Added XSRF protection to login page, and fixed display of error messages.

author: Andrew Arnott <andrewarnott@gmail.com> 2009-12-28 21:22:38 -0800
committer: Andrew Arnott <andrewarnott@gmail.com> 2009-12-28 21:33:08 -0800
commit: 0dae9278469fa1511df1d73ffa6d03d92fad0973 (patch)
tree: 24b250187ab7ed31129230758fabc0c39cf226ec /projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
parent: 8413c06c044b4e2eac954cc8f3a78cf0df63dd42 (diff)
download: DotNetOpenAuth-0dae9278469fa1511df1d73ffa6d03d92fad0973.zip
DotNetOpenAuth-0dae9278469fa1511df1d73ffa6d03d92fad0973.tar.gz
DotNetOpenAuth-0dae9278469fa1511df1d73ffa6d03d92fad0973.tar.bz2
1 files changed, 3 insertions, 3 deletions
diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
index c07b554..312c99f 100644
--- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
+++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
@@ -49,7 +49,7 @@
 			return View();
 		}
 
-		[AcceptVerbs(HttpVerbs.Post)]
+		[AcceptVerbs(HttpVerbs.Post), ValidateAntiForgeryToken]
 		public ActionResult LogOn(string openid_identifier, bool rememberMe, string returnUrl) {
 			try {
 				var request = relyingParty.CreateRequest(openid_identifier, this.Realm, this.ReturnTo);
@@ -71,7 +71,7 @@
 
 				return request.RedirectingResponse.AsActionResult();
 			} catch (ProtocolException ex) {
-				ModelState.AddModelError("OpenID", ex);
+				ModelState.AddModelError("OpenID", ex.Message);
 				return View();
 			}
 		}
@@ -95,7 +95,7 @@
 						ModelState.AddModelError("OpenID", "It looks like you canceled login at your OpenID Provider.");
 						break;
 					case AuthenticationStatus.Failed:
-						ModelState.AddModelError("OpenID", response.Exception);
+						ModelState.AddModelError("OpenID", response.Exception.Message);
 						break;
 				}
 			}
author	Andrew Arnott <andrewarnott@gmail.com>	2009-12-28 21:22:38 -0800
committer	Andrew Arnott <andrewarnott@gmail.com>	2009-12-28 21:33:08 -0800
commit	0dae9278469fa1511df1d73ffa6d03d92fad0973 (patch)
tree	24b250187ab7ed31129230758fabc0c39cf226ec /projecttemplates/MvcRelyingParty/Controllers/AccountController.cs
parent	8413c06c044b4e2eac954cc8f3a78cf0df63dd42 (diff)
download	DotNetOpenAuth-0dae9278469fa1511df1d73ffa6d03d92fad0973.zip DotNetOpenAuth-0dae9278469fa1511df1d73ffa6d03d92fad0973.tar.gz DotNetOpenAuth-0dae9278469fa1511df1d73ffa6d03d92fad0973.tar.bz2