creates instances of all the types listed in the collection.
 		/// </summary>
 		/// <param name="allowInternals">if set to <c>true</c> then internal types may be instantiated.</param>
-		/// <returns>A sequence of instances generated from types in this collection.  May be empty, but never null.</returns>
+		/// <param name="hostFactories">The host factories.</param>
+		/// <returns>
+		/// A sequence of instances generated from types in this collection.  May be empty, but never null.
+		/// </returns>
 		internal IEnumerable<T> CreateInstances(bool allowInternals, IHostFactories hostFactories) {
 			return from element in this.Cast<TypeConfigurationElement<T>>()
 			       where !element.IsEmpty
diff --git a/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs b/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs
index 8b3efe0..bcf199f 100644
--- a/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs
+++ b/src/DotNetOpenAuth.Core/Configuration/TypeConfigurationElement.cs
@@ -75,7 +75,10 @@ namespace DotNetOpenAuth.Configuration {
 		/// Creates an instance of the type described in the .config file.
 		/// </summary>
 		/// <param name="defaultValue">The value to return if no type is given in the .config file.</param>
-		/// <returns>The newly instantiated type.</returns>
+		/// <param name="hostFactories">The host factories.</param>
+		/// <returns>
+		/// The newly instantiated type.
+		/// </returns>
 		public T CreateInstance(T defaultValue, IHostFactories hostFactories) {
 			return this.CreateInstance(defaultValue, false, hostFactories);
 		}
diff --git a/src/DotNetOpenAuth.Core/IRequireHostFactories.cs b/src/DotNetOpenAuth.Core/IRequireHostFactories.cs
index b2d7af8..60fa970 100644
--- a/src/DotNetOpenAuth.Core/IRequireHostFactories.cs
+++ b/src/DotNetOpenAuth.Core/IRequireHostFactories.cs
@@ -5,7 +5,16 @@
 //-----------------------------------------------------------------------
 
 namespace DotNetOpenAuth {
+	/// <summary>
+	/// An interface implemented by DotNetOpenAuth extensions that need to create host-specific instances of specific interfaces.
+	/// </summary>
 	public interface IRequireHostFactories {
+		/// <summary>
+		/// Gets or sets the host factories used by this instance.
+		/// </summary>
+		/// <value>
+		/// The host factories.
+		/// </value>
 		IHostFactories HostFactories { get; set; }
 	}
 }
diff --git a/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardExpirationBindingElement.cs b/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardExpirationBindingElement.cs
index 3cb4500..c706e42 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardExpirationBindingElement.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardExpirationBindingElement.cs
@@ -56,10 +56,15 @@ namespace DotNetOpenAuth.Messaging.Bindings {
 		/// Sets the timestamp on an outgoing message.
 		/// </summary>
 		/// <param name="message">The outgoing message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
 		/// </returns>
+		/// <remarks>
+		/// Implementations that provide message protection must honor the
+		/// <see cref="MessagePartAttribute.RequiredProtection" /> properties where applicable.
+		/// </remarks>
 		public Task<MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) {
 			IExpiringProtocolMessage expiringMessage = message as IExpiringProtocolMessage;
 			if (expiringMessage != null) {
@@ -74,6 +79,7 @@ namespace DotNetOpenAuth.Messaging.Bindings {
 		/// Reads the timestamp on a message and throws an exception if the message is too old.
 		/// </summary>
 		/// <param name="message">The incoming message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardReplayProtectionBindingElement.cs b/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardReplayProtectionBindingElement.cs
index 2502742..6c062d6 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardReplayProtectionBindingElement.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Bindings/StandardReplayProtectionBindingElement.cs
@@ -101,6 +101,7 @@ namespace DotNetOpenAuth.Messaging.Bindings {
 		/// Applies a nonce to the message.
 		/// </summary>
 		/// <param name="message">The message to apply replay protection to.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -119,11 +120,16 @@ namespace DotNetOpenAuth.Messaging.Bindings {
 		/// Verifies that the nonce in an incoming message has not been seen before.
 		/// </summary>
 		/// <param name="message">The incoming message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
 		/// </returns>
 		/// <exception cref="ReplayedMessageException">Thrown when the nonce check revealed a replayed message.</exception>
+		/// <remarks>
+		/// Implementations that provide message protection must honor the
+		/// <see cref="MessagePartAttribute.RequiredProtection" /> properties where applicable.
+		/// </remarks>
 		public Task<MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) {
 			IReplayProtectedProtocolMessage nonceMessage = message as IReplayProtectedProtocolMessage;
 			if (nonceMessage != null && nonceMessage.Nonce != null) {
diff --git a/src/DotNetOpenAuth.Core/Messaging/Channel.cs b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
index 5420e5f..0dc31b8 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Channel.cs
@@ -279,6 +279,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// or direct message response for transmission to a remote party.
 		/// </summary>
 		/// <param name="message">The one-way message to send</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The pending user agent redirect based message to be sent as an HttpResponse.</returns>
 		public async Task<HttpResponseMessage> PrepareResponseAsync(IProtocolMessage message, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(message, "message");
@@ -342,10 +343,12 @@ namespace DotNetOpenAuth.Messaging {
 		/// Gets the protocol message embedded in the given HTTP request, if present.
 		/// </summary>
 		/// <typeparam name="TRequest">The expected type of the message to be received.</typeparam>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="httpRequest">The request to search for an embedded message.</param>
-		/// <param name="request">The deserialized message, if one is found.  Null otherwise.</param>
-		/// <returns>True if the expected message was recognized and deserialized.  False otherwise.</returns>
-		/// <exception cref="InvalidOperationException">Thrown when <see cref="HttpContext.Current"/> is null.</exception>
+		/// <returns>
+		/// True if the expected message was recognized and deserialized.  False otherwise.
+		/// </returns>
+		/// <exception cref="InvalidOperationException">Thrown when <see cref="HttpContext.Current" /> is null.</exception>
 		/// <exception cref="ProtocolException">Thrown when a request message of an unexpected type is received.</exception>
 		public async Task<TRequest> TryReadFromRequestAsync<TRequest>(CancellationToken cancellationToken, HttpRequestBase httpRequest = null)
 			where TRequest : class, IProtocolMessage {
@@ -365,8 +368,11 @@ namespace DotNetOpenAuth.Messaging {
 		/// Gets the protocol message embedded in the given HTTP request.
 		/// </summary>
 		/// <typeparam name="TRequest">The expected type of the message to be received.</typeparam>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="httpRequest">The request to search for an embedded message.</param>
-		/// <returns>The deserialized message.  Never null.</returns>
+		/// <returns>
+		/// The deserialized message.  Never null.
+		/// </returns>
 		/// <exception cref="ProtocolException">Thrown if the expected message was not recognized in the response.</exception>
 		[SuppressMessage("Microsoft.Design", "CA1004:GenericMethodsShouldProvideTypeParameter", Justification = "This returns and verifies the appropriate message type.")]
 		public async Task<TRequest> ReadFromRequestAsync<TRequest>(CancellationToken cancellationToken, HttpRequestBase httpRequest = null)
@@ -469,6 +475,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// Verifies the integrity and applicability of an incoming message.
 		/// </summary>
 		/// <param name="message">The message just received.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <exception cref="ProtocolException">
 		/// Thrown when the message is somehow invalid.
 		/// This can be due to tampering, replay attack or expiration, among other things.
@@ -646,6 +653,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// Submits a direct request message to some remote party and blocks waiting for an immediately reply.
 		/// </summary>
 		/// <param name="request">The request message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The response message, or null if the response did not carry a message.</returns>
 		/// <remarks>
 		/// Typically a deriving channel will override <see cref="CreateHttpRequest"/> to customize this method's
@@ -719,6 +727,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// Gets the protocol message that may be embedded in the given HTTP request.
 		/// </summary>
 		/// <param name="request">The request to search for an embedded message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The deserialized message, if one is found.  Null otherwise.</returns>
 		protected virtual IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
@@ -1124,6 +1133,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// Verifies the integrity and applicability of an incoming message.
 		/// </summary>
 		/// <param name="message">The message just received.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <exception cref="ProtocolException">
 		/// Thrown when the message is somehow invalid.
 		/// This can be due to tampering, replay attack or expiration, among other things.
diff --git a/src/DotNetOpenAuth.Core/Messaging/IChannelBindingElement.cs b/src/DotNetOpenAuth.Core/Messaging/IChannelBindingElement.cs
index dc026a4..fe2cf3d 100644
--- a/src/DotNetOpenAuth.Core/Messaging/IChannelBindingElement.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/IChannelBindingElement.cs
@@ -35,6 +35,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -50,6 +51,7 @@ namespace DotNetOpenAuth.Messaging {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.Core/Messaging/MultipartContentMember.cs b/src/DotNetOpenAuth.Core/Messaging/MultipartContentMember.cs
index 2aa33ae..cc9d806 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MultipartContentMember.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MultipartContentMember.cs
@@ -1,4 +1,10 @@
-namespace DotNetOpenAuth.Messaging {
+//-----------------------------------------------------------------------
+// <copyright file="MultipartContentMember.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Messaging {
 	using System;
 	using System.Collections.Generic;
 	using System.Linq;
diff --git a/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs b/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs
index e90ee44..413d0ad 100644
--- a/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs
@@ -27,14 +27,13 @@ namespace DotNetOpenAuth.Messaging {
 		private readonly ICollection<Version> versions;
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="StandardMessageFactoryChannel"/> class.
+		/// Initializes a new instance of the <see cref="StandardMessageFactoryChannel" /> class.
 		/// </summary>
 		/// <param name="messageTypes">The message types that might be encountered.</param>
 		/// <param name="versions">All the possible message versions that might be encountered.</param>
-		/// <param name="bindingElements">
-		/// The binding elements to use in sending and receiving messages.
-		/// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
-		/// </param>
+		/// <param name="hostFactories">The host factories.</param>
+		/// <param name="bindingElements">The binding elements to use in sending and receiving messages.
+		/// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.</param>
 		protected StandardMessageFactoryChannel(ICollection<Type> messageTypes, ICollection<Version> versions, IHostFactories hostFactories, IChannelBindingElement[] bindingElements = null)
 			: base(new StandardMessageFactory(), bindingElements ?? new IChannelBindingElement[0], hostFactories) {
 			Requires.NotNull(messageTypes, "messageTypes");
diff --git a/src/DotNetOpenAuth.Core/Reporting.cs b/src/DotNetOpenAuth.Core/Reporting.cs
index e291851..20aeddc 100644
--- a/src/DotNetOpenAuth.Core/Reporting.cs
+++ b/src/DotNetOpenAuth.Core/Reporting.cs
@@ -328,7 +328,7 @@ namespace DotNetOpenAuth {
 			lock (publishingConsiderationLock) {
 				if (DateTime.Now - lastPublished > Configuration.MinimumReportingInterval) {
 					lastPublished = DateTime.Now;
-					SendStatsAsync();
+					var fireAndForget = SendStatsAsync();
 				}
 			}
 		}
diff --git a/src/DotNetOpenAuth.Core/Util.cs b/src/DotNetOpenAuth.Core/Util.cs
index a23b4d8..3463808 100644
--- a/src/DotNetOpenAuth.Core/Util.cs
+++ b/src/DotNetOpenAuth.Core/Util.cs
@@ -29,11 +29,6 @@ namespace DotNetOpenAuth {
 		/// </summary>
 		internal const string DefaultNamespace = "DotNetOpenAuth";
 
-		/// <summary>
-		/// The web.config file-specified provider of web resource URLs.
-		/// </summary>
-		private static IEmbeddedResourceRetrieval embeddedResourceRetrieval = MessagingElement.Configuration.EmbeddedResourceRetrievalProvider.CreateInstance(null, false, null);
-
 		private static readonly Lazy<string> libraryVersionLazy = new Lazy<string>(delegate {
 			var assembly = Assembly.GetExecutingAssembly();
 			string assemblyFullName = assembly.FullName;
@@ -44,6 +39,11 @@ namespace DotNetOpenAuth {
 			return string.Format(CultureInfo.InvariantCulture, "{0} ({1})", assemblyFullName, official ? "official" : "private");
 		});
 
+		/// <summary>
+		/// The web.config file-specified provider of web resource URLs.
+		/// </summary>
+		private static IEmbeddedResourceRetrieval embeddedResourceRetrieval = MessagingElement.Configuration.EmbeddedResourceRetrievalProvider.CreateInstance(null, false, null);
+
 		private static readonly Lazy<ProductInfoHeaderValue> libraryVersionHeaderLazy = new Lazy<ProductInfoHeaderValue>(delegate {
 			var assemblyName = Assembly.GetExecutingAssembly().GetName();
 			return new ProductInfoHeaderValue(assemblyName.Name, AssemblyFileVersion);
diff --git a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ChannelElements/OAuthConsumerChannel.cs b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ChannelElements/OAuthConsumerChannel.cs
index 3ed05f8..a10ff09 100644
--- a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ChannelElements/OAuthConsumerChannel.cs
+++ b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ChannelElements/OAuthConsumerChannel.cs
@@ -19,13 +19,14 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 	/// </summary>
 	internal class OAuthConsumerChannel : OAuthChannel {
 		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuthConsumerChannel"/> class.
+		/// Initializes a new instance of the <see cref="OAuthConsumerChannel" /> class.
 		/// </summary>
 		/// <param name="signingBindingElement">The binding element to use for signing.</param>
 		/// <param name="store">The web application store to use for nonces.</param>
 		/// <param name="tokenManager">The token manager instance to use.</param>
 		/// <param name="securitySettings">The security settings.</param>
 		/// <param name="messageFactory">The message factory.</param>
+		/// <param name="hostFactories">The host factories.</param>
 		[SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "System.Diagnostics.Contracts.__ContractsRuntime.Requires<System.ArgumentNullException>(System.Boolean,System.String,System.String)", Justification = "Code contracts"), SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "securitySettings", Justification = "Code contracts")]
 		internal OAuthConsumerChannel(ITamperProtectionChannelBindingElement signingBindingElement, INonceStore store, IConsumerTokenManager tokenManager, ConsumerSecuritySettings securitySettings, IMessageFactory messageFactory = null, IHostFactories hostFactories = null)
 			: base(
diff --git a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ConsumerBase.cs b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ConsumerBase.cs
index b59b438..afb4c95 100644
--- a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ConsumerBase.cs
+++ b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/ConsumerBase.cs
@@ -90,6 +90,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// Obtains an access token for a new account at the Service Provider via 2-legged OAuth.
 		/// </summary>
 		/// <param name="requestParameters">Any applicable parameters to include in the query string of the token request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The access token.</returns>
 		/// <remarks>
 		/// The token secret is stored in the <see cref="TokenManager"/>.
@@ -120,6 +121,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// </summary>
 		/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
 		/// <param name="accessToken">The access token that permits access to the protected resource.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The initialized WebRequest object.</returns>
 		public Task<HttpRequestMessage> PrepareAuthorizedRequestAsync(MessageReceivingEndpoint endpoint, string accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(endpoint, "endpoint");
@@ -135,6 +137,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
 		/// <param name="accessToken">The access token that permits access to the protected resource.</param>
 		/// <param name="extraData">Extra parameters to include in the message.  Must not be null, but may be empty.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The initialized WebRequest object.</returns>
 		public Task<HttpRequestMessage> PrepareAuthorizedRequestAsync(MessageReceivingEndpoint endpoint, string accessToken, IDictionary<string, string> extraData, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(endpoint, "endpoint");
@@ -155,6 +158,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
 		/// <param name="accessToken">The access token that permits access to the protected resource.</param>
 		/// <param name="binaryData">Extra parameters to include in the message.  Must not be null, but may be empty.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The initialized WebRequest object.</returns>
 		public Task<HttpRequestMessage> PrepareAuthorizedRequestAsync(MessageReceivingEndpoint endpoint, string accessToken, IEnumerable<MultipartContentMember> binaryData, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(endpoint, "endpoint");
@@ -171,6 +175,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// Prepares an HTTP request that has OAuth authorization already attached to it.
 		/// </summary>
 		/// <param name="message">The OAuth authorization message to attach to the HTTP request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The HttpWebRequest that can be used to send the HTTP request to the remote service provider.
 		/// </returns>
@@ -230,6 +235,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// <param name="requestParameters">Extra parameters to add to the request token message.  Optional.</param>
 		/// <param name="redirectParameters">Extra parameters to add to the redirect to Service Provider message.  Optional.</param>
 		/// <param name="requestToken">The request token that must be exchanged for an access token after the user has provided authorization.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The pending user agent redirect based message to be sent as an HttpResponse.</returns>
 		[SuppressMessage("Microsoft.Design", "CA1021:AvoidOutParameters", MessageId = "3#", Justification = "Two results")]
 		protected internal async Task<UserAuthorizationRequest> PrepareRequestUserAuthorizationAsync(Uri callback, IDictionary<string, string> requestParameters, IDictionary<string, string> redirectParameters, CancellationToken cancellationToken = default(CancellationToken)) {
@@ -265,6 +271,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// </summary>
 		/// <param name="requestToken">The request token that the user has authorized.</param>
 		/// <param name="verifier">The verifier code.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The access token assigned by the Service Provider.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/DesktopConsumer.cs b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/DesktopConsumer.cs
index cd16c7e..a1bfd2d 100644
--- a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/DesktopConsumer.cs
+++ b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/DesktopConsumer.cs
@@ -37,8 +37,10 @@ namespace DotNetOpenAuth.OAuth {
 		/// </summary>
 		/// <param name="requestParameters">Extra parameters to add to the request token message.  Optional.</param>
 		/// <param name="redirectParameters">Extra parameters to add to the redirect to Service Provider message.  Optional.</param>
-		/// <param name="requestToken">The request token that must be exchanged for an access token after the user has provided authorization.</param>
-		/// <returns>The URL to open a browser window to allow the user to provide authorization and the request token.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The URL to open a browser window to allow the user to provide authorization and the request token.
+		/// </returns>
 		[SuppressMessage("Microsoft.Design", "CA1021:AvoidOutParameters", MessageId = "2#", Justification = "Two results")]
 		public async Task<Tuple<Uri, string>> RequestUserAuthorizationAsync(IDictionary<string, string> requestParameters, IDictionary<string, string> redirectParameters, CancellationToken cancellationToken = default(CancellationToken)) {
 			var message = await this.PrepareRequestUserAuthorizationAsync(null, requestParameters, redirectParameters, cancellationToken);
@@ -50,6 +52,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// Exchanges a given request token for access token.
 		/// </summary>
 		/// <param name="requestToken">The request token that the user has authorized.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The access token assigned by the Service Provider.</returns>
 		[Obsolete("Use the ProcessUserAuthorization method that takes a verifier parameter instead.")]
 		public Task<AuthorizedTokenResponse> ProcessUserAuthorizationAsync(string requestToken, CancellationToken cancellationToken = default(CancellationToken)) {
@@ -61,6 +64,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// </summary>
 		/// <param name="requestToken">The request token that the user has authorized.</param>
 		/// <param name="verifier">The verifier code typed in by the user.  Must not be <c>Null</c> for OAuth 1.0a service providers and later.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The access token assigned by the Service Provider.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/WebConsumer.cs b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/WebConsumer.cs
index b395b5a..75a1217 100644
--- a/src/DotNetOpenAuth.OAuth.Consumer/OAuth/WebConsumer.cs
+++ b/src/DotNetOpenAuth.OAuth.Consumer/OAuth/WebConsumer.cs
@@ -37,6 +37,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// to provide that authorization.  Upon successful authorization, the user is redirected
 		/// back to the current page.
 		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The pending user agent redirect based message to be sent as an HttpResponse.</returns>
 		/// <remarks>
 		/// Requires HttpContext.Current.
@@ -56,6 +57,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// </param>
 		/// <param name="requestParameters">Extra parameters to add to the request token message.  Optional.</param>
 		/// <param name="redirectParameters">Extra parameters to add to the redirect to Service Provider message.  Optional.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The pending user agent redirect based message to be sent as an HttpResponse.</returns>
 		public Task<UserAuthorizationRequest> PrepareRequestUserAuthorizationAsync(Uri callback, IDictionary<string, string> requestParameters, IDictionary<string, string> redirectParameters, CancellationToken cancellationToken = default(CancellationToken)) {
 			return base.PrepareRequestUserAuthorizationAsync(callback, requestParameters, redirectParameters, cancellationToken);
@@ -65,7 +67,10 @@ namespace DotNetOpenAuth.OAuth {
 		/// Processes an incoming authorization-granted message from an SP and obtains an access token.
 		/// </summary>
 		/// <param name="request">The incoming HTTP request.</param>
-		/// <returns>The access token, or null if no incoming authorization message was recognized.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The access token, or null if no incoming authorization message was recognized.
+		/// </returns>
 		public async Task<AuthorizedTokenResponse> ProcessUserAuthorizationAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			request = request ?? this.Channel.GetRequestFromContext();
 
diff --git a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/OAuthServiceProviderChannel.cs b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/OAuthServiceProviderChannel.cs
index bc12739..cb9a91b 100644
--- a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/OAuthServiceProviderChannel.cs
+++ b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/OAuthServiceProviderChannel.cs
@@ -19,13 +19,14 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 	/// </summary>
 	internal class OAuthServiceProviderChannel : OAuthChannel {
 		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuthServiceProviderChannel"/> class.
+		/// Initializes a new instance of the <see cref="OAuthServiceProviderChannel" /> class.
 		/// </summary>
 		/// <param name="signingBindingElement">The binding element to use for signing.</param>
 		/// <param name="store">The web application store to use for nonces.</param>
 		/// <param name="tokenManager">The token manager instance to use.</param>
 		/// <param name="securitySettings">The security settings.</param>
 		/// <param name="messageTypeProvider">The message type provider.</param>
+		/// <param name="hostFactories">The host factories.</param>
 		[SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "System.Diagnostics.Contracts.__ContractsRuntime.Requires<System.ArgumentNullException>(System.Boolean,System.String,System.String)", Justification = "Code contracts"), SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "securitySettings", Justification = "Code contracts")]
 		internal OAuthServiceProviderChannel(ITamperProtectionChannelBindingElement signingBindingElement, INonceStore store, IServiceProviderTokenManager tokenManager, ServiceProviderSecuritySettings securitySettings, IMessageFactory messageTypeProvider = null, IHostFactories hostFactories = null)
 			: base(
diff --git a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/TokenHandlingBindingElement.cs b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/TokenHandlingBindingElement.cs
index e8dcad6..008b932 100644
--- a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/TokenHandlingBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/TokenHandlingBindingElement.cs
@@ -70,6 +70,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -111,6 +112,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs
index 2a155e5..71621e1 100644
--- a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs
+++ b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs
@@ -105,31 +105,6 @@ namespace DotNetOpenAuth.OAuth {
 		}
 
 		/// <summary>
-		/// Gets the standard state storage mechanism that uses ASP.NET's
-		/// HttpApplication state dictionary to store associations and nonces.
-		/// </summary>
-		public static INonceStore GetHttpApplicationStore(HttpContextBase context = null) {
-			if (context == null) {
-				ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(INonceStore).Name);
-				context = new HttpContextWrapper(HttpContext.Current);
-			}
-
-			var store = (INonceStore)context.Application[ApplicationStoreKey];
-			if (store == null) {
-				context.Application.Lock();
-				try {
-					if ((store = (INonceStore)context.Application[ApplicationStoreKey]) == null) {
-						context.Application[ApplicationStoreKey] = store = new NonceMemoryStore(StandardExpirationBindingElement.MaximumMessageAge);
-					}
-				} finally {
-					context.Application.UnLock();
-				}
-			}
-
-			return store;
-		}
-
-		/// <summary>
 		/// Gets the description of this Service Provider.
 		/// </summary>
 		public ServiceProviderDescription ServiceDescription { get; private set; }
@@ -173,6 +148,31 @@ namespace DotNetOpenAuth.OAuth {
 		}
 
 		/// <summary>
+		/// Gets the standard state storage mechanism that uses ASP.NET's
+		/// HttpApplication state dictionary to store associations and nonces.
+		/// </summary>
+		public static INonceStore GetHttpApplicationStore(HttpContextBase context = null) {
+			if (context == null) {
+				ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(INonceStore).Name);
+				context = new HttpContextWrapper(HttpContext.Current);
+			}
+
+			var store = (INonceStore)context.Application[ApplicationStoreKey];
+			if (store == null) {
+				context.Application.Lock();
+				try {
+					if ((store = (INonceStore)context.Application[ApplicationStoreKey]) == null) {
+						context.Application[ApplicationStoreKey] = store = new NonceMemoryStore(StandardExpirationBindingElement.MaximumMessageAge);
+					}
+				} finally {
+					context.Application.UnLock();
+				}
+			}
+
+			return store;
+		}
+
+		/// <summary>
 		/// Creates a cryptographically strong random verification code.
 		/// </summary>
 		/// <param name="format">The desired format of the verification code.</param>
@@ -215,7 +215,10 @@ namespace DotNetOpenAuth.OAuth {
 		/// Reads a request for an unauthorized token from the incoming HTTP request.
 		/// </summary>
 		/// <param name="request">The HTTP request to read from.</param>
-		/// <returns>The incoming request, or null if no OAuth message was attached.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The incoming request, or null if no OAuth message was attached.
+		/// </returns>
 		/// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
 		public async Task<UnauthorizedTokenRequest> ReadTokenRequestAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			var message = await this.Channel.TryReadFromRequestAsync<UnauthorizedTokenRequest>(cancellationToken, request);
@@ -247,9 +250,12 @@ namespace DotNetOpenAuth.OAuth {
 		/// the user to authorize the Consumer's access of some protected resource(s).
 		/// </summary>
 		/// <param name="request">The HTTP request to read from.</param>
-		/// <returns>The incoming request, or null if no OAuth message was attached.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The incoming request, or null if no OAuth message was attached.
+		/// </returns>
 		/// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
-		public Task<UserAuthorizationRequest> ReadAuthorizationRequestAsync(HttpRequestBase request, CancellationToken cancellationToken = default (CancellationToken)) {
+		public Task<UserAuthorizationRequest> ReadAuthorizationRequestAsync(HttpRequestBase request, CancellationToken cancellationToken = default(CancellationToken)) {
 			return this.Channel.TryReadFromRequestAsync<UserAuthorizationRequest>(cancellationToken, request);
 		}
 
@@ -319,7 +325,10 @@ namespace DotNetOpenAuth.OAuth {
 		/// Reads in a Consumer's request to exchange an authorized request token for an access token.
 		/// </summary>
 		/// <param name="request">The HTTP request to read from.</param>
-		/// <returns>The incoming request, or null if no OAuth message was attached.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The incoming request, or null if no OAuth message was attached.
+		/// </returns>
 		/// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
 		public Task<AuthorizedTokenRequest> ReadAccessTokenRequestAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			return this.Channel.TryReadFromRequestAsync<AuthorizedTokenRequest>(cancellationToken, request);
@@ -351,6 +360,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// </summary>
 		/// <param name="request">HTTP details from an incoming WCF message.</param>
 		/// <param name="requestUri">The URI of the WCF service endpoint.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The authorization message sent by the Consumer, or null if no authorization message is attached.</returns>
 		/// <remarks>
 		/// This method verifies that the access token and token secret are valid.
@@ -366,6 +376,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// Gets the authorization (access token) for accessing some protected resource.
 		/// </summary>
 		/// <param name="request">The incoming HTTP request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The authorization message sent by the Consumer, or null if no authorization message is attached.</returns>
 		/// <remarks>
 		/// This method verifies that the access token and token secret are valid.
diff --git a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthChannel.cs b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthChannel.cs
index 622d597..708c9c9 100644
--- a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthChannel.cs
+++ b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthChannel.cs
@@ -33,7 +33,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 	/// </summary>
 	internal abstract class OAuthChannel : Channel {
 		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuthChannel"/> class.
+		/// Initializes a new instance of the <see cref="OAuthChannel" /> class.
 		/// </summary>
 		/// <param name="signingBindingElement">The binding element to use for signing.</param>
 		/// <param name="tokenManager">The ITokenManager instance to use.</param>
@@ -42,6 +42,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Except for mock testing, this should always be one of
 		/// OAuthConsumerMessageFactory or OAuthServiceProviderMessageFactory.</param>
 		/// <param name="bindingElements">The binding elements.</param>
+		/// <param name="hostFactories">The host factories.</param>
 		[SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "System.Diagnostics.Contracts.__ContractsRuntime.Requires<System.ArgumentNullException>(System.Boolean,System.String,System.String)", Justification = "Code contracts"), SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "securitySettings", Justification = "Code contracts")]
 		protected OAuthChannel(ITamperProtectionChannelBindingElement signingBindingElement, ITokenManager tokenManager, SecuritySettings securitySettings, IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories = null)
 			: base(messageTypeProvider, bindingElements, hostFactories ?? new DefaultOAuthHostFactories()) {
@@ -82,6 +83,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// expect an OAuth message response to.
 		/// </summary>
 		/// <param name="request">The message to attach.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The initialized web request.</returns>
 		internal async Task<HttpRequestMessage> InitializeRequestAsync(IDirectedProtocolMessage request, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
@@ -114,6 +116,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// a protocol request message.
 		/// </summary>
 		/// <param name="request">The HTTP request to search.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The deserialized message, if one is found.  Null otherwise.</returns>
 		protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request, CancellationToken cancellationToken) {
 			// First search the Authorization header.
diff --git a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs
index 75de10b..67192ee 100644
--- a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/OAuthHttpMethodBindingElement.cs
@@ -35,6 +35,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// True if the <paramref name="message"/> applied to this binding element
 		/// and the operation was successful.  False otherwise.
@@ -61,6 +62,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// True if the <paramref name="message"/> applied to this binding element
 		/// and the operation was successful.  False if the operation did not apply to this message.
diff --git a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
index 4316333..2db5027 100644
--- a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
+++ b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementBase.cs
@@ -81,6 +81,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Signs the outgoing message.
 		/// </summary>
 		/// <param name="message">The message to sign.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -107,6 +108,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Verifies the signature on an incoming message.
 		/// </summary>
 		/// <param name="message">The message whose signature should be verified.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementChain.cs b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementChain.cs
index 0b38a26..c37d239 100644
--- a/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementChain.cs
+++ b/src/DotNetOpenAuth.OAuth/OAuth/ChannelElements/SigningBindingElementChain.cs
@@ -88,6 +88,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -109,6 +110,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs
index edc821f..5b287cc 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs
@@ -86,10 +86,13 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// the user to authorize the Client's access of some protected resource(s).
 		/// </summary>
 		/// <param name="request">The HTTP request to read from.</param>
-		/// <returns>The incoming request, or null if no OAuth message was attached.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The incoming request, or null if no OAuth message was attached.
+		/// </returns>
 		/// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
 		[SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "unauthorizedclient", Justification = "Protocol required.")]
-		public async Task<EndUserAuthorizationRequest> ReadAuthorizationRequestAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default (CancellationToken)) {
+		public async Task<EndUserAuthorizationRequest> ReadAuthorizationRequestAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			if (request == null) {
 				request = this.Channel.GetRequestFromContext();
 			}
@@ -119,7 +122,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Handles an incoming request to the authorization server's token endpoint.
 		/// </summary>
 		/// <param name="request">The HTTP request.</param>
-		/// <returns>The HTTP response to send to the client.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The HTTP response to send to the client.
+		/// </returns>
 		public async Task<HttpResponseMessage> HandleTokenRequestAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			if (request == null) {
 				request = this.Channel.GetRequestFromContext();
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs
index d824663..001183a 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs
@@ -58,13 +58,14 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken"></param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
 		/// </returns>
 		/// <remarks>
 		/// Implementations that provide message protection must honor the
-		/// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable.
+		/// <see cref="MessagePartAttribute.RequiredProtection" /> properties where applicable.
 		/// </remarks>
 		public abstract Task<MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken);
 
@@ -73,6 +74,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
index ac2977b..6e78955 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs
@@ -54,6 +54,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -78,17 +79,17 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
 		/// </returns>
-		/// <exception cref="ProtocolException">
-		/// Thrown when the binding element rules indicate that this message is invalid and should
-		/// NOT be processed.
-		/// </exception>
+		/// <exception cref="TokenEndpointProtocolException"></exception>
+		/// <exception cref="ProtocolException">Thrown when the binding element rules indicate that this message is invalid and should
+		/// NOT be processed.</exception>
 		/// <remarks>
 		/// Implementations that provide message protection must honor the
-		/// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable.
+		/// <see cref="MessagePartAttribute.RequiredProtection" /> properties where applicable.
 		/// </remarks>
 		public override async Task<MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) {
 			bool applied = false;
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs
index e8d609e..2a7f414 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs
@@ -92,6 +92,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// Gets the protocol message that may be embedded in the given HTTP request.
 		/// </summary>
 		/// <param name="request">The request to search for an embedded message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The deserialized message, if one is found.  Null otherwise.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs
index f24fa7f..756ef4f 100644
--- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs
+++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs
@@ -39,6 +39,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -84,6 +85,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs
index fc1731d..676b248 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ChannelElements/OAuth2ClientChannel.cs
@@ -108,6 +108,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// Gets the protocol message that may be embedded in the given HTTP request.
 		/// </summary>
 		/// <param name="request">The request to search for an embedded message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The deserialized message, if one is found.  Null otherwise.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs
index 05bcb57..bf56586 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/ClientBase.cs
@@ -117,6 +117,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="request">The request for protected resources from the service provider.</param>
 		/// <param name="authorization">The authorization for this request previously obtained via OAuth.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		public Task AuthorizeRequestAsync(HttpWebRequest request, IAuthorizationState authorization, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
 			Requires.NotNull(authorization, "authorization");
@@ -130,6 +131,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="requestHeaders">The headers on the request for protected resources from the service provider.</param>
 		/// <param name="authorization">The authorization for this request previously obtained via OAuth.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		public async Task AuthorizeRequestAsync(WebHeaderCollection requestHeaders, IAuthorizationState authorization, CancellationToken cancellationToken) {
 			Requires.NotNull(requestHeaders, "requestHeaders");
 			Requires.NotNull(authorization, "authorization");
@@ -175,6 +177,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="authorization">The authorization to update.</param>
 		/// <param name="skipIfUsefulLifeExceeds">If given, the access token will <em>not</em> be refreshed if its remaining lifetime exceeds this value.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>A value indicating whether the access token was actually renewed; <c>true</c> if it was renewed, or <c>false</c> if it still had useful life remaining.</returns>
 		/// <remarks>
 		/// This method may modify the value of the <see cref="IAuthorizationState.RefreshToken"/> property on
@@ -212,6 +215,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="refreshToken">The refresh token.</param>
 		/// <param name="scope">The scope subset desired in the access token.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>A description of the obtained access token, and possibly a new refresh token.</returns>
 		/// <remarks>
 		/// If the return value includes a new refresh token, the old refresh token should be discarded and
@@ -241,7 +245,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <param name="userName">The resource owner's username, as it is known by the authorization server.</param>
 		/// <param name="password">The resource owner's account password.</param>
 		/// <param name="scopes">The desired scope of access.</param>
-		/// <returns>The result, containing the tokens if successful.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The result, containing the tokens if successful.
+		/// </returns>
 		public Task<IAuthorizationState> ExchangeUserCredentialForTokenAsync(string userName, string password, IEnumerable<string> scopes = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNullOrEmpty(userName, "userName");
 			Requires.NotNull(password, "password");
@@ -258,7 +265,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Obtains an access token for accessing client-controlled resources on the resource server.
 		/// </summary>
 		/// <param name="scopes">The desired scopes.</param>
-		/// <returns>The result of the authorization request.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The result of the authorization request.
+		/// </returns>
 		public Task<IAuthorizationState> GetClientAccessTokenAsync(IEnumerable<string> scopes = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			var request = new AccessTokenClientCredentialsRequest(this.AuthorizationServer.TokenEndpoint, this.AuthorizationServer.Version);
 			return this.RequestAccessTokenAsync(request, scopes, cancellationToken);
@@ -323,6 +333,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="authorizationState">The authorization state to update.</param>
 		/// <param name="authorizationSuccess">The authorization success message obtained from the authorization server.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		internal async Task UpdateAuthorizationWithResponseAsync(IAuthorizationState authorizationState, EndUserAuthorizationSuccessAuthCodeResponse authorizationSuccess, CancellationToken cancellationToken) {
 			Requires.NotNull(authorizationState, "authorizationState");
 			Requires.NotNull(authorizationSuccess, "authorizationSuccess");
@@ -388,7 +399,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="request">The request message.</param>
 		/// <param name="scopes">The scopes requested by the client.</param>
-		/// <returns>The result of the request.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The result of the request.
+		/// </returns>
 		private async Task<IAuthorizationState> RequestAccessTokenAsync(ScopedAccessTokenRequest request, IEnumerable<string> scopes, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
 
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/UserAgentClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/UserAgentClient.cs
index e87ecaa..ffd896e 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/UserAgentClient.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/UserAgentClient.cs
@@ -78,6 +78,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <param name="scope">The scope of authorized access requested.</param>
 		/// <param name="state">The client state that should be returned with the authorization response.</param>
 		/// <param name="returnTo">The URL that the authorization response should be sent to via a user-agent redirect.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A fully-qualified URL suitable to initiate the authorization flow.
 		/// </returns>
@@ -94,11 +95,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// this client to access protected data at some resource server.
 		/// </summary>
 		/// <param name="authorization">The authorization state that is tracking this particular request.  Optional.</param>
-		/// <param name="implicitResponseType">
-		/// <c>true</c> to request an access token in the fragment of the response's URL;
-		/// <c>false</c> to authenticate to the authorization server and acquire the access token (and possibly a refresh token) via a private channel.
-		/// </param>
+		/// <param name="implicitResponseType"><c>true</c> to request an access token in the fragment of the response's URL;
+		/// <c>false</c> to authenticate to the authorization server and acquire the access token (and possibly a refresh token) via a private channel.</param>
 		/// <param name="state">The client state that should be returned with the authorization response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A fully-qualified URL suitable to initiate the authorization flow.
 		/// </returns>
@@ -116,7 +116,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="actualRedirectUrl">The actual URL of the incoming HTTP request.</param>
 		/// <param name="authorizationState">The authorization.</param>
-		/// <returns>The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.
+		/// </returns>
 		public async Task<IAuthorizationState> ProcessUserAuthorizationAsync(Uri actualRedirectUrl, IAuthorizationState authorizationState = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(actualRedirectUrl, "actualRedirectUrl");
 
@@ -138,6 +141,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="authorizationState">The authorization.</param>
 		/// <param name="response">The incoming authorization response message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The granted authorization, or <c>null</c> if the incoming HTTP request did not contain an authorization server response or authorization was rejected.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
index dd7aff8..0476521 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
@@ -64,7 +64,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="scopes">The scope of authorized access requested.</param>
 		/// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed.  If null, the current request's URL will be used.</param>
-		/// <returns>The authorization request.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The authorization request.
+		/// </returns>
 		public Task<HttpResponseMessage> PrepareRequestUserAuthorizationAsync(IEnumerable<string> scopes = null, Uri returnTo = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			var authorizationState = new AuthorizationState(scopes) {
 				Callback = returnTo,
@@ -76,7 +79,10 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Prepares a request for user authorization from an authorization server.
 		/// </summary>
 		/// <param name="authorization">The authorization state to associate with this particular request.</param>
-		/// <returns>The authorization request.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The authorization request.
+		/// </returns>
 		public async Task<HttpResponseMessage> PrepareRequestUserAuthorizationAsync(IAuthorizationState authorization, CancellationToken cancellationToken) {
 			Requires.NotNull(authorization, "authorization");
 			RequiresEx.ValidState(authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null), MessagingStrings.HttpContextRequired);
@@ -123,6 +129,7 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Processes the authorization response from an authorization server, if available.
 		/// </summary>
 		/// <param name="request">The incoming HTTP request that may carry an authorization response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The authorization state that contains the details of the authorization.</returns>
 		public async Task<IAuthorizationState> ProcessUserAuthorizationAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			RequiresEx.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier");
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs
index 43145dd..65de660 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs
@@ -25,13 +25,12 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		private static readonly Version[] Versions = Protocol.AllVersions.Select(v => v.Version).ToArray();
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuth2ChannelBase"/> class.
+		/// Initializes a new instance of the <see cref="OAuth2ChannelBase" /> class.
 		/// </summary>
 		/// <param name="messageTypes">The message types that are received by this channel.</param>
-		/// <param name="channelBindingElements">
-		/// The binding elements to use in sending and receiving messages.
-		/// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
-		/// </param>
+		/// <param name="channelBindingElements">The binding elements to use in sending and receiving messages.
+		/// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.</param>
+		/// <param name="hostFactories">The host factories.</param>
 		internal OAuth2ChannelBase(Type[] messageTypes, IChannelBindingElement[] channelBindingElements = null, IHostFactories hostFactories = null)
 			: base(Requires.NotNull(messageTypes, "messageTypes"), Versions, hostFactories ?? new OAuth.DefaultOAuthHostFactories(), channelBindingElements ?? new IChannelBindingElement[0]) {
 		}
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
index 97af431..363b8e0 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
@@ -39,8 +39,9 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		private static readonly Version[] Versions = Protocol.AllVersions.Select(v => v.Version).ToArray();
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuth2ResourceServerChannel"/> class.
+		/// Initializes a new instance of the <see cref="OAuth2ResourceServerChannel" /> class.
 		/// </summary>
+		/// <param name="hostFactories">The host factories.</param>
 		protected internal OAuth2ResourceServerChannel(IHostFactories hostFactories = null)
 			: base(MessageTypes, Versions, hostFactories ?? new OAuth.DefaultOAuthHostFactories()) {
 			// TODO: add signing (authenticated request) binding element.
@@ -50,6 +51,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 		/// Gets the protocol message that may be embedded in the given HTTP request.
 		/// </summary>
 		/// <param name="request">The request to search for an embedded message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The deserialized message, if one is found.  Null otherwise.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
index ffeff59..7bc7c91 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
@@ -80,14 +80,13 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Discovers what access the client should have considering the access token in the current request.
 		/// </summary>
 		/// <param name="httpRequestInfo">The HTTP request info.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
 		/// <returns>
 		/// The access token describing the authorization the client has.  Never <c>null</c>.
 		/// </returns>
-		/// <exception cref="ProtocolFaultResponseException">
-		/// Thrown when the client is not authorized.  This exception should be caught and the
-		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
-		/// </exception>
+		/// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized.  This exception should be caught and the
+		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
 		public virtual async Task<AccessToken> GetAccessTokenAsync(HttpRequestBase httpRequestInfo = null, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
 			Requires.NotNull(requiredScopes, "requiredScopes");
 			RequiresEx.ValidState(this.ScopeSatisfiedCheck != null, Strings.RequiredPropertyNotYetPreset);
@@ -134,14 +133,13 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Discovers what access the client should have considering the access token in the current request.
 		/// </summary>
 		/// <param name="request">The HTTP request message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
 		/// <returns>
 		/// The access token describing the authorization the client has.  Never <c>null</c>.
 		/// </returns>
-		/// <exception cref="ProtocolFaultResponseException">
-		/// Thrown when the client is not authorized.  This exception should be caught and the
-		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
-		/// </exception>
+		/// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized.  This exception should be caught and the
+		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
 		public virtual Task<AccessToken> GetAccessTokenAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
 			Requires.NotNull(request, "request");
 			return this.GetAccessTokenAsync(new HttpRequestInfo(request), cancellationToken, requiredScopes);
@@ -151,14 +149,13 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Discovers what access the client should have considering the access token in the current request.
 		/// </summary>
 		/// <param name="httpRequestInfo">The HTTP request info.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
 		/// <returns>
 		/// The principal that contains the user and roles that the access token is authorized for.  Never <c>null</c>.
 		/// </returns>
-		/// <exception cref="ProtocolFaultResponseException">
-		/// Thrown when the client is not authorized.  This exception should be caught and the
-		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
-		/// </exception>
+		/// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized.  This exception should be caught and the
+		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
 		public virtual async Task<IPrincipal> GetPrincipalAsync(HttpRequestBase httpRequestInfo = null, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
 			AccessToken accessToken = await this.GetAccessTokenAsync(httpRequestInfo, cancellationToken, requiredScopes);
 
@@ -181,14 +178,13 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// </summary>
 		/// <param name="request">HTTP details from an incoming WCF message.</param>
 		/// <param name="requestUri">The URI of the WCF service endpoint.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
 		/// <returns>
 		/// The principal that contains the user and roles that the access token is authorized for.  Never <c>null</c>.
 		/// </returns>
-		/// <exception cref="ProtocolFaultResponseException">
-		/// Thrown when the client is not authorized.  This exception should be caught and the
-		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
-		/// </exception>
+		/// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized.  This exception should be caught and the
+		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
 		public virtual Task<IPrincipal> GetPrincipalAsync(HttpRequestMessageProperty request, Uri requestUri, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
 			Requires.NotNull(request, "request");
 			Requires.NotNull(requestUri, "requestUri");
@@ -200,14 +196,13 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Discovers what access the client should have considering the access token in the current request.
 		/// </summary>
 		/// <param name="request">HTTP details from an incoming HTTP request message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
 		/// <returns>
 		/// The principal that contains the user and roles that the access token is authorized for.  Never <c>null</c>.
 		/// </returns>
-		/// <exception cref="ProtocolFaultResponseException">
-		/// Thrown when the client is not authorized.  This exception should be caught and the
-		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
-		/// </exception>
+		/// <exception cref="ProtocolFaultResponseException">Thrown when the client is not authorized.  This exception should be caught and the
+		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage" /> message should be returned to the client.</exception>
 		public Task<IPrincipal> GetPrincipalAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) {
 			Requires.NotNull(request, "request");
 			return this.GetPrincipalAsync(new HttpRequestInfo(request), cancellationToken, requiredScopes);
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs
index 520f41a..26d9133 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs
@@ -58,6 +58,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -160,6 +161,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// <param name="message">The message.</param>
 		/// <param name="signedMessage">The signed message.</param>
 		/// <param name="protectionsApplied">The protections applied.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The applied protections.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/AuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/AuthenticationRequest.cs
index a13cba1..80d8aeb 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/AuthenticationRequest.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/AuthenticationRequest.cs
@@ -176,17 +176,6 @@ namespace DotNetOpenAuth.OpenId.Provider {
 			get { return (CheckIdRequest)base.RequestMessage; }
 		}
 
-		/// <summary>
-		/// Gets the response message, once <see cref="IsResponseReady"/> is <c>true</c>.
-		/// </summary>
-		protected override async Task<IProtocolMessage> GetResponseMessageAsync(CancellationToken cancellationToken) {
-			if (this.IsAuthenticated.HasValue) {
-				return this.IsAuthenticated.Value ? (IProtocolMessage)this.positiveResponse : (await this.GetNegativeResponseAsync());
-			} else {
-				return null;
-			}
-		}
-
 		#region IAuthenticationRequest Methods
 
 		/// <summary>
@@ -211,6 +200,8 @@ namespace DotNetOpenAuth.OpenId.Provider {
 			this.positiveResponse.ClaimedIdentifier = builder.Uri;
 		}
 
+		#endregion
+
 		/// <summary>
 		/// Sets the Claimed and Local identifiers even after they have been initially set.
 		/// </summary>
@@ -222,6 +213,15 @@ namespace DotNetOpenAuth.OpenId.Provider {
 			this.positiveResponse.LocalIdentifier = identifier;
 		}
 
-		#endregion
+		/// <summary>
+		/// Gets the response message, once <see cref="IsResponseReady"/> is <c>true</c>.
+		/// </summary>
+		protected override async Task<IProtocolMessage> GetResponseMessageAsync(CancellationToken cancellationToken) {
+			if (this.IsAuthenticated.HasValue) {
+				return this.IsAuthenticated.Value ? (IProtocolMessage)this.positiveResponse : (await this.GetNegativeResponseAsync());
+			} else {
+				return null;
+			}
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/AXFetchAsSregTransform.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/AXFetchAsSregTransform.cs
index 721777f..17c9a1a 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/AXFetchAsSregTransform.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/AXFetchAsSregTransform.cs
@@ -53,13 +53,14 @@ namespace DotNetOpenAuth.OpenId.Provider.Behaviors {
 		/// Called when a request is received by the Provider.
 		/// </summary>
 		/// <param name="request">The incoming request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
-		/// 	<c>true</c> if this behavior owns this request and wants to stop other behaviors
+		///   <c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
 		/// </returns>
 		/// <remarks>
-		/// Implementations may set a new value to <see cref="IRequest.SecuritySettings"/> but
-		/// should not change the properties on the instance of <see cref="ProviderSecuritySettings"/>
+		/// Implementations may set a new value to <see cref="IRequest.SecuritySettings" /> but
+		/// should not change the properties on the instance of <see cref="ProviderSecuritySettings" />
 		/// itself as that instance may be shared across many requests.
 		/// </remarks>
 		Task<bool> IProviderBehavior.OnIncomingRequestAsync(IRequest request, CancellationToken cancellationToken) {
@@ -75,8 +76,9 @@ namespace DotNetOpenAuth.OpenId.Provider.Behaviors {
 		/// Called when the Provider is preparing to send a response to an authentication request.
 		/// </summary>
 		/// <param name="request">The request that is configured to generate the outgoing response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
-		/// 	<c>true</c> if this behavior owns this request and wants to stop other behaviors
+		///   <c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
 		/// </returns>
 		async Task<bool> IProviderBehavior.OnOutgoingResponseAsync(Provider.IAuthenticationRequest request, CancellationToken cancellationToken) {
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/GsaIcamProfile.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/GsaIcamProfile.cs
index ab0cf53..0aa4642 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/GsaIcamProfile.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/GsaIcamProfile.cs
@@ -71,6 +71,7 @@ namespace DotNetOpenAuth.OpenId.Provider.Behaviors {
 		/// Called when a request is received by the Provider.
 		/// </summary>
 		/// <param name="request">The incoming request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// 	<c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
@@ -105,6 +106,7 @@ namespace DotNetOpenAuth.OpenId.Provider.Behaviors {
 		/// Called when the Provider is preparing to send a response to an authentication request.
 		/// </summary>
 		/// <param name="request">The request that is configured to generate the outgoing response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// 	<c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/PpidGeneration.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/PpidGeneration.cs
index b6588a9..5acd4c9 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/PpidGeneration.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Behaviors/PpidGeneration.cs
@@ -54,6 +54,7 @@ namespace DotNetOpenAuth.OpenId.Provider.Behaviors {
 		/// Called when a request is received by the Provider.
 		/// </summary>
 		/// <param name="request">The incoming request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// 	<c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
@@ -71,6 +72,7 @@ namespace DotNetOpenAuth.OpenId.Provider.Behaviors {
 		/// Called when the Provider is preparing to send a response to an authentication request.
 		/// </summary>
 		/// <param name="request">The request that is configured to generate the outgoing response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// 	<c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/ExtensionsInteropHelper.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/ExtensionsInteropHelper.cs
index 26225b3..a275647 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/ExtensionsInteropHelper.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/ExtensionsInteropHelper.cs
@@ -76,6 +76,7 @@ namespace DotNetOpenAuth.OpenId.Provider.Extensions {
 		/// attribute request extension came in.
 		/// </summary>
 		/// <param name="request">The authentication request with the response extensions already added.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <remarks>
 		/// If the original attribute request came in as AX, the Simple Registration extension is converted
 		/// to an AX response and then the Simple Registration extension is removed from the response.
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/UI/UIRequestTools.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/UI/UIRequestTools.cs
index 09d0b21..c531ddd 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/UI/UIRequestTools.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Extensions/UI/UIRequestTools.cs
@@ -37,8 +37,8 @@ namespace DotNetOpenAuth.OpenId.Provider.Extensions.UI {
 		/// Gets the URL of the RP icon for the OP to display.
 		/// </summary>
 		/// <param name="realm">The realm of the RP where the authentication request originated.</param>
-		/// <param name="webRequestHandler">The web request handler to use for discovery.
-		/// Usually available via <see cref="Channel.WebRequestHandler">OpenIdProvider.Channel.WebRequestHandler</see>.</param>
+		/// <param name="hostFactories">The host factories.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of the RP's icons it has available for the Provider to display, in decreasing preferred order.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs
index 85d111e..07807d2 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/HostProcessedRequest.cs
@@ -101,6 +101,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// succeeded.
 		/// </summary>
 		/// <param name="hostFactories">The host factories.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// Result of realm discovery.
 		/// </returns>
@@ -123,6 +124,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// succeeded.
 		/// </summary>
 		/// <param name="hostFactories">The host factories.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// Result of realm discovery.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs
index 3b62482..0495299 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs
@@ -91,31 +91,6 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		}
 
 		/// <summary>
-		/// Gets the standard state storage mechanism that uses ASP.NET's
-		/// HttpApplication state dictionary to store associations and nonces.
-		/// </summary>
-		public static IOpenIdApplicationStore GetHttpApplicationStore(HttpContextBase context = null) {
-			if (context == null) {
-				ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IOpenIdApplicationStore).Name);
-				context = new HttpContextWrapper(HttpContext.Current);
-			}
-
-			var store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey];
-			if (store == null) {
-				context.Application.Lock();
-				try {
-					if ((store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey]) == null) {
-						context.Application[ApplicationStoreKey] = store = new StandardProviderApplicationStore();
-					}
-				} finally {
-					context.Application.UnLock();
-				}
-			}
-
-			return store;
-		}
-
-		/// <summary>
 		/// Gets the channel to use for sending/receiving messages.
 		/// </summary>
 		public Channel Channel { get; internal set; }
@@ -198,6 +173,31 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		}
 
 		/// <summary>
+		/// Gets the standard state storage mechanism that uses ASP.NET's
+		/// HttpApplication state dictionary to store associations and nonces.
+		/// </summary>
+		public static IOpenIdApplicationStore GetHttpApplicationStore(HttpContextBase context = null) {
+			if (context == null) {
+				ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IOpenIdApplicationStore).Name);
+				context = new HttpContextWrapper(HttpContext.Current);
+			}
+
+			var store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey];
+			if (store == null) {
+				context.Application.Lock();
+				try {
+					if ((store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey]) == null) {
+						context.Application[ApplicationStoreKey] = store = new StandardProviderApplicationStore();
+					}
+				} finally {
+					context.Application.UnLock();
+				}
+			}
+
+			return store;
+		}
+
+		/// <summary>
 		/// Gets the incoming OpenID request if there is one, or null if none was detected.
 		/// </summary>
 		/// <returns>The request that the hosting Provider should possibly process and then transmit the response for.</returns>
@@ -217,17 +217,18 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Gets the incoming OpenID request if there is one, or null if none was detected.
 		/// </summary>
 		/// <param name="httpRequestInfo">The incoming HTTP request to extract the message from.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The request that the hosting Provider should process and then transmit the response for.
 		/// Null if no valid OpenID request was detected in the given HTTP request.
 		/// </returns>
+		/// <exception cref="ProtocolException">Thrown if the incoming message is recognized
+		/// but deviates from the protocol specification irrecoverably.</exception>
 		/// <remarks>
 		/// Requests may be infrastructural to OpenID and allow auto-responses, or they may
 		/// be authentication requests where the Provider site has to make decisions based
 		/// on its own user database and policies.
 		/// </remarks>
-		/// <exception cref="ProtocolException">Thrown if the incoming message is recognized
-		/// but deviates from the protocol specification irrecoverably.</exception>
 		public async Task<IRequest> GetRequestAsync(HttpRequestBase httpRequestInfo, CancellationToken cancellationToken) {
 			Requires.NotNull(httpRequestInfo, "httpRequestInfo");
 			IDirectedProtocolMessage incomingMessage = null;
@@ -299,8 +300,11 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Gets the response to a received request.
 		/// </summary>
 		/// <param name="request">The request.</param>
-		/// <returns>The response that should be sent to the client.</returns>
-		/// <exception cref="InvalidOperationException">Thrown if <see cref="IRequest.IsResponseReady"/> is <c>false</c>.</exception>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The response that should be sent to the client.
+		/// </returns>
+		/// <exception cref="InvalidOperationException">Thrown if <see cref="IRequest.IsResponseReady" /> is <c>false</c>.</exception>
 		[SuppressMessage("Microsoft.Performance", "CA1800:DoNotCastUnnecessarily", Justification = "Code Contract requires that we cast early.")]
 		public async Task<HttpResponseMessage> PrepareResponseAsync(IRequest request, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
@@ -325,10 +329,11 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// XRDS document that advertises its OpenID RP endpoint.</param>
 		/// <param name="claimedIdentifier">The Identifier you are asserting your member controls.</param>
 		/// <param name="localIdentifier">The Identifier you know your user by internally.  This will typically
-		/// be the same as <paramref name="claimedIdentifier"/>.</param>
+		/// be the same as <paramref name="claimedIdentifier" />.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <param name="extensions">The extensions.</param>
 		/// <returns>
-		/// A <see cref="OutgoingWebResponse"/> object describing the HTTP response to send
+		/// A <see cref="OutgoingWebResponse" /> object describing the HTTP response to send
 		/// the user agent to allow the redirect with assertion to happen.
 		/// </returns>
 		public async Task<HttpResponseMessage> PrepareUnsolicitedAssertionAsync(Uri providerEndpoint, Realm relyingPartyRealm, Identifier claimedIdentifier, Identifier localIdentifier, CancellationToken cancellationToken = default(CancellationToken), params IExtensionMessage[] extensions) {
@@ -415,6 +420,8 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Applies all behaviors to the response message.
 		/// </summary>
 		/// <param name="request">The request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns></returns>
 		private async Task ApplyBehaviorsToResponseAsync(IRequest request, CancellationToken cancellationToken) {
 			var authRequest = request as IAuthenticationRequest;
 			if (authRequest != null) {
diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Request.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Request.cs
index 93f8107..cc44338 100644
--- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Request.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/Request.cs
@@ -16,7 +16,7 @@ using DotNetOpenAuth.OpenId.Messages;
 using Validation;
 
 	/// <summary>
-	/// Implements the <see cref="IRequest"/> interface for all incoming
+	/// Implements the <see cref="IRequest" /> interface for all incoming
 	/// request messages to an OpenID Provider.
 	/// </summary>
 	[Serializable]
@@ -93,32 +93,6 @@ using Validation;
 		/// <value>Defaults to the <see cref="OpenIdProvider.SecuritySettings"/> on the <see cref="OpenIdProvider"/>.</value>
 		public ProviderSecuritySettings SecuritySettings { get; set; }
 
-		/// <summary>
-		/// Gets the response to send to the user agent.
-		/// </summary>
-		/// <exception cref="InvalidOperationException">Thrown if <see cref="IsResponseReady"/> is <c>false</c>.</exception>
-		internal async Task<IProtocolMessage> GetResponseAsync(CancellationToken cancellationToken) {
-			RequiresEx.ValidState(this.IsResponseReady, OpenIdStrings.ResponseNotReady);
-
-			if (this.responseExtensions.Count > 0) {
-				var responseMessage = await this.GetResponseMessageAsync(cancellationToken);
-				var extensibleResponse = responseMessage as IProtocolMessageWithExtensions;
-				ErrorUtilities.VerifyOperation(extensibleResponse != null, MessagingStrings.MessageNotExtensible, responseMessage.GetType().Name);
-				foreach (var extension in this.responseExtensions) {
-					// It's possible that a prior call to this property
-					// has already added some/all of the extensions to the message.
-					// We don't have to worry about deleting old ones because
-					// this class provides no facility for removing extensions
-					// that are previously added.
-					if (!extensibleResponse.Extensions.Contains(extension)) {
-						extensibleResponse.Extensions.Add(extension);
-					}
-				}
-			}
-
-			return await this.GetResponseMessageAsync(cancellationToken);
-		}
-
 		#endregion
 
 		/// <summary>
@@ -201,8 +175,37 @@ using Validation;
 		#endregion
 
 		/// <summary>
+		/// Gets the response to send to the user agent.
+		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>The response.</returns>
+		/// <exception cref="InvalidOperationException">Thrown if <see cref="IsResponseReady" /> is <c>false</c>.</exception>
+		internal async Task<IProtocolMessage> GetResponseAsync(CancellationToken cancellationToken) {
+			RequiresEx.ValidState(this.IsResponseReady, OpenIdStrings.ResponseNotReady);
+
+			if (this.responseExtensions.Count > 0) {
+				var responseMessage = await this.GetResponseMessageAsync(cancellationToken);
+				var extensibleResponse = responseMessage as IProtocolMessageWithExtensions;
+				ErrorUtilities.VerifyOperation(extensibleResponse != null, MessagingStrings.MessageNotExtensible, responseMessage.GetType().Name);
+				foreach (var extension in this.responseExtensions) {
+					// It's possible that a prior call to this property
+					// has already added some/all of the extensions to the message.
+					// We don't have to worry about deleting old ones because
+					// this class provides no facility for removing extensions
+					// that are previously added.
+					if (!extensibleResponse.Extensions.Contains(extension)) {
+						extensibleResponse.Extensions.Add(extension);
+					}
+				}
+			}
+
+			return await this.GetResponseMessageAsync(cancellationToken);
+		}
+
+		/// <summary>
 		/// Gets the response message, once <see cref="IsResponseReady"/> is <c>true</c>.
 		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		protected abstract Task<IProtocolMessage> GetResponseMessageAsync(CancellationToken cancellationToken);
 	}
 }
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdAjaxRelyingParty.cs b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdAjaxRelyingParty.cs
index b6cab0e..a08c323 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdAjaxRelyingParty.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdAjaxRelyingParty.cs
@@ -54,16 +54,17 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// your realm would typically be https://www.example.com/.</param>
 		/// <param name="returnToUrl">The URL of the login page, or the page prepared to receive authentication
 		/// responses from the OpenID Provider.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier.
 		/// Never null, but may be empty.
 		/// </returns>
 		/// <remarks>
-		/// 	<para>Any individual generated request can satisfy the authentication.
+		///   <para>Any individual generated request can satisfy the authentication.
 		/// The generated requests are sorted in preferred order.
 		/// Each request is generated as it is enumerated to.  Associations are created only as
-		/// <see cref="IAuthenticationRequest.RedirectingResponse"/> is called.</para>
-		/// 	<para>No exception is thrown if no OpenID endpoints were discovered.
+		///   <see cref="IAuthenticationRequest.RedirectingResponse" /> is called.</para>
+		///   <para>No exception is thrown if no OpenID endpoints were discovered.
 		/// An empty enumerable is returned instead.</para>
 		/// </remarks>
 		public override async Task<IEnumerable<IAuthenticationRequest>> CreateRequestsAsync(Identifier userSuppliedIdentifier, Realm realm, Uri returnToUrl, CancellationToken cancellationToken) {
@@ -127,6 +128,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Serializes discovery results on some <i>single</i> identifier on behalf of Javascript running on the browser.
 		/// </summary>
 		/// <param name="requests">The discovery results from just <i>one</i> identifier to serialize as a JSON response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The JSON result to return to the user agent.
 		/// </returns>
@@ -164,6 +166,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// an AJAX-aware OpenID control.
 		/// </summary>
 		/// <param name="requests">The discovery results to serialize as a JSON response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The JSON result to return to the user agent.
 		/// </returns>
@@ -181,6 +184,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Converts a sequence of authentication requests to a JSON object for seeding an AJAX-enabled login page.
 		/// </summary>
 		/// <param name="requests">The discovery results from just <i>one</i> identifier to serialize as a JSON response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>A JSON object, not yet serialized.</returns>
 		internal async Task<object> AsJsonDiscoveryResultAsync(IEnumerable<IAuthenticationRequest> requests, CancellationToken cancellationToken) {
 			Requires.NotNull(requests, "requests");
@@ -218,6 +222,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// an AJAX-aware OpenID control.
 		/// </summary>
 		/// <param name="requests">The discovery results to serialize as a JSON response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A JSON object, not yet serialized to a string.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs
index 2a14ae3..56b354e 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs
@@ -170,8 +170,31 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		}
 
 		/// <summary>
+		/// Gets the relying party as its AJAX type.
+		/// </summary>
+		protected OpenIdAjaxRelyingParty AjaxRelyingParty {
+			get { return (OpenIdAjaxRelyingParty)this.RelyingParty; }
+		}
+
+		/// <summary>
+		/// Gets the name of the open id auth data form key (for the value as stored at the user agent as a FORM field).
+		/// </summary>
+		/// <value>Usually a concatenation of the control's name and <c>"_openidAuthData"</c>.</value>
+		protected abstract string OpenIdAuthDataFormKey { get; }
+
+		/// <summary>
+		/// Gets or sets a value indicating whether an authentication in the page's view state
+		/// has already been processed and appropriate events fired.
+		/// </summary>
+		private bool AuthenticationProcessedAlready {
+			get { return (bool)(ViewState[AuthenticationProcessedAlreadyViewStateKey] ?? false); }
+			set { ViewState[AuthenticationProcessedAlreadyViewStateKey] = value; }
+		}
+
+		/// <summary>
 		/// Gets the completed authentication response.
 		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		public async Task<IAuthenticationResponse> GetAuthenticationResponseAsync(CancellationToken cancellationToken) {
 			if (this.authenticationResponse == null) {
 				// We will either validate a new response and return a live AuthenticationResponse
@@ -205,28 +228,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		}
 
 		/// <summary>
-		/// Gets the relying party as its AJAX type.
-		/// </summary>
-		protected OpenIdAjaxRelyingParty AjaxRelyingParty {
-			get { return (OpenIdAjaxRelyingParty)this.RelyingParty; }
-		}
-
-		/// <summary>
-		/// Gets the name of the open id auth data form key (for the value as stored at the user agent as a FORM field).
-		/// </summary>
-		/// <value>Usually a concatenation of the control's name and <c>"_openidAuthData"</c>.</value>
-		protected abstract string OpenIdAuthDataFormKey { get; }
-
-		/// <summary>
-		/// Gets or sets a value indicating whether an authentication in the page's view state
-		/// has already been processed and appropriate events fired.
-		/// </summary>
-		private bool AuthenticationProcessedAlready {
-			get { return (bool)(ViewState[AuthenticationProcessedAlreadyViewStateKey] ?? false); }
-			set { ViewState[AuthenticationProcessedAlreadyViewStateKey] = value; }
-		}
-
-		/// <summary>
 		/// Allows an OpenID extension to read data out of an unverified positive authentication assertion
 		/// and send it down to the client browser so that Javascript running on the page can perform
 		/// some preprocessing on the extension data.
@@ -310,6 +311,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// user agent for javascript as soon as the page loads.
 		/// </summary>
 		/// <param name="identifier">The identifier.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns></returns>
 		protected Task PreloadDiscoveryAsync(Identifier identifier, CancellationToken cancellationToken) {
 			return this.PreloadDiscoveryAsync(new[] { identifier }, cancellationToken);
 		}
@@ -319,6 +322,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// user agent for javascript as soon as the page loads.
 		/// </summary>
 		/// <param name="identifiers">The identifiers to perform discovery on.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns></returns>
 		protected async Task PreloadDiscoveryAsync(IEnumerable<Identifier> identifiers, CancellationToken cancellationToken) {
 			var requests = await Task.WhenAll(identifiers.Select(id => this.CreateRequestsAsync(id, cancellationToken)));
 			string script = await this.AjaxRelyingParty.AsAjaxPreloadedDiscoveryResultAsync(requests.SelectMany(r => r), cancellationToken);
@@ -420,6 +425,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <summary>
 		/// Notifies the user agent via an AJAX response of a completed authentication attempt.
 		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		protected override async Task ScriptClosingPopupOrIFrameAsync(CancellationToken cancellationToken) {
 			Action<AuthenticationStatus> callback = status => {
 				if (status == AuthenticationStatus.Authenticated) {
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs
index ecdfa1f..f527cee 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs
@@ -513,6 +513,8 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Immediately redirects to the OpenID Provider to verify the Identifier
 		/// provided in the text box.
 		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns></returns>
 		public async Task LogOnAsync(CancellationToken cancellationToken) {
 			IAuthenticationRequest request = (await this.CreateRequestsAsync(cancellationToken)).FirstOrDefault();
 			ErrorUtilities.VerifyProtocol(request != null, OpenIdStrings.OpenIdEndpointNotFound);
@@ -524,6 +526,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// provided in the text box.
 		/// </summary>
 		/// <param name="request">The request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// A task that completes with the asynchronous operation.
+		/// </returns>
 		public async Task LogOnAsync(IAuthenticationRequest request, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
 
@@ -560,9 +566,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Creates the authentication requests for a given user-supplied Identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier to create a request for.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of authentication requests, any one of which may be
-		/// used to determine the user's control of the <see cref="IAuthenticationRequest.ClaimedIdentifier"/>.
+		/// used to determine the user's control of the <see cref="IAuthenticationRequest.ClaimedIdentifier" />.
 		/// </returns>
 		protected internal virtual Task<IEnumerable<IAuthenticationRequest>> CreateRequestsAsync(Identifier identifier, CancellationToken cancellationToken) {
 			Requires.NotNull(identifier, "identifier");
@@ -853,11 +860,11 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		}
 
 		/// <summary>
-		/// Adds attributes to an HTML &lt;A&gt; tag that will be written by the caller using 
-		/// <see cref="HtmlTextWriter.RenderBeginTag(HtmlTextWriterTag)"/> after this method.
+		/// Adds attributes to an HTML &lt;A&gt; tag that will be written by the caller using
+		/// <see cref="HtmlTextWriter.RenderBeginTag(HtmlTextWriterTag)" /> after this method.
 		/// </summary>
 		/// <param name="writer">The HTML writer.</param>
-		/// <param name="request">The outgoing authentication request.</param>
+		/// <param name="response">The response.</param>
 		/// <param name="windowStatus">The text to try to display in the status bar on mouse hover.</param>
 		protected void RenderOpenIdMessageTransmissionAsAnchorAttributes(HtmlTextWriter writer, HttpResponseMessage response, string windowStatus) {
 			Requires.NotNull(writer, "writer");
@@ -916,9 +923,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Creates the authentication requests for a given user-supplied Identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier to create a request for.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of authentication requests, any one of which may be
-		/// used to determine the user's control of the <see cref="IAuthenticationRequest.ClaimedIdentifier"/>.
+		/// used to determine the user's control of the <see cref="IAuthenticationRequest.ClaimedIdentifier" />.
 		/// </returns>
 		private async Task<IEnumerable<IAuthenticationRequest>> CreateRequestsCoreAsync(Identifier identifier, CancellationToken cancellationToken) {
 			ErrorUtilities.VerifyArgumentNotNull(identifier, "identifier"); // NO CODE CONTRACTS! (yield return used here)
@@ -1015,8 +1023,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <summary>
 		/// Gets the javascript to executee to redirect or POST an OpenID message to a remote party.
 		/// </summary>
-		/// <param name="request">The authentication request to send.</param>
-		/// <returns>The javascript that should execute.</returns>
+		/// <param name="requestRedirectingResponse">The request redirecting response.</param>
+		/// <returns>
+		/// The javascript that should execute.
+		/// </returns>
 		private string CreateGetOrPostAHrefValue(HttpResponseMessage requestRedirectingResponse) {
 			Requires.NotNull(requestRedirectingResponse, "requestRedirectingResponse");
 
@@ -1028,6 +1038,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Wires the return page to immediately display a popup window with the Provider in it.
 		/// </summary>
 		/// <param name="request">The request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// A task that completes with the asynchronous operation.
+		/// </returns>
 		private async Task ScriptPopupWindowAsync(IAuthenticationRequest request, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
 			RequiresEx.ValidState(this.RelyingParty != null);
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdTextBox.cs b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdTextBox.cs
index 9a5daf8..d566afa 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdTextBox.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty.UI/OpenId/RelyingParty/OpenIdTextBox.cs
@@ -548,9 +548,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Creates the authentication requests for a given user-supplied Identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier to create a request for.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of authentication requests, any one of which may be
-		/// used to determine the user's control of the <see cref="IAuthenticationRequest.ClaimedIdentifier"/>.
+		/// used to determine the user's control of the <see cref="IAuthenticationRequest.ClaimedIdentifier" />.
 		/// </returns>
 		protected internal override async Task<IEnumerable<IAuthenticationRequest>> CreateRequestsAsync(Identifier identifier, CancellationToken cancellationToken) {
 			ErrorUtilities.VerifyArgumentNotNull(identifier, "identifier");
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySecurityOptions.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySecurityOptions.cs
index 01aa16e..90910b7 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySecurityOptions.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySecurityOptions.cs
@@ -57,6 +57,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -74,6 +75,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs
index 6a6dee2..625a7e4 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs
@@ -77,6 +77,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// <param name="message">The message.</param>
 		/// <param name="signedMessage">The signed message.</param>
 		/// <param name="protectionsApplied">The protections applied.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The applied protections.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs
index d71a086..1948215 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs
@@ -135,6 +135,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -161,6 +162,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs
index 910272e..fb4006c 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/HostMetaDiscoveryService.cs
@@ -71,6 +71,12 @@ namespace DotNetOpenAuth.OpenId {
 			this.TrustedHostMetaProxies = new List<HostMetaProxy>();
 		}
 
+		/// <summary>
+		/// Gets or sets the host factories used by this instance.
+		/// </summary>
+		/// <value>
+		/// The host factories.
+		/// </value>
 		public IHostFactories HostFactories { get; set; }
 
 		/// <summary>
@@ -108,8 +114,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// Performs discovery on the specified identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier to perform discovery on.</param>
-		/// <param name="requestHandler">The means to place outgoing HTTP requests.</param>
-		/// <param name="abortDiscoveryChain">if set to <c>true</c>, no further discovery services will be called for this identifier.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of service endpoints yielded by discovery.  Must not be null, but may be empty.
 		/// </returns>
@@ -182,43 +187,6 @@ namespace DotNetOpenAuth.OpenId {
 		}
 
 		/// <summary>
-		/// Gets the services for an identifier that are described by an external XRDS document.
-		/// </summary>
-		/// <param name="xrds">The XRD elements to search for described-by services.</param>
-		/// <param name="identifier">The identifier under discovery.</param>
-		/// <param name="requestHandler">The request handler.</param>
-		/// <returns>The discovered services.</returns>
-		private async Task<IEnumerable<IdentifierDiscoveryResult>> GetExternalServicesAsync(IEnumerable<XrdElement> xrds, UriIdentifier identifier, CancellationToken cancellationToken) {
-			Requires.NotNull(xrds, "xrds");
-			Requires.NotNull(identifier, "identifier");
-
-			var results = new List<IdentifierDiscoveryResult>();
-			foreach (var serviceElement in GetDescribedByServices(xrds)) {
-				var templateNode = serviceElement.Node.SelectSingleNode("google:URITemplate", serviceElement.XmlNamespaceResolver);
-				var nextAuthorityNode = serviceElement.Node.SelectSingleNode("google:NextAuthority", serviceElement.XmlNamespaceResolver);
-				if (templateNode != null) {
-					Uri externalLocation = new Uri(templateNode.Value.Trim().Replace("{%uri}", Uri.EscapeDataString(identifier.Uri.AbsoluteUri)));
-					string nextAuthority = nextAuthorityNode != null ? nextAuthorityNode.Value.Trim() : identifier.Uri.Host;
-					try {
-						using (var externalXrdsResponse = await this.GetXrdsResponseAsync(identifier, externalLocation, cancellationToken)) {
-							var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
-							var responseStream = await externalXrdsResponse.Content.ReadAsStreamAsync();
-							XrdsDocument externalXrds = new XrdsDocument(XmlReader.Create(responseStream, readerSettings));
-							await ValidateXmlDSigAsync(externalXrds, identifier, externalXrdsResponse, nextAuthority);
-							results.AddRange(GetXrdElements(externalXrds, identifier).CreateServiceEndpoints(identifier, identifier));
-						}
-					} catch (ProtocolException ex) {
-						Logger.Yadis.WarnFormat("HTTP GET error while retrieving described-by XRDS document {0}: {1}", externalLocation.AbsoluteUri, ex);
-					} catch (XmlException ex) {
-						Logger.Yadis.ErrorFormat("Error while parsing described-by XRDS document {0}: {1}", externalLocation.AbsoluteUri, ex);
-					}
-				}
-			}
-
-			return results;
-		}
-
-		/// <summary>
 		/// Validates the XML digital signature on an XRDS document.
 		/// </summary>
 		/// <param name="document">The XRDS document whose signature should be validated.</param>
@@ -291,11 +259,50 @@ namespace DotNetOpenAuth.OpenId {
 		}
 
 		/// <summary>
+		/// Gets the services for an identifier that are described by an external XRDS document.
+		/// </summary>
+		/// <param name="xrds">The XRD elements to search for described-by services.</param>
+		/// <param name="identifier">The identifier under discovery.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The discovered services.
+		/// </returns>
+		private async Task<IEnumerable<IdentifierDiscoveryResult>> GetExternalServicesAsync(IEnumerable<XrdElement> xrds, UriIdentifier identifier, CancellationToken cancellationToken) {
+			Requires.NotNull(xrds, "xrds");
+			Requires.NotNull(identifier, "identifier");
+
+			var results = new List<IdentifierDiscoveryResult>();
+			foreach (var serviceElement in GetDescribedByServices(xrds)) {
+				var templateNode = serviceElement.Node.SelectSingleNode("google:URITemplate", serviceElement.XmlNamespaceResolver);
+				var nextAuthorityNode = serviceElement.Node.SelectSingleNode("google:NextAuthority", serviceElement.XmlNamespaceResolver);
+				if (templateNode != null) {
+					Uri externalLocation = new Uri(templateNode.Value.Trim().Replace("{%uri}", Uri.EscapeDataString(identifier.Uri.AbsoluteUri)));
+					string nextAuthority = nextAuthorityNode != null ? nextAuthorityNode.Value.Trim() : identifier.Uri.Host;
+					try {
+						using (var externalXrdsResponse = await this.GetXrdsResponseAsync(identifier, externalLocation, cancellationToken)) {
+							var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
+							var responseStream = await externalXrdsResponse.Content.ReadAsStreamAsync();
+							XrdsDocument externalXrds = new XrdsDocument(XmlReader.Create(responseStream, readerSettings));
+							await ValidateXmlDSigAsync(externalXrds, identifier, externalXrdsResponse, nextAuthority);
+							results.AddRange(GetXrdElements(externalXrds, identifier).CreateServiceEndpoints(identifier, identifier));
+						}
+					} catch (ProtocolException ex) {
+						Logger.Yadis.WarnFormat("HTTP GET error while retrieving described-by XRDS document {0}: {1}", externalLocation.AbsoluteUri, ex);
+					} catch (XmlException ex) {
+						Logger.Yadis.ErrorFormat("Error while parsing described-by XRDS document {0}: {1}", externalLocation.AbsoluteUri, ex);
+					}
+				}
+			}
+
+			return results;
+		}
+
+		/// <summary>
 		/// Gets the XRDS HTTP response for a given identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier.</param>
-		/// <param name="requestHandler">The request handler.</param>
 		/// <param name="xrdsLocation">The location of the XRDS document to retrieve.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A HTTP response carrying an XRDS document.
 		/// </returns>
@@ -369,9 +376,10 @@ namespace DotNetOpenAuth.OpenId {
 		/// Gets the XRDS HTTP response for a given identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier.</param>
-		/// <param name="requestHandler">The request handler.</param>
-		/// <param name="signingHost">The host name on the certificate that should be used to verify the signature in the XRDS.</param>
-		/// <returns>A HTTP response carrying an XRDS document, or <c>null</c> if one could not be obtained.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// A HTTP response carrying an XRDS document, or <c>null</c> if one could not be obtained.
+		/// </returns>
 		/// <exception cref="ProtocolException">Thrown if the XRDS document could not be obtained.</exception>
 		private async Task<ResultWithSigningHost<HttpResponseMessage>> GetXrdsResponseAsync(UriIdentifier identifier, CancellationToken cancellationToken) {
 			Requires.NotNull(identifier, "identifier");
@@ -389,9 +397,10 @@ namespace DotNetOpenAuth.OpenId {
 		/// Gets the location of the XRDS document that describes a given identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier under discovery.</param>
-		/// <param name="requestHandler">The request handler.</param>
-		/// <param name="signingHost">The host name on the certificate that should be used to verify the signature in the XRDS.</param>
-		/// <returns>An absolute URI, or <c>null</c> if one could not be determined.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// An absolute URI, or <c>null</c> if one could not be determined.
+		/// </returns>
 		private async Task<ResultWithSigningHost<Uri>> GetXrdsLocationAsync(UriIdentifier identifier, CancellationToken cancellationToken) {
 			Requires.NotNull(identifier, "identifier");
 
@@ -419,8 +428,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// Gets the host-meta for a given identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier.</param>
-		/// <param name="requestHandler">The request handler.</param>
-		/// <param name="signingHost">The host name on the certificate that should be used to verify the signature in the XRDS.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The host-meta response, or <c>null</c> if no host-meta document could be obtained.
 		/// </returns>
@@ -471,6 +479,23 @@ namespace DotNetOpenAuth.OpenId {
 			return result;
 		}
 
+		private struct ResultWithSigningHost<T> : IDisposable {
+			internal ResultWithSigningHost(T result, string signingHost)
+				: this() {
+				this.Result = result;
+				this.SigningHost = signingHost;
+			}
+
+			public T Result { get; private set; }
+
+			public string SigningHost { get; private set; }
+
+			public void Dispose() {
+				var disposable = this.Result as IDisposable;
+				disposable.DisposeIfNotNull();
+			}
+		}
+
 		/// <summary>
 		/// A description of a web server that hosts host-meta documents.
 		/// </summary>
@@ -554,22 +579,5 @@ namespace DotNetOpenAuth.OpenId {
 				return this.ProxyFormat.GetHashCode();
 			}
 		}
-
-		private struct ResultWithSigningHost<T> : IDisposable {
-			internal ResultWithSigningHost(T result, string signingHost)
-				: this() {
-				this.Result = result;
-				this.SigningHost = signingHost;
-			}
-
-			public T Result { get; private set; }
-
-			public string SigningHost { get; private set; }
-
-			public void Dispose() {
-				var disposable = this.Result as IDisposable;
-				disposable.DisposeIfNotNull();
-			}
-		}
 	}
 }
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AssociationManager.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AssociationManager.cs
index 14566e1..367c146 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AssociationManager.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AssociationManager.cs
@@ -132,6 +132,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// a new association of one does not already exist.
 		/// </summary>
 		/// <param name="provider">The provider to get an association for.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The existing or new association; <c>null</c> if none existed and one could not be created.</returns>
 		internal async Task<Association> GetOrCreateAssociationAsync(IProviderEndpoint provider, CancellationToken cancellationToken) {
 			return this.GetExistingAssociation(provider) ?? await this.CreateNewAssociationAsync(provider, cancellationToken);
@@ -141,6 +142,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Creates a new association with a given Provider.
 		/// </summary>
 		/// <param name="provider">The provider to create an association with.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The newly created association, or null if no association can be created with
 		/// the given Provider given the current security settings.
@@ -148,7 +150,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <remarks>
 		/// A new association is created and returned even if one already exists in the
 		/// association store.
-		/// Any new association is automatically added to the <see cref="associationStore"/>.
+		/// Any new association is automatically added to the <see cref="associationStore" />.
 		/// </remarks>
 		private async Task<Association> CreateNewAssociationAsync(IProviderEndpoint provider, CancellationToken cancellationToken) {
 			Requires.NotNull(provider, "provider");
@@ -180,10 +182,12 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <param name="provider">The provider to create an association with.</param>
 		/// <param name="associateRequest">The associate request.  May be <c>null</c>, which will always result in a <c>null</c> return value..</param>
 		/// <param name="retriesRemaining">The number of times to try the associate request again if the Provider suggests it.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The newly created association, or null if no association can be created with
 		/// the given Provider given the current security settings.
 		/// </returns>
+		/// <exception cref="ProtocolException"></exception>
 		private async Task<Association> CreateNewAssociationAsync(IProviderEndpoint provider, AssociateRequest associateRequest, int retriesRemaining, CancellationToken cancellationToken) {
 			Requires.NotNull(provider, "provider");
 
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AuthenticationRequest.cs
index 0fb5b4a..a26b49e 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AuthenticationRequest.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AuthenticationRequest.cs
@@ -93,20 +93,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		public AuthenticationRequestMode Mode { get; set; }
 
 		/// <summary>
-		/// Gets the HTTP response the relying party should send to the user agent
-		/// to redirect it to the OpenID Provider to start the OpenID authentication process.
-		/// </summary>
-		/// <value></value>
-		public async Task<HttpResponseMessage> GetRedirectingResponseAsync(CancellationToken cancellationToken) {
-			foreach (var behavior in this.RelyingParty.Behaviors) {
-				behavior.OnOutgoingAuthenticationRequest(this);
-			}
-
-			var request = await this.CreateRequestMessageAsync(cancellationToken);
-			return await this.RelyingParty.Channel.PrepareResponseAsync(request, cancellationToken);
-		}
-
-		/// <summary>
 		/// Gets the URL that the user agent will return to after authentication
 		/// completes or fails at the Provider.
 		/// </summary>
@@ -199,6 +185,20 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		#region IAuthenticationRequest methods
 
 		/// <summary>
+		/// Gets the HTTP response the relying party should send to the user agent
+		/// to redirect it to the OpenID Provider to start the OpenID authentication process.
+		/// </summary>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		public async Task<HttpResponseMessage> GetRedirectingResponseAsync(CancellationToken cancellationToken) {
+			foreach (var behavior in this.RelyingParty.Behaviors) {
+				behavior.OnOutgoingAuthenticationRequest(this);
+			}
+
+			var request = await this.CreateRequestMessageAsync(cancellationToken);
+			return await this.RelyingParty.Channel.PrepareResponseAsync(request, cancellationToken);
+		}
+
+		/// <summary>
 		/// Makes a dictionary of key/value pairs available when the authentication is completed.
 		/// </summary>
 		/// <param name="arguments">The arguments to add to the request's return_to URI.</param>
@@ -305,6 +305,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <param name="realm">The realm.</param>
 		/// <param name="returnToUrl">The return_to base URL.</param>
 		/// <param name="createNewAssociationsAsNeeded">if set to <c>true</c>, associations that do not exist between this Relying Party and the asserting Providers are created before the authentication request is created.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier.
 		/// Never null, but may be empty.
@@ -391,13 +392,16 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Creates the request message to send to the Provider,
 		/// based on the properties in this instance.
 		/// </summary>
-		/// <returns>The message to send to the Provider.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The message to send to the Provider.
+		/// </returns>
 		internal Task<SignedResponseRequest> CreateRequestMessageTestHookAsync(CancellationToken cancellationToken) {
 			return this.CreateRequestMessageAsync(cancellationToken);
 		}
 
 		/// <summary>
-		/// Performs deferred request generation for the <see cref="Create"/> method.
+		/// Performs deferred request generation for the <see cref="Create" /> method.
 		/// </summary>
 		/// <param name="userSuppliedIdentifier">The user supplied identifier.</param>
 		/// <param name="relyingParty">The relying party.</param>
@@ -405,6 +409,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <param name="returnToUrl">The return_to base URL.</param>
 		/// <param name="serviceEndpoints">The discovered service endpoints on the Claimed Identifier.</param>
 		/// <param name="createNewAssociationsAsNeeded">if set to <c>true</c>, associations that do not exist between this Relying Party and the asserting Providers are created before the authentication request is created.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of authentication requests, any of which constitutes a valid identity assertion on the Claimed Identifier.
 		/// Never null, but may be empty.
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/Extensions/UIUtilities.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/Extensions/UIUtilities.cs
index 80bfe65..4e138ee 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/Extensions/UIUtilities.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/Extensions/UIUtilities.cs
@@ -24,7 +24,10 @@ using Validation;
 		/// <param name="relyingParty">The relying party.</param>
 		/// <param name="request">The authentication request to place in the window.</param>
 		/// <param name="windowName">The name to assign to the popup window.</param>
-		/// <returns>A string starting with 'window.open' and forming just that one method call.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// A string starting with 'window.open' and forming just that one method call.
+		/// </returns>
 		internal static async Task<string> GetWindowPopupScriptAsync(OpenIdRelyingParty relyingParty, IAuthenticationRequest request, string windowName, CancellationToken cancellationToken) {
 			Requires.NotNull(relyingParty, "relyingParty");
 			Requires.NotNull(request, "request");
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs
index a129334..b190ce3 100644
--- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -157,31 +157,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		}
 
 		/// <summary>
-		/// Gets the standard state storage mechanism that uses ASP.NET's
-		/// HttpApplication state dictionary to store associations and nonces.
-		/// </summary>
-		public static IOpenIdApplicationStore GetHttpApplicationStore(HttpContextBase context = null) {
-			if (context == null) {
-				ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IOpenIdApplicationStore).Name);
-				context = new HttpContextWrapper(HttpContext.Current);
-			}
-
-			var store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey];
-			if (store == null) {
-				context.Application.Lock();
-				try {
-					if ((store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey]) == null) {
-						context.Application[ApplicationStoreKey] = store = new StandardRelyingPartyApplicationStore();
-					}
-				} finally {
-					context.Application.UnLock();
-				}
-			}
-
-			return store;
-		}
-
-		/// <summary>
 		/// Gets or sets the channel to use for sending/receiving messages.
 		/// </summary>
 		public Channel Channel {
@@ -314,6 +289,33 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		}
 
 		/// <summary>
+		/// Gets the standard state storage mechanism that uses ASP.NET's
+		/// HttpApplication state dictionary to store associations and nonces.
+		/// </summary>
+		/// <param name="context">The context.</param>
+		/// <returns>The application store.</returns>
+		public static IOpenIdApplicationStore GetHttpApplicationStore(HttpContextBase context = null) {
+			if (context == null) {
+				ErrorUtilities.VerifyOperation(HttpContext.Current != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IOpenIdApplicationStore).Name);
+				context = new HttpContextWrapper(HttpContext.Current);
+			}
+
+			var store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey];
+			if (store == null) {
+				context.Application.Lock();
+				try {
+					if ((store = (IOpenIdApplicationStore)context.Application[ApplicationStoreKey]) == null) {
+						context.Application[ApplicationStoreKey] = store = new StandardRelyingPartyApplicationStore();
+					}
+				} finally {
+					context.Application.UnLock();
+				}
+			}
+
+			return store;
+		}
+
+		/// <summary>
 		/// Creates an authentication request to verify that a user controls
 		/// some given Identifier.
 		/// </summary>
@@ -520,7 +522,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Gets an authentication response from a Provider.
 		/// </summary>
 		/// <param name="httpRequestInfo">The HTTP request that may be carrying an authentication response from the Provider.</param>
-		/// <returns>The processed authentication response if there is any; <c>null</c> otherwise.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The processed authentication response if there is any; <c>null</c> otherwise.
+		/// </returns>
 		public async Task<IAuthenticationResponse> GetResponseAsync(HttpRequestBase httpRequestInfo, CancellationToken cancellationToken) {
 			Requires.NotNull(httpRequestInfo, "httpRequestInfo");
 			try {
@@ -574,7 +579,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Processes the response received in a popup window or iframe to an AJAX-directed OpenID authentication.
 		/// </summary>
 		/// <param name="request">The incoming HTTP request that is expected to carry an OpenID authentication response.</param>
-		/// <returns>The HTTP response to send to this HTTP request.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The HTTP response to send to this HTTP request.
+		/// </returns>
 		public Task<HttpResponseMessage> ProcessResponseFromPopupAsync(HttpRequestBase request, CancellationToken cancellationToken) {
 			Requires.NotNull(request, "request");
 
@@ -657,6 +665,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// </summary>
 		/// <param name="request">The incoming HTTP request that is expected to carry an OpenID authentication response.</param>
 		/// <param name="callback">The callback fired after the response status has been determined but before the Javascript response is formulated.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The HTTP response to send to this HTTP request.
 		/// </returns>
@@ -716,7 +725,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// Performs discovery on the specified identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier to discover services for.</param>
-		/// <returns>A non-null sequence of services discovered for the identifier.</returns>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// A non-null sequence of services discovered for the identifier.
+		/// </returns>
 		internal Task<IEnumerable<IdentifierDiscoveryResult>> DiscoverAsync(Identifier identifier, CancellationToken cancellationToken) {
 			return this.discoveryServices.DiscoverAsync(identifier, cancellationToken);
 		}
diff --git a/src/DotNetOpenAuth.OpenId/DefaultOpenIdHostFactories.cs b/src/DotNetOpenAuth.OpenId/DefaultOpenIdHostFactories.cs
index ac81107..d52342c 100644
--- a/src/DotNetOpenAuth.OpenId/DefaultOpenIdHostFactories.cs
+++ b/src/DotNetOpenAuth.OpenId/DefaultOpenIdHostFactories.cs
@@ -1,5 +1,5 @@
 //-----------------------------------------------------------------------
-// <copyright file="DefaultHostFactories.cs" company="Andrew Arnott">
+// <copyright file="DefaultOpenIdHostFactories.cs" company="Andrew Arnott">
 //     Copyright (c) Andrew Arnott. All rights reserved.
 // </copyright>
 //-----------------------------------------------------------------------
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs
index c448e2f..3fe3fe2 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs
@@ -58,6 +58,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -87,6 +88,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ExtensionsBindingElement.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ExtensionsBindingElement.cs
index 2a5946a..5d6a51e 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ExtensionsBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ExtensionsBindingElement.cs
@@ -75,6 +75,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -138,6 +139,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/OpenIdChannel.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/OpenIdChannel.cs
index 221994a..0c93478 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/OpenIdChannel.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/OpenIdChannel.cs
@@ -47,11 +47,12 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		private KeyValueFormEncoding keyValueForm = new KeyValueFormEncoding();
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="OpenIdChannel"/> class.
+		/// Initializes a new instance of the <see cref="OpenIdChannel" /> class.
 		/// </summary>
 		/// <param name="messageTypeProvider">A class prepared to analyze incoming messages and indicate what concrete
 		/// message types can deserialize from it.</param>
 		/// <param name="bindingElements">The binding elements to use in sending and receiving messages.</param>
+		/// <param name="hostFactories">The host factories.</param>
 		protected OpenIdChannel(IMessageFactory messageTypeProvider, IChannelBindingElement[] bindingElements, IHostFactories hostFactories = null)
 			: base(messageTypeProvider, bindingElements, hostFactories ?? new DefaultOpenIdHostFactories()) {
 			Requires.NotNull(messageTypeProvider, "messageTypeProvider");
@@ -81,10 +82,9 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Verifies the integrity and applicability of an incoming message.
 		/// </summary>
 		/// <param name="message">The message just received.</param>
-		/// <exception cref="ProtocolException">
-		/// Thrown when the message is somehow invalid, except for check_authentication messages.
-		/// This can be due to tampering, replay attack or expiration, among other things.
-		/// </exception>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <exception cref="ProtocolException">Thrown when the message is somehow invalid, except for check_authentication messages.
+		/// This can be due to tampering, replay attack or expiration, among other things.</exception>
 		protected override async Task ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) {
 			var checkAuthRequest = message as CheckAuthenticationRequest;
 			if (checkAuthRequest != null) {
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs
index c55704d..5ea5136 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs
@@ -37,7 +37,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 
 		private static readonly Task<MessageProtections?> NoneTask =
 			Task.FromResult<MessageProtections?>(MessageProtections.None);
-		
+
 		/// <summary>
 		/// The name of the callback parameter we'll tack onto the return_to value
 		/// to store our signature on the return_to parameter.
@@ -97,6 +97,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -125,6 +126,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SigningBindingElement.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SigningBindingElement.cs
index 83d45a1..769b2e2 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SigningBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SigningBindingElement.cs
@@ -57,6 +57,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -70,6 +71,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -111,6 +113,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// <param name="message">The message.</param>
 		/// <param name="signedMessage">The signed message.</param>
 		/// <param name="protectionsApplied">The protections applied.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The applied protections.</returns>
 		protected abstract Task<MessageProtections> VerifySignatureByUnrecognizedHandleAsync(IProtocolMessage message, ITamperResistantOpenIdMessage signedMessage, MessageProtections protectionsApplied, CancellationToken cancellationToken);
 
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SkipSecurityBindingElement.cs b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SkipSecurityBindingElement.cs
index 900a422..e55b7e2 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SkipSecurityBindingElement.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/ChannelElements/SkipSecurityBindingElement.cs
@@ -46,6 +46,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// Prepares a message for sending based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The message to prepare for sending.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
@@ -64,6 +65,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		/// validates an incoming message based on the rules of this channel binding element.
 		/// </summary>
 		/// <param name="message">The incoming message to process.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The protections (if any) that this binding element applied to the message.
 		/// Null if this binding element did not even apply to this binding element.
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/IIdentifierDiscoveryService.cs b/src/DotNetOpenAuth.OpenId/OpenId/IIdentifierDiscoveryService.cs
index 4d1450e..1055d15 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/IIdentifierDiscoveryService.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/IIdentifierDiscoveryService.cs
@@ -27,7 +27,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// Performs discovery on the specified identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier to perform discovery on.</param>
-		/// <param name="abortDiscoveryChain">if set to <c>true</c>, no further discovery services will be called for this identifier.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// A sequence of service endpoints yielded by discovery.  Must not be null, but may be empty.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs b/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs
index 2803c22..a515033 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs
@@ -50,6 +50,7 @@ namespace DotNetOpenAuth.OpenId {
 		/// Performs discovery on the specified identifier.
 		/// </summary>
 		/// <param name="identifier">The identifier to discover services for.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>A non-null sequence of services discovered for the identifier.</returns>
 		public async Task<IEnumerable<IdentifierDiscoveryResult>> DiscoverAsync(Identifier identifier, CancellationToken cancellationToken) {
 			Requires.NotNull(identifier, "identifier");
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Messages/NegativeAssertionResponse.cs b/src/DotNetOpenAuth.OpenId/OpenId/Messages/NegativeAssertionResponse.cs
index 1bb52b9..ccb6a27 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/Messages/NegativeAssertionResponse.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/Messages/NegativeAssertionResponse.cs
@@ -39,24 +39,6 @@ namespace DotNetOpenAuth.OpenId.Messages {
 		}
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="NegativeAssertionResponse"/> class.
-		/// </summary>
-		/// <param name="request">The request that the relying party sent.</param>
-		/// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable.  May be null, but the user_setup_url will not be constructed.</param>
-		internal static async Task<NegativeAssertionResponse> CreateAsync(SignedResponseRequest request, CancellationToken cancellationToken, Channel channel = null) {
-			var result = new NegativeAssertionResponse(request);
-			
-			// If appropriate, and when we're provided with a channel to do it,
-			// go ahead and construct the user_setup_url
-			if (result.Version.Major < 2 && request.Immediate && channel != null) {
-				// All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe.
-				result.UserSetupUrl = await ConstructUserSetupUrlAsync((CheckIdRequest)request, channel, cancellationToken);
-			}
-
-			return result;
-		}
-
-		/// <summary>
 		/// Gets or sets the URL the relying party can use to upgrade their authentication
 		/// request from an immediate to a setup message.
 		/// </summary>
@@ -112,11 +94,31 @@ namespace DotNetOpenAuth.OpenId.Messages {
 		}
 
 		/// <summary>
+		/// Initializes a new instance of the <see cref="NegativeAssertionResponse" /> class.
+		/// </summary>
+		/// <param name="request">The request that the relying party sent.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <param name="channel">The channel to use to simulate construction of the user_setup_url, if applicable.  May be null, but the user_setup_url will not be constructed.</param>
+		internal static async Task<NegativeAssertionResponse> CreateAsync(SignedResponseRequest request, CancellationToken cancellationToken, Channel channel = null) {
+			var result = new NegativeAssertionResponse(request);
+
+			// If appropriate, and when we're provided with a channel to do it,
+			// go ahead and construct the user_setup_url
+			if (result.Version.Major < 2 && request.Immediate && channel != null) {
+				// All requests are CheckIdRequests in OpenID 1.x, so this cast should be safe.
+				result.UserSetupUrl = await ConstructUserSetupUrlAsync((CheckIdRequest)request, channel, cancellationToken);
+			}
+
+			return result;
+		}
+
+		/// <summary>
 		/// Constructs the value for the user_setup_url parameter to be sent back
 		/// in negative assertions in response to OpenID 1.x RP's checkid_immediate requests.
 		/// </summary>
 		/// <param name="immediateRequest">The immediate request.</param>
 		/// <param name="channel">The channel to use to simulate construction of the message.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The value to use for the user_setup_url parameter.</returns>
 		private static async Task<Uri> ConstructUserSetupUrlAsync(CheckIdRequest immediateRequest, Channel channel, CancellationToken cancellationToken) {
 			Requires.NotNull(immediateRequest, "immediateRequest");
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/OpenIdUtilities.cs b/src/DotNetOpenAuth.OpenId/OpenId/OpenIdUtilities.cs
index 7b65a88..dcea83a 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/OpenIdUtilities.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/OpenIdUtilities.cs
@@ -227,7 +227,6 @@ namespace DotNetOpenAuth.OpenId {
 			}
 			while (true);
 
-
 			return hostFactories.CreateHttpClient(rootHandler);
 		}
 
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Provider/IHostProcessedRequest.cs b/src/DotNetOpenAuth.OpenId/OpenId/Provider/IHostProcessedRequest.cs
index 0e40f0f..0615144 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/Provider/IHostProcessedRequest.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/Provider/IHostProcessedRequest.cs
@@ -48,7 +48,8 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// <summary>
 		/// Attempts to perform relying party discovery of the return URL claimed by the Relying Party.
 		/// </summary>
-		/// <param name="webRequestHandler">The web request handler.</param>
+		/// <param name="hostFactories">The host factories.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The details of how successful the relying party discovery was.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Provider/IProviderBehavior.cs b/src/DotNetOpenAuth.OpenId/OpenId/Provider/IProviderBehavior.cs
index 1f3fab1..d7ec647 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/Provider/IProviderBehavior.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/Provider/IProviderBehavior.cs
@@ -30,6 +30,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Called when a request is received by the Provider.
 		/// </summary>
 		/// <param name="request">The incoming request.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// <c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
@@ -45,6 +46,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Called when the Provider is preparing to send a response to an authentication request.
 		/// </summary>
 		/// <param name="request">The request that is configured to generate the outgoing response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// <c>true</c> if this behavior owns this request and wants to stop other behaviors
 		/// from handling it; <c>false</c> to allow other behaviors to process this request.
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Realm.cs b/src/DotNetOpenAuth.OpenId/OpenId/Realm.cs
index eaf8088..8628160 100644
--- a/src/DotNetOpenAuth.OpenId/OpenId/Realm.cs
+++ b/src/DotNetOpenAuth.OpenId/OpenId/Realm.cs
@@ -438,10 +438,12 @@ namespace DotNetOpenAuth.OpenId {
 		/// <summary>
 		/// Searches for an XRDS document at the realm URL.
 		/// </summary>
-		/// <param name="requestHandler">The mechanism to use for sending HTTP requests.</param>
+		/// <param name="hostFactories">The host factories.</param>
 		/// <param name="allowRedirects">Whether redirects may be followed when discovering the Realm.
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// This may be true when creating an unsolicited assertion, but must be
 		/// false when performing return URL verification per 2.0 spec section 9.2.1.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The XRDS document if found; or <c>null</c> if no service document was discovered.
 		/// </returns>
diff --git a/src/DotNetOpenAuth.OpenId/Yadis/DiscoveryResult.cs b/src/DotNetOpenAuth.OpenId/Yadis/DiscoveryResult.cs
index 64f7b66..c993acd 100644
--- a/src/DotNetOpenAuth.OpenId/Yadis/DiscoveryResult.cs
+++ b/src/DotNetOpenAuth.OpenId/Yadis/DiscoveryResult.cs
@@ -28,11 +28,8 @@ namespace DotNetOpenAuth.Yadis {
 		private HttpResponseMessage htmlFallback;
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="DiscoveryResult"/> class.
+		/// Initializes a new instance of the <see cref="DiscoveryResult" /> class.
 		/// </summary>
-		/// <param name="requestUri">The user-supplied identifier.</param>
-		/// <param name="initialResponse">The initial response.</param>
-		/// <param name="finalResponse">The final response.</param>
 		private DiscoveryResult() {
 		}
 
@@ -73,9 +70,7 @@ namespace DotNetOpenAuth.Yadis {
 		/// </summary>
 		public bool IsXrds { get; private set; }
 
-		internal static async Task<DiscoveryResult> CreateAsync(
-			Uri requestUri, HttpResponseMessage initialResponse, HttpResponseMessage finalResponse) {
-
+		internal static async Task<DiscoveryResult> CreateAsync(Uri requestUri, HttpResponseMessage initialResponse, HttpResponseMessage finalResponse) {
 			var result = new DiscoveryResult();
 			result.RequestUri = requestUri;
 			result.NormalizedUri = initialResponse.RequestMessage.RequestUri;
diff --git a/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs b/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs
index f0d5402..ea14b30 100644
--- a/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs
+++ b/src/DotNetOpenAuth.OpenId/Yadis/Yadis.cs
@@ -6,7 +6,9 @@
 
 namespace DotNetOpenAuth.Yadis {
 	using System;
+	using System.Collections.Generic;
 	using System.IO;
+	using System.Linq;
 	using System.Net;
 	using System.Net.Cache;
 	using System.Net.Http;
@@ -21,9 +23,6 @@ namespace DotNetOpenAuth.Yadis {
 	using DotNetOpenAuth.Xrds;
 	using Validation;
 
-	using System.Linq;
-	using System.Collections.Generic;
-
 	/// <summary>
 	/// YADIS discovery manager.
 	/// </summary>
@@ -51,13 +50,14 @@ namespace DotNetOpenAuth.Yadis {
 		/// <summary>
 		/// Performs YADIS discovery on some identifier.
 		/// </summary>
-		/// <param name="requestHandler">The mechanism to use for sending HTTP requests.</param>
+		/// <param name="hostFactories">The host factories.</param>
 		/// <param name="uri">The URI to perform discovery on.</param>
 		/// <param name="requireSsl">Whether discovery should fail if any step of it is not encrypted.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The result of discovery on the given URL.
 		/// Null may be returned if an error occurs,
-		/// or if <paramref name="requireSsl"/> is true but part of discovery
+		/// or if <paramref name="requireSsl" /> is true but part of discovery
 		/// is not protected by SSL.
 		/// </returns>
 		public static async Task<DiscoveryResult> DiscoverAsync(IHostFactories hostFactories, UriIdentifier uri, bool requireSsl, CancellationToken cancellationToken) {
diff --git a/src/DotNetOpenAuth.OpenIdOAuth/OAuth/WebConsumerOpenIdRelyingParty.cs b/src/DotNetOpenAuth.OpenIdOAuth/OAuth/WebConsumerOpenIdRelyingParty.cs
index 97ee9ab..a19d505 100644
--- a/src/DotNetOpenAuth.OpenIdOAuth/OAuth/WebConsumerOpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth.OpenIdOAuth/OAuth/WebConsumerOpenIdRelyingParty.cs
@@ -56,12 +56,13 @@ namespace DotNetOpenAuth.OAuth {
 		/// Processes an incoming authorization-granted message from an SP and obtains an access token.
 		/// </summary>
 		/// <param name="openIdAuthenticationResponse">The OpenID authentication response that may be carrying an authorized request token.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>
 		/// The access token, or null if OAuth authorization was denied by the user or service provider.
 		/// </returns>
 		/// <remarks>
-		/// The access token, if granted, is automatically stored in the <see cref="ConsumerBase.TokenManager"/>.
-		/// The token manager instance must implement <see cref="IOpenIdOAuthTokenManager"/>.
+		/// The access token, if granted, is automatically stored in the <see cref="ConsumerBase.TokenManager" />.
+		/// The token manager instance must implement <see cref="IOpenIdOAuthTokenManager" />.
 		/// </remarks>
 		public async Task<AuthorizedTokenResponse> ProcessUserAuthorizationAsync(IAuthenticationResponse openIdAuthenticationResponse, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(openIdAuthenticationResponse, "openIdAuthenticationResponse");
author	Andrew Arnott <andrewarnott@gmail.com>	2013-02-10 21:31:06 -0800
committer	Andrew Arnott <andrewarnott@gmail.com>	2013-02-10 21:31:06 -0800
commit	938a79f28b0fb5718cc58f8f20be5d4207bc189f (patch)
tree	46ba83af2172889824c42e1ef452d8cfd2789b16
parent	8d530aa91c05b14be12c5b1177f39eb5f62c669e (diff)
download	DotNetOpenAuth-938a79f28b0fb5718cc58f8f20be5d4207bc189f.zip DotNetOpenAuth-938a79f28b0fb5718cc58f8f20be5d4207bc189f.tar.gz DotNetOpenAuth-938a79f28b0fb5718cc58f8f20be5d4207bc189f.tar.bz2