Merge branch 'v3.0' into v3.1

7 files changed, 24 insertions, 57 deletions

diff --git a/samples/OpenIdProviderMvc/Views/Shared/Site.Master b/samples/OpenIdProviderMvc/Views/Shared/Site.Master
index 073908e..49f6a7f 100644
--- a/samples/OpenIdProviderMvc/Views/Shared/Site.Master
+++ b/samples/OpenIdProviderMvc/Views/Shared/Site.Master
@@ -2,11 +2,11 @@
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-<head runat="server">
+<head>
 	<title>
 		<asp:ContentPlaceHolder ID="TitleContent" runat="server" />
 	</title>
-	<link href="../../Content/Site.css" rel="stylesheet" type="text/css" />
+	<link href='<%= Url.Content("~/Content/Site.css") %>' rel="stylesheet" type="text/css" />
 	<asp:ContentPlaceHolder ID="HeadContent" runat="server" />
 </head>
 <body>
diff --git a/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs b/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs
index fd22389..b3698bb 100644
--- a/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs
+++ b/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs
@@ -14,7 +14,7 @@
 
 		public ActionResult Index() {
 			if (!User.Identity.IsAuthenticated) {
-				Response.Redirect("/User/Login?ReturnUrl=Index");
+				Response.Redirect("~/User/Login?ReturnUrl=Index");
 			}
 
 			return View("Index");
@@ -26,7 +26,7 @@
 
 		public ActionResult Logout() {
 			FormsAuthentication.SignOut();
-			return Redirect("/Home");
+			return Redirect("~/Home");
 		}
 
 		public ActionResult Login() {
diff --git a/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master b/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master
index 1e79171..35c101d 100644
--- a/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master
+++ b/samples/OpenIdRelyingPartyMvc/Views/Shared/Site.Master
@@ -2,10 +2,10 @@
 
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
-<head runat="server">
+<head>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 	<title>DotNetOpenAuth ASP.NET MVC Login sample</title>
-	<link href="../../Content/Site.css" rel="stylesheet" type="text/css" />
+	<link href='<%= Url.Content("~/Content/Site.css") %>' rel="stylesheet" type="text/css" />
 	<asp:ContentPlaceHolder ID="HeadContentPlaceHolder" runat="server" />
 </head>
 <body>
diff --git a/samples/OpenIdRelyingPartyMvc/Views/User/LoginPopup.aspx b/samples/OpenIdRelyingPartyMvc/Views/User/LoginPopup.aspx
index e7bc18a..2f4b276 100644
--- a/samples/OpenIdRelyingPartyMvc/Views/User/LoginPopup.aspx
+++ b/samples/OpenIdRelyingPartyMvc/Views/User/LoginPopup.aspx
@@ -7,10 +7,10 @@
 <head>
 	<title>OpenID login demo</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-	<link type="text/css" href="../../Content/theme/ui.all.css" rel="Stylesheet" />
-	<link type="text/css" href="../../Content/css/openidlogin.css" rel="stylesheet" />
-	<script type="text/javascript" src="../../Content/scripts/jquery-1.3.1.js"></script>
-	<script type="text/javascript" src="../../Content/scripts/jquery-ui-personalized-1.6rc6.js"></script>
+	<link type="text/css" href='<%= Url.Content("~/Content/theme/ui.all.css") %>' rel="Stylesheet" />
+	<link type="text/css" href='<%= Url.Content("~/Content/css/openidlogin.css") %>' rel="stylesheet" />
+	<script type="text/javascript" src='<%= Url.Content("~/Content/scripts/jquery-1.3.1.js") %>'></script>
+	<script type="text/javascript" src='<%= Url.Content("~/Content/scripts/jquery-ui-personalized-1.6rc6.js") %>'></script>
 	<script>
 	$(function() {
 		$('#openidlogin').dialog({
@@ -171,10 +171,10 @@
 <div id="openidlogin" class="ui-widget-content">
 	<p>Log in with an account you already use:</p>
 	<div class="large buttons">
-		<div class="provider" onclick="document.selectProvider(this, 'https://www.google.com/accounts/o8/id')"><div><img src="../../Content/images/google.gif"/></div></div>
-		<div class="provider" onclick="document.selectProvider(this, 'https://me.yahoo.com/')"><div><img src="../../Content/images/yahoo.gif"/></div></div>
-		<div class="provider" onclick="document.selectProvider(this, 'http://openid.aol.com/{username}')"><div><img src="../../Content/images/aol.gif"/></div></div>
-		<div class="provider" onclick="document.selectProvider(this, '')"><div><img src="../../Content/images/openid.gif"/></div></div>
+		<div class="provider" onclick="document.selectProvider(this, 'https://www.google.com/accounts/o8/id')"><div><img src='<%= Url.Content("~/Content/images/google.gif") %>'/></div></div>
+		<div class="provider" onclick="document.selectProvider(this, 'https://me.yahoo.com/')"><div><img src='<%= Url.Content("~/Content/images/yahoo.gif") %>'/></div></div>
+		<div class="provider" onclick="document.selectProvider(this, 'http://openid.aol.com/{username}')"><div><img src='<%= Url.Content("~/Content/images/aol.gif") %>'/></div></div>
+		<div class="provider" onclick="document.selectProvider(this, '')"><div><img src='<%= Url.Content("~/Content/images/openid.gif") %>'/></div></div>
 	</div>
 	<div class="small buttons">
 		<div class="provider" onclick="document.selectProvider(this, 'http://www.flickr.com/photos/{username}')"><div><img src="http://flickr.com/favicon.ico"/></div></div>
diff --git a/samples/OpenIdRelyingPartyMvc/Web.config b/samples/OpenIdRelyingPartyMvc/Web.config
index bb9f8e1..20441eb 100644
--- a/samples/OpenIdRelyingPartyMvc/Web.config
+++ b/samples/OpenIdRelyingPartyMvc/Web.config
@@ -86,7 +86,7 @@
 			ASP.NET to identify an incoming user. 
 		-->
 		<authentication mode="Forms">
-			<forms defaultUrl="/Home" loginUrl="/User/Login" name="OpenIdRelyingPartyMvcSession"/>
+			<forms defaultUrl="~/Home" loginUrl="~/User/Login" name="OpenIdRelyingPartyMvcSession"/>
 			<!-- named cookie prevents conflicts with other samples -->
 		</authentication>
 		<!--
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs
index 85c0096..8ed63f5 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/AssociationManager.cs
@@ -9,6 +9,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 	using System.Collections.Generic;
 	using System.Linq;
 	using System.Net;
+	using System.Security;
 	using System.Text;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId.ChannelElements;
@@ -221,6 +222,14 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 				// the exception so that auth may continue in dumb mode.
 				Logger.OpenId.ErrorFormat("An error occurred while trying to create an association with {0}.  {1}", provider.Endpoint, ex);
 				return null;
+			} catch (VerificationException ex) {
+				// See Trac ticket #163.  In partial trust host environments, the
+				// Diffie-Hellman implementation we're using for HTTP OP endpoints
+				// sometimes causes the CLR to throw:
+				// "VerificationException: Operation could destabilize the runtime."
+				// Just give up and use dumb mode in this case.
+				Logger.OpenId.ErrorFormat("VerificationException occurred while trying to create an association with {0}.  {1}", provider.Endpoint, ex);
+				return null;
 			}
 		}
 	}
diff --git a/src/DotNetOpenAuth/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth/Properties/AssemblyInfo.cs
index 69d4dc4..0ffd104 100644
--- a/src/DotNetOpenAuth/Properties/AssemblyInfo.cs
+++ b/src/DotNetOpenAuth/Properties/AssemblyInfo.cs
@@ -4,18 +4,6 @@
 // </copyright>
 //-----------------------------------------------------------------------
 
-// Uncomment this line to build a partially trusted assembly.
-// This has some security bonuses in that if there was a way to
-// hijack this assembly to do something it is not designed to do,
-// it will fail before doing much damage.
-// But a partially trusted assembly's events, handled by the hosting
-// web site, will also be under the partial trust restriction.
-// Also note that http://support.microsoft.com/kb/839300 states a 
-// strong-name signed assembly must use AllowPartiallyTrustedCallers 
-// to be called from a web page, but defining PARTIAL_TRUST below also
-// accomplishes this.
-////#define PARTIAL_TRUST
-
 // We DON'T put an AssemblyVersionAttribute in here because it is generated in the build.
 
 using System;
@@ -69,33 +57,3 @@ using System.Web.UI;
 #else
 [assembly: InternalsVisibleTo("DotNetOpenAuth.Test")]
 #endif
-
-// Specify what permissions are required and optional for the assembly.
-// In order for CAS to remove unnecessary privileges from this assembly (which is desirable
-// for security), we need at least one RequestMinimum and at least one RequestOptional.
-// These permissions were determined using PermCalc.exe
-
-// We need to be allowed to execute code.  Besides, it gives a good baseline RequestMinimum permission.
-[assembly: SecurityPermission(SecurityAction.RequestMinimum, Execution = true)]
-
-// Allows the consumer to call out to the web server.  This is unnecessary in provider-only scenarios.
-// Note: we don't use a single demand for https?://.* because the regex pattern must exactly
-// match the one used by hosting providers.  Listing them individually seems to be more common.
-[assembly: WebPermission(SecurityAction.RequestMinimum, ConnectPattern = @"http://.*")]
-[assembly: WebPermission(SecurityAction.RequestMinimum, ConnectPattern = @"https://.*")]
-
-#if PARTIAL_TRUST
-// Allows hosting this assembly in an ASP.NET setting.  Not all applications
-// will host this using ASP.NET, so this is optional.  Besides, we need at least
-// one optional permission to activate CAS permission shrinking.
-[assembly: AspNetHostingPermission(SecurityAction.RequestOptional, Level = AspNetHostingPermissionLevel.Medium)]
-
-// The following are only required for diagnostic logging (Trace.Write, Debug.Assert, etc.).
-#if TRACE || DEBUG
-[assembly: KeyContainerPermission(SecurityAction.RequestOptional, Unrestricted = true)]
-[assembly: ReflectionPermission(SecurityAction.RequestOptional, MemberAccess = true)]
-[assembly: RegistryPermission(SecurityAction.RequestOptional, Unrestricted = true)]
-[assembly: SecurityPermission(SecurityAction.RequestOptional, ControlEvidence = true, UnmanagedCode = true, ControlThread = true)]
-[assembly: FileIOPermission(SecurityAction.RequestOptional, AllFiles = FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read)]
-#endif
-#endif