diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2011-07-25 17:03:47 -0600 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2011-07-25 17:03:47 -0600 |
| commit | d416ff734cea0ed41c275e904a0a09834cc3f079 (patch) | |
| tree | 8e0f04bcabc84f3ecc4f21617da3f5778c4ec789 /src/DotNetOpenAuth.OpenId.RelyingParty | |
| parent | 67689b08f76546b25d4c4bcc68e179d3b02890fc (diff) | |
| download | DotNetOpenAuth-d416ff734cea0ed41c275e904a0a09834cc3f079.zip DotNetOpenAuth-d416ff734cea0ed41c275e904a0a09834cc3f079.tar.gz DotNetOpenAuth-d416ff734cea0ed41c275e904a0a09834cc3f079.tar.bz2 | |
OpenID RP and OP projects build now.
Diffstat (limited to 'src/DotNetOpenAuth.OpenId.RelyingParty')
15 files changed, 62 insertions, 1960 deletions
diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/Configuration/OpenIdRelyingPartyElement.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/Configuration/OpenIdRelyingPartyElement.cs deleted file mode 100644 index c80141a..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/Configuration/OpenIdRelyingPartyElement.cs +++ /dev/null @@ -1,120 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OpenIdRelyingPartyElement.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.Configuration { - using System; - using System.Configuration; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.OpenId; - using DotNetOpenAuth.OpenId.RelyingParty; - - /// <summary> - /// The section in the .config file that allows customization of OpenID Relying Party behaviors. - /// </summary> - [ContractVerification(true)] - internal class OpenIdRelyingPartyElement : ConfigurationElement { - /// <summary> - /// The name of the custom store sub-element. - /// </summary> - private const string StoreConfigName = "store"; - - /// <summary> - /// The name of the <relyingParty> sub-element. - /// </summary> - private const string RelyingPartyElementName = "relyingParty"; - - /// <summary> - /// The name of the attribute that specifies whether dnoa.userSuppliedIdentifier is tacked onto the openid.return_to URL. - /// </summary> - private const string PreserveUserSuppliedIdentifierConfigName = "preserveUserSuppliedIdentifier"; - - /// <summary> - /// Gets the name of the security sub-element. - /// </summary> - private const string SecuritySettingsConfigName = "security"; - - /// <summary> - /// The name of the <behaviors> sub-element. - /// </summary> - private const string BehaviorsElementName = "behaviors"; - - /// <summary> - /// The name of the <discoveryServices> sub-element. - /// </summary> - private const string DiscoveryServicesElementName = "discoveryServices"; - - /// <summary> - /// The built-in set of identifier discovery services. - /// </summary> - private static readonly TypeConfigurationCollection<IIdentifierDiscoveryService> defaultDiscoveryServices = new TypeConfigurationCollection<IIdentifierDiscoveryService>(new Type[] { typeof(UriDiscoveryService), typeof(XriDiscoveryProxyService) }); - - /// <summary> - /// Initializes a new instance of the <see cref="OpenIdRelyingPartyElement"/> class. - /// </summary> - public OpenIdRelyingPartyElement() { - } - - /// <summary> - /// Gets or sets a value indicating whether "dnoa.userSuppliedIdentifier" is tacked onto the openid.return_to URL in order to preserve what the user typed into the OpenID box. - /// </summary> - /// <value> - /// The default value is <c>true</c>. - /// </value> - [ConfigurationProperty(PreserveUserSuppliedIdentifierConfigName, DefaultValue = true)] - public bool PreserveUserSuppliedIdentifier { - get { return (bool)this[PreserveUserSuppliedIdentifierConfigName]; } - set { this[PreserveUserSuppliedIdentifierConfigName] = value; } - } - - /// <summary> - /// Gets or sets the security settings. - /// </summary> - [ConfigurationProperty(SecuritySettingsConfigName)] - public OpenIdRelyingPartySecuritySettingsElement SecuritySettings { - get { return (OpenIdRelyingPartySecuritySettingsElement)this[SecuritySettingsConfigName] ?? new OpenIdRelyingPartySecuritySettingsElement(); } - set { this[SecuritySettingsConfigName] = value; } - } - - /// <summary> - /// Gets or sets the special behaviors to apply. - /// </summary> - [ConfigurationProperty(BehaviorsElementName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(TypeConfigurationCollection<IRelyingPartyBehavior>))] - public TypeConfigurationCollection<IRelyingPartyBehavior> Behaviors { - get { return (TypeConfigurationCollection<IRelyingPartyBehavior>)this[BehaviorsElementName] ?? new TypeConfigurationCollection<IRelyingPartyBehavior>(); } - set { this[BehaviorsElementName] = value; } - } - - /// <summary> - /// Gets or sets the type to use for storing application state. - /// </summary> - [ConfigurationProperty(StoreConfigName)] - public TypeConfigurationElement<IOpenIdApplicationStore> ApplicationStore { - get { return (TypeConfigurationElement<IOpenIdApplicationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IOpenIdApplicationStore>(); } - set { this[StoreConfigName] = value; } - } - - /// <summary> - /// Gets or sets the services to use for discovering service endpoints for identifiers. - /// </summary> - /// <remarks> - /// If no discovery services are defined in the (web) application's .config file, - /// the default set of discovery services built into the library are used. - /// </remarks> - [ConfigurationProperty(DiscoveryServicesElementName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(TypeConfigurationCollection<IIdentifierDiscoveryService>))] - internal TypeConfigurationCollection<IIdentifierDiscoveryService> DiscoveryServices { - get { - var configResult = (TypeConfigurationCollection<IIdentifierDiscoveryService>)this[DiscoveryServicesElementName]; - return configResult != null && configResult.Count > 0 ? configResult : defaultDiscoveryServices; - } - - set { - this[DiscoveryServicesElementName] = value; - } - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs deleted file mode 100644 index 225b1e7..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs +++ /dev/null @@ -1,266 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OpenIdRelyingPartySecuritySettingsElement.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.Configuration { - using System; - using System.Configuration; - using System.Diagnostics.Contracts; - using DotNetOpenAuth.OpenId; - using DotNetOpenAuth.OpenId.RelyingParty; - - /// <summary> - /// Represents the .config file element that allows for setting the security policies of the Relying Party. - /// </summary> - internal class OpenIdRelyingPartySecuritySettingsElement : ConfigurationElement { - /// <summary> - /// Gets the name of the @minimumRequiredOpenIdVersion attribute. - /// </summary> - private const string MinimumRequiredOpenIdVersionConfigName = "minimumRequiredOpenIdVersion"; - - /// <summary> - /// Gets the name of the @minimumHashBitLength attribute. - /// </summary> - private const string MinimumHashBitLengthConfigName = "minimumHashBitLength"; - - /// <summary> - /// Gets the name of the @maximumHashBitLength attribute. - /// </summary> - private const string MaximumHashBitLengthConfigName = "maximumHashBitLength"; - - /// <summary> - /// Gets the name of the @requireSsl attribute. - /// </summary> - private const string RequireSslConfigName = "requireSsl"; - - /// <summary> - /// Gets the name of the @requireDirectedIdentity attribute. - /// </summary> - private const string RequireDirectedIdentityConfigName = "requireDirectedIdentity"; - - /// <summary> - /// Gets the name of the @requireAssociation attribute. - /// </summary> - private const string RequireAssociationConfigName = "requireAssociation"; - - /// <summary> - /// Gets the name of the @rejectUnsolicitedAssertions attribute. - /// </summary> - private const string RejectUnsolicitedAssertionsConfigName = "rejectUnsolicitedAssertions"; - - /// <summary> - /// Gets the name of the @rejectDelegatedIdentifiers attribute. - /// </summary> - private const string RejectDelegatingIdentifiersConfigName = "rejectDelegatingIdentifiers"; - - /// <summary> - /// Gets the name of the @ignoreUnsignedExtensions attribute. - /// </summary> - private const string IgnoreUnsignedExtensionsConfigName = "ignoreUnsignedExtensions"; - - /// <summary> - /// Gets the name of the @allowDualPurposeIdentifiers attribute. - /// </summary> - private const string AllowDualPurposeIdentifiersConfigName = "allowDualPurposeIdentifiers"; - - /// <summary> - /// Gets the name of the @allowApproximateIdentifierDiscovery attribute. - /// </summary> - private const string AllowApproximateIdentifierDiscoveryConfigName = "allowApproximateIdentifierDiscovery"; - - /// <summary> - /// Gets the name of the @protectDownlevelReplayAttacks attribute. - /// </summary> - private const string ProtectDownlevelReplayAttacksConfigName = "protectDownlevelReplayAttacks"; - - /// <summary> - /// The name of the <trustedProviders> sub-element. - /// </summary> - private const string TrustedProvidersElementName = "trustedProviders"; - - /// <summary> - /// Initializes a new instance of the <see cref="OpenIdRelyingPartySecuritySettingsElement"/> class. - /// </summary> - public OpenIdRelyingPartySecuritySettingsElement() { - } - - /// <summary> - /// Gets or sets a value indicating whether all discovery and authentication should require SSL security. - /// </summary> - [ConfigurationProperty(RequireSslConfigName, DefaultValue = false)] - public bool RequireSsl { - get { return (bool)this[RequireSslConfigName]; } - set { this[RequireSslConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether only OP Identifiers will be discoverable - /// when creating authentication requests. - /// </summary> - [ConfigurationProperty(RequireDirectedIdentityConfigName, DefaultValue = false)] - public bool RequireDirectedIdentity { - get { return (bool)this[RequireDirectedIdentityConfigName]; } - set { this[RequireDirectedIdentityConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether authentication requests - /// will only be created where an association with the Provider can be established. - /// </summary> - [ConfigurationProperty(RequireAssociationConfigName, DefaultValue = false)] - public bool RequireAssociation { - get { return (bool)this[RequireAssociationConfigName]; } - set { this[RequireAssociationConfigName] = value; } - } - - /// <summary> - /// Gets or sets the minimum OpenID version a Provider is required to support in order for this library to interoperate with it. - /// </summary> - /// <remarks> - /// Although the earliest versions of OpenID are supported, for security reasons it may be desirable to require the - /// remote party to support a later version of OpenID. - /// </remarks> - [ConfigurationProperty(MinimumRequiredOpenIdVersionConfigName, DefaultValue = "V10")] - public ProtocolVersion MinimumRequiredOpenIdVersion { - get { return (ProtocolVersion)this[MinimumRequiredOpenIdVersionConfigName]; } - set { this[MinimumRequiredOpenIdVersionConfigName] = value; } - } - - /// <summary> - /// Gets or sets the minimum length of the hash that protects the protocol from hijackers. - /// </summary> - [ConfigurationProperty(MinimumHashBitLengthConfigName, DefaultValue = SecuritySettings.MinimumHashBitLengthDefault)] - public int MinimumHashBitLength { - get { return (int)this[MinimumHashBitLengthConfigName]; } - set { this[MinimumHashBitLengthConfigName] = value; } - } - - /// <summary> - /// Gets or sets the maximum length of the hash that protects the protocol from hijackers. - /// </summary> - [ConfigurationProperty(MaximumHashBitLengthConfigName, DefaultValue = SecuritySettings.MaximumHashBitLengthRPDefault)] - public int MaximumHashBitLength { - get { return (int)this[MaximumHashBitLengthConfigName]; } - set { this[MaximumHashBitLengthConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether all unsolicited assertions should be ignored. - /// </summary> - /// <value>The default value is <c>false</c>.</value> - [ConfigurationProperty(RejectUnsolicitedAssertionsConfigName, DefaultValue = false)] - public bool RejectUnsolicitedAssertions { - get { return (bool)this[RejectUnsolicitedAssertionsConfigName]; } - set { this[RejectUnsolicitedAssertionsConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether delegating identifiers are refused for authentication. - /// </summary> - /// <value>The default value is <c>false</c>.</value> - /// <remarks> - /// When set to <c>true</c>, login attempts that start at the RP or arrive via unsolicited - /// assertions will be rejected if discovery on the identifier shows that OpenID delegation - /// is used for the identifier. This is useful for an RP that should only accept identifiers - /// directly issued by the Provider that is sending the assertion. - /// </remarks> - [ConfigurationProperty(RejectDelegatingIdentifiersConfigName, DefaultValue = false)] - public bool RejectDelegatingIdentifiers { - get { return (bool)this[RejectDelegatingIdentifiersConfigName]; } - set { this[RejectDelegatingIdentifiersConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether unsigned extensions in authentication responses should be ignored. - /// </summary> - /// <value>The default value is <c>false</c>.</value> - /// <remarks> - /// When set to true, the <see cref="IAuthenticationResponse.GetUntrustedExtension"/> methods - /// will not return any extension that was not signed by the Provider. - /// </remarks> - [ConfigurationProperty(IgnoreUnsignedExtensionsConfigName, DefaultValue = false)] - public bool IgnoreUnsignedExtensions { - get { return (bool)this[IgnoreUnsignedExtensionsConfigName]; } - set { this[IgnoreUnsignedExtensionsConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers - /// should ever be recognized as claimed identifiers. - /// </summary> - /// <value> - /// The default value is <c>false</c>, per the OpenID 2.0 spec. - /// </value> - [ConfigurationProperty(AllowDualPurposeIdentifiersConfigName, DefaultValue = false)] - public bool AllowDualPurposeIdentifiers { - get { return (bool)this[AllowDualPurposeIdentifiersConfigName]; } - set { this[AllowDualPurposeIdentifiersConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether certain Claimed Identifiers that exploit - /// features that .NET does not have the ability to send exact HTTP requests for will - /// still be allowed by using an approximate HTTP request. - /// </summary> - /// <value> - /// The default value is <c>true</c>. - /// </value> - [ConfigurationProperty(AllowApproximateIdentifierDiscoveryConfigName, DefaultValue = true)] - public bool AllowApproximateIdentifierDiscovery { - get { return (bool)this[AllowApproximateIdentifierDiscoveryConfigName]; } - set { this[AllowApproximateIdentifierDiscoveryConfigName] = value; } - } - - /// <summary> - /// Gets or sets a value indicating whether the Relying Party should take special care - /// to protect users against replay attacks when interoperating with OpenID 1.1 Providers. - /// </summary> - [ConfigurationProperty(ProtectDownlevelReplayAttacksConfigName, DefaultValue = RelyingPartySecuritySettings.ProtectDownlevelReplayAttacksDefault)] - public bool ProtectDownlevelReplayAttacks { - get { return (bool)this[ProtectDownlevelReplayAttacksConfigName]; } - set { this[ProtectDownlevelReplayAttacksConfigName] = value; } - } - - /// <summary> - /// Gets or sets the set of trusted OpenID Provider Endpoints. - /// </summary> - [ConfigurationProperty(TrustedProvidersElementName, IsDefaultCollection = false)] - [ConfigurationCollection(typeof(TrustedProviderConfigurationCollection))] - public TrustedProviderConfigurationCollection TrustedProviders { - get { return (TrustedProviderConfigurationCollection)this[TrustedProvidersElementName] ?? new TrustedProviderConfigurationCollection(); } - set { this[TrustedProvidersElementName] = value; } - } - - /// <summary> - /// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file. - /// </summary> - /// <returns>The newly created security settings object.</returns> - public RelyingPartySecuritySettings CreateSecuritySettings() { - Contract.Ensures(Contract.Result<RelyingPartySecuritySettings>() != null); - - RelyingPartySecuritySettings settings = new RelyingPartySecuritySettings(); - settings.RequireSsl = this.RequireSsl; - settings.RequireDirectedIdentity = this.RequireDirectedIdentity; - settings.RequireAssociation = this.RequireAssociation; - settings.MinimumRequiredOpenIdVersion = this.MinimumRequiredOpenIdVersion; - settings.MinimumHashBitLength = this.MinimumHashBitLength; - settings.MaximumHashBitLength = this.MaximumHashBitLength; - settings.PrivateSecretMaximumAge = DotNetOpenAuthSection.Messaging.PrivateSecretMaximumAge; - settings.RejectUnsolicitedAssertions = this.RejectUnsolicitedAssertions; - settings.RejectDelegatingIdentifiers = this.RejectDelegatingIdentifiers; - settings.IgnoreUnsignedExtensions = this.IgnoreUnsignedExtensions; - settings.AllowDualPurposeIdentifiers = this.AllowDualPurposeIdentifiers; - settings.AllowApproximateIdentifierDiscovery = this.AllowApproximateIdentifierDiscovery; - settings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks; - - settings.RejectAssertionsFromUntrustedProviders = this.TrustedProviders.RejectAssertionsFromUntrustedProviders; - foreach (TrustedProviderEndpointConfigurationElement opEndpoint in this.TrustedProviders) { - settings.TrustedProviderEndpoints.Add(opEndpoint.ProviderEndpoint); - } - - return settings; - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/DotNetOpenAuth.OpenId.RelyingParty.csproj b/src/DotNetOpenAuth.OpenId.RelyingParty/DotNetOpenAuth.OpenId.RelyingParty.csproj index aa6423f..c9158ba 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/DotNetOpenAuth.OpenId.RelyingParty.csproj +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/DotNetOpenAuth.OpenId.RelyingParty.csproj @@ -21,8 +21,6 @@ </PropertyGroup> <ItemGroup> <Compile Include="ComponentModel\IdentifierConverter.cs" /> - <Compile Include="Configuration\OpenIdRelyingPartyElement.cs" /> - <Compile Include="Configuration\OpenIdRelyingPartySecuritySettingsElement.cs" /> <Compile Include="OpenId\Behaviors\AXFetchAsSregTransform.cs" /> <Compile Include="OpenId\Behaviors\GsaIcamRelyingPartyProfile.cs" /> <Compile Include="OpenId\ChannelElements\ExtensionsBindingElementRelyingParty.cs" /> @@ -43,7 +41,6 @@ <Compile Include="OpenId\Messages\AssociateUnencryptedResponseRelyingParty.cs" /> <Compile Include="OpenId\Mvc\OpenIdAjaxOptions.cs" /> <Compile Include="OpenId\Mvc\OpenIdHelper.cs" /> - <Compile Include="OpenId\OpenIdXrdsHelper.cs" /> <Compile Include="OpenId\RelyingParty\CryptoKeyStoreAsRelyingPartyAssociationStore.cs" /> <Compile Include="OpenId\RelyingParty\IRelyingPartyAssociationStore.cs" /> <Compile Include="OpenId\RelyingParty\Associations.cs" /> @@ -51,8 +48,6 @@ <Compile Include="OpenId\RelyingParty\AssociationPreference.cs" /> <Compile Include="OpenId\RelyingParty\AuthenticationRequest.cs" /> <Compile Include="OpenId\RelyingParty\DuplicateRequestedHostsComparer.cs" /> - <Compile Include="OpenId\RelyingParty\IRelyingPartyBehavior.cs" /> - <Compile Include="OpenId\RelyingParty\IAuthenticationRequestContract.cs" /> <Compile Include="OpenId\RelyingParty\NegativeAuthenticationResponse.cs" /> <Compile Include="OpenId\RelyingParty\OpenIdAjaxRelyingParty.cs" /> <Compile Include="OpenId\RelyingParty\OpenIdAjaxTextBox.cs" /> @@ -67,14 +62,10 @@ <Compile Include="OpenId\RelyingParty\PopupBehavior.cs" /> <Compile Include="OpenId\RelyingParty\PositiveAnonymousResponse.cs" /> <Compile Include="OpenId\RelyingParty\PositiveAuthenticationResponse.cs" /> - <Compile Include="OpenId\RelyingParty\AuthenticationStatus.cs" /> <Compile Include="OpenId\RelyingParty\FailedAuthenticationResponse.cs" /> - <Compile Include="OpenId\RelyingParty\IAuthenticationRequest.cs" /> - <Compile Include="OpenId\RelyingParty\IAuthenticationResponse.cs" /> <Compile Include="OpenId\RelyingParty\ISetupRequiredAuthenticationResponse.cs" /> <Compile Include="OpenId\RelyingParty\OpenIdRelyingParty.cs" /> <Compile Include="OpenId\RelyingParty\PositiveAuthenticationResponseSnapshot.cs" /> - <Compile Include="OpenId\RelyingParty\RelyingPartySecuritySettings.cs" /> <Compile Include="OpenId\RelyingParty\SelectorButton.cs" /> <Compile Include="OpenId\RelyingParty\SelectorButtonContract.cs" /> <Compile Include="OpenId\RelyingParty\SelectorOpenIdButton.cs" /> @@ -82,8 +73,7 @@ <Compile Include="OpenId\RelyingParty\SimpleXrdsProviderEndpoint.cs" /> <Compile Include="OpenId\RelyingParty\StandardRelyingPartyApplicationStore.cs" /> <Compile Include="OpenId\RelyingParty\WellKnownProviders.cs" /> - <Compile Include="OpenId\UriDiscoveryService.cs" /> - <Compile Include="OpenId\XriDiscoveryProxyService.cs" /> + <Compile Include="Properties\AssemblyInfo.cs" /> </ItemGroup> <ItemGroup> <Content Include="OpenId\RelyingParty\login_failure.png" /> @@ -119,6 +109,9 @@ <ItemGroup> <Reference Include="System" /> </ItemGroup> + <ItemGroup> + <Folder Include="Configuration\" /> + </ItemGroup> <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> <Import Project="$(ProjectRoot)tools\DotNetOpenAuth.targets" /> <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " /> diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs index 1d86152..fe8bd87 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/RelyingPartySigningBindingElement.cs @@ -44,8 +44,6 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { } protected override Association GetAssociation(ITamperResistantOpenIdMessage signedMessage) { - Contract.Requires<ArgumentNullException>(signedMessage != null); - // We're on a Relying Party verifying a signature. IDirectedProtocolMessage directedMessage = (IDirectedProtocolMessage)signedMessage; if (this.rpAssociations != null) { diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/Messages/AssociateSuccessfulResponseRelyingParty.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/Messages/AssociateSuccessfulResponseRelyingParty.cs index 3718a68..4ac2100 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/Messages/AssociateSuccessfulResponseRelyingParty.cs +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/Messages/AssociateSuccessfulResponseRelyingParty.cs @@ -3,7 +3,9 @@ using System.Collections.Generic; using System.Linq; using System.Text; + using System.Diagnostics.Contracts; + [ContractClass(typeof(AssociateSuccessfulResponseRelyingPartyContract))] internal abstract class AssociateSuccessfulResponseRelyingParty : AssociateSuccessfulResponse { /// <summary> /// Initializes a new instance of the <see cref="AssociateSuccessfulResponseRelyingParty"/> class. diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/OpenIdXrdsHelper.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/OpenIdXrdsHelper.cs deleted file mode 100644 index 6b2fb54..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/OpenIdXrdsHelper.cs +++ /dev/null @@ -1,163 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="OpenIdXrdsHelper.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId { - using System; - using System.Collections.Generic; - using System.Diagnostics.Contracts; - using System.Linq; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.RelyingParty; - using DotNetOpenAuth.Xrds; - - /// <summary> - /// Adds OpenID-specific extension methods to the XrdsDocument class. - /// </summary> - internal static class OpenIdXrdsHelperRelyingParty { - /// <summary> - /// Creates the service endpoints described in this document, useful for requesting - /// authentication of one of the OpenID Providers that result from it. - /// </summary> - /// <param name="xrds">The XrdsDocument instance to use in this process.</param> - /// <param name="claimedIdentifier">The claimed identifier that was used to discover this XRDS document.</param> - /// <param name="userSuppliedIdentifier">The user supplied identifier.</param> - /// <returns> - /// A sequence of OpenID Providers that can assert ownership of the <paramref name="claimedIdentifier"/>. - /// </returns> - internal static IEnumerable<IdentifierDiscoveryResult> CreateServiceEndpoints(this IEnumerable<XrdElement> xrds, UriIdentifier claimedIdentifier, UriIdentifier userSuppliedIdentifier) { - Contract.Requires<ArgumentNullException>(xrds != null); - Contract.Requires<ArgumentNullException>(claimedIdentifier != null); - Contract.Requires<ArgumentNullException>(userSuppliedIdentifier != null); - Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); - - var endpoints = new List<IdentifierDiscoveryResult>(); - endpoints.AddRange(xrds.GenerateOPIdentifierServiceEndpoints(userSuppliedIdentifier)); - endpoints.AddRange(xrds.GenerateClaimedIdentifierServiceEndpoints(claimedIdentifier, userSuppliedIdentifier)); - - Logger.Yadis.DebugFormat("Total services discovered in XRDS: {0}", endpoints.Count); - Logger.Yadis.Debug(endpoints.ToStringDeferred(true)); - return endpoints; - } - - /// <summary> - /// Creates the service endpoints described in this document, useful for requesting - /// authentication of one of the OpenID Providers that result from it. - /// </summary> - /// <param name="xrds">The XrdsDocument instance to use in this process.</param> - /// <param name="userSuppliedIdentifier">The user-supplied i-name that was used to discover this XRDS document.</param> - /// <returns>A sequence of OpenID Providers that can assert ownership of the canonical ID given in this document.</returns> - internal static IEnumerable<IdentifierDiscoveryResult> CreateServiceEndpoints(this IEnumerable<XrdElement> xrds, XriIdentifier userSuppliedIdentifier) { - Contract.Requires<ArgumentNullException>(xrds != null); - Contract.Requires<ArgumentNullException>(userSuppliedIdentifier != null); - Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); - - var endpoints = new List<IdentifierDiscoveryResult>(); - endpoints.AddRange(xrds.GenerateOPIdentifierServiceEndpoints(userSuppliedIdentifier)); - endpoints.AddRange(xrds.GenerateClaimedIdentifierServiceEndpoints(userSuppliedIdentifier)); - Logger.Yadis.DebugFormat("Total services discovered in XRDS: {0}", endpoints.Count); - Logger.Yadis.Debug(endpoints.ToStringDeferred(true)); - return endpoints; - } - - /// <summary> - /// Generates OpenID Providers that can authenticate using directed identity. - /// </summary> - /// <param name="xrds">The XrdsDocument instance to use in this process.</param> - /// <param name="opIdentifier">The OP Identifier entered (and resolved) by the user. Essentially the user-supplied identifier.</param> - /// <returns>A sequence of the providers that can offer directed identity services.</returns> - private static IEnumerable<IdentifierDiscoveryResult> GenerateOPIdentifierServiceEndpoints(this IEnumerable<XrdElement> xrds, Identifier opIdentifier) { - Contract.Requires<ArgumentNullException>(xrds != null); - Contract.Requires<ArgumentNullException>(opIdentifier != null); - Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); - return from service in xrds.FindOPIdentifierServices() - from uri in service.UriElements - let protocol = Protocol.FindBestVersion(p => p.OPIdentifierServiceTypeURI, service.TypeElementUris) - let providerDescription = new ProviderEndpointDescription(uri.Uri, service.TypeElementUris) - select IdentifierDiscoveryResult.CreateForProviderIdentifier(opIdentifier, providerDescription, service.Priority, uri.Priority); - } - - /// <summary> - /// Generates the OpenID Providers that are capable of asserting ownership - /// of a particular URI claimed identifier. - /// </summary> - /// <param name="xrds">The XrdsDocument instance to use in this process.</param> - /// <param name="claimedIdentifier">The claimed identifier.</param> - /// <param name="userSuppliedIdentifier">The user supplied identifier.</param> - /// <returns> - /// A sequence of the providers that can assert ownership of the given identifier. - /// </returns> - private static IEnumerable<IdentifierDiscoveryResult> GenerateClaimedIdentifierServiceEndpoints(this IEnumerable<XrdElement> xrds, UriIdentifier claimedIdentifier, UriIdentifier userSuppliedIdentifier) { - Contract.Requires<ArgumentNullException>(xrds != null); - Contract.Requires<ArgumentNullException>(claimedIdentifier != null); - Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); - - return from service in xrds.FindClaimedIdentifierServices() - from uri in service.UriElements - where uri.Uri != null - let providerEndpoint = new ProviderEndpointDescription(uri.Uri, service.TypeElementUris) - select IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, userSuppliedIdentifier, service.ProviderLocalIdentifier, providerEndpoint, service.Priority, uri.Priority); - } - - /// <summary> - /// Generates the OpenID Providers that are capable of asserting ownership - /// of a particular XRI claimed identifier. - /// </summary> - /// <param name="xrds">The XrdsDocument instance to use in this process.</param> - /// <param name="userSuppliedIdentifier">The i-name supplied by the user.</param> - /// <returns>A sequence of the providers that can assert ownership of the given identifier.</returns> - private static IEnumerable<IdentifierDiscoveryResult> GenerateClaimedIdentifierServiceEndpoints(this IEnumerable<XrdElement> xrds, XriIdentifier userSuppliedIdentifier) { - // Cannot use code contracts because this method uses yield return. - ////Contract.Requires<ArgumentNullException>(xrds != null); - ////Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); - ErrorUtilities.VerifyArgumentNotNull(xrds, "xrds"); - - foreach (var service in xrds.FindClaimedIdentifierServices()) { - foreach (var uri in service.UriElements) { - // spec section 7.3.2.3 on Claimed Id -> CanonicalID substitution - if (service.Xrd.CanonicalID == null) { - Logger.Yadis.WarnFormat(XrdsStrings.MissingCanonicalIDElement, userSuppliedIdentifier); - break; // skip on to next service - } - ErrorUtilities.VerifyProtocol(service.Xrd.IsCanonicalIdVerified, XrdsStrings.CIDVerificationFailed, userSuppliedIdentifier); - - // In the case of XRI names, the ClaimedId is actually the CanonicalID. - var claimedIdentifier = new XriIdentifier(service.Xrd.CanonicalID); - var providerEndpoint = new ProviderEndpointDescription(uri.Uri, service.TypeElementUris); - yield return IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, userSuppliedIdentifier, service.ProviderLocalIdentifier, providerEndpoint, service.Priority, uri.Priority); - } - } - } - - /// <summary> - /// Enumerates the XRDS service elements that describe OpenID Providers offering directed identity assertions. - /// </summary> - /// <param name="xrds">The XrdsDocument instance to use in this process.</param> - /// <returns>A sequence of service elements.</returns> - private static IEnumerable<ServiceElement> FindOPIdentifierServices(this IEnumerable<XrdElement> xrds) { - Contract.Requires<ArgumentNullException>(xrds != null); - Contract.Ensures(Contract.Result<IEnumerable<ServiceElement>>() != null); - - return from xrd in xrds - from service in xrd.OpenIdProviderIdentifierServices - select service; - } - - /// <summary> - /// Returns the OpenID-compatible services described by a given XRDS document, - /// in priority order. - /// </summary> - /// <param name="xrds">The XrdsDocument instance to use in this process.</param> - /// <returns>A sequence of the services offered.</returns> - private static IEnumerable<ServiceElement> FindClaimedIdentifierServices(this IEnumerable<XrdElement> xrds) { - Contract.Requires<ArgumentNullException>(xrds != null); - Contract.Ensures(Contract.Result<IEnumerable<ServiceElement>>() != null); - - return from xrd in xrds - from service in xrd.OpenIdClaimedIdentifierServices - select service; - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AuthenticationStatus.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AuthenticationStatus.cs deleted file mode 100644 index d9e5d0a..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/AuthenticationStatus.cs +++ /dev/null @@ -1,43 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="AuthenticationStatus.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.RelyingParty { - /// <summary> - /// An enumeration of the possible results of an authentication attempt. - /// </summary> - public enum AuthenticationStatus { - /// <summary> - /// The authentication was canceled by the user agent while at the provider. - /// </summary> - Canceled, - - /// <summary> - /// The authentication failed because an error was detected in the OpenId communication. - /// </summary> - Failed, - - /// <summary> - /// <para>The Provider responded to a request for immediate authentication approval - /// with a message stating that additional user agent interaction is required - /// before authentication can be completed.</para> - /// <para>Casting the <see cref="IAuthenticationResponse"/> to a - /// <see cref="ISetupRequiredAuthenticationResponse"/> in this case can help - /// you retry the authentication using setup (non-immediate) mode.</para> - /// </summary> - SetupRequired, - - /// <summary> - /// Authentication is completed successfully. - /// </summary> - Authenticated, - - /// <summary> - /// The Provider sent a message that did not contain an identity assertion, - /// but may carry OpenID extensions. - /// </summary> - ExtensionsOnly, - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationRequest.cs deleted file mode 100644 index 65db0bd..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationRequest.cs +++ /dev/null @@ -1,186 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IAuthenticationRequest.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.RelyingParty { - using System; - using System.Collections.Generic; - using System.Diagnostics.Contracts; - using System.Linq; - using System.Text; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// Instances of this interface represent relying party authentication - /// requests that may be queried/modified in specific ways before being - /// routed to the OpenID Provider. - /// </summary> - [ContractClass(typeof(IAuthenticationRequestContract))] - public interface IAuthenticationRequest { - /// <summary> - /// Gets or sets the mode the Provider should use during authentication. - /// </summary> - AuthenticationRequestMode Mode { get; set; } - - /// <summary> - /// Gets the HTTP response the relying party should send to the user agent - /// to redirect it to the OpenID Provider to start the OpenID authentication process. - /// </summary> - OutgoingWebResponse RedirectingResponse { get; } - - /// <summary> - /// Gets the URL that the user agent will return to after authentication - /// completes or fails at the Provider. - /// </summary> - Uri ReturnToUrl { get; } - - /// <summary> - /// Gets the URL that identifies this consumer web application that - /// the Provider will display to the end user. - /// </summary> - Realm Realm { get; } - - /// <summary> - /// Gets the Claimed Identifier that the User Supplied Identifier - /// resolved to. Null if the user provided an OP Identifier - /// (directed identity). - /// </summary> - /// <remarks> - /// Null is returned if the user is using the directed identity feature - /// of OpenID 2.0 to make it nearly impossible for a relying party site - /// to improperly store the reserved OpenID URL used for directed identity - /// as a user's own Identifier. - /// However, to test for the Directed Identity feature, please test the - /// <see cref="IsDirectedIdentity"/> property rather than testing this - /// property for a null value. - /// </remarks> - Identifier ClaimedIdentifier { get; } - - /// <summary> - /// Gets a value indicating whether the authenticating user has chosen to let the Provider - /// determine and send the ClaimedIdentifier after authentication. - /// </summary> - bool IsDirectedIdentity { get; } - - /// <summary> - /// Gets or sets a value indicating whether this request only carries extensions - /// and is not a request to verify that the user controls some identifier. - /// </summary> - /// <value> - /// <c>true</c> if this request is merely a carrier of extensions and is not - /// about an OpenID identifier; otherwise, <c>false</c>. - /// </value> - /// <remarks> - /// <para>Although OpenID is first and primarily an authentication protocol, its extensions - /// can be interesting all by themselves. For instance, a relying party might want - /// to know that its user is over 21 years old, or perhaps a member of some organization. - /// OpenID extensions can provide this, without any need for asserting the identity of the user.</para> - /// <para>Constructing an OpenID request for only extensions can be done by calling - /// <see cref="OpenIdRelyingParty.CreateRequest(Identifier)"/> with any valid OpenID identifier - /// (claimed identifier or OP identifier). But once this property is set to <c>true</c>, - /// the claimed identifier value in the request is not included in the transmitted message.</para> - /// <para>It is anticipated that an RP would only issue these types of requests to OPs that - /// trusts to make assertions regarding the individual holding an account at that OP, so it - /// is not likely that the RP would allow the user to type in an arbitrary claimed identifier - /// without checking that it resolved to an OP endpoint the RP has on a trust whitelist.</para> - /// </remarks> - bool IsExtensionOnly { get; set; } - - /// <summary> - /// Gets information about the OpenId Provider, as advertised by the - /// OpenID discovery documents found at the <see cref="ClaimedIdentifier"/> - /// location. - /// </summary> - IProviderEndpoint Provider { get; } - - /// <summary> - /// Gets the discovery result leading to the formulation of this request. - /// </summary> - /// <value>The discovery result.</value> - IdentifierDiscoveryResult DiscoveryResult { get; } - - /// <summary> - /// Makes a dictionary of key/value pairs available when the authentication is completed. - /// </summary> - /// <param name="arguments">The arguments to add to the request's return_to URI. Values must not be null.</param> - /// <remarks> - /// <para>Note that these values are NOT protected against eavesdropping in transit. No - /// privacy-sensitive data should be stored using this method.</para> - /// <para>The values stored here can be retrieved using - /// <see cref="IAuthenticationResponse.GetCallbackArgument"/>, which will only return the value - /// if it can be verified as untampered with in transit.</para> - /// <para>Since the data set here is sent in the querystring of the request and some - /// servers place limits on the size of a request URL, this data should be kept relatively - /// small to ensure successful authentication. About 1.5KB is about all that should be stored.</para> - /// </remarks> - void AddCallbackArguments(IDictionary<string, string> arguments); - - /// <summary> - /// Makes a key/value pair available when the authentication is completed. - /// </summary> - /// <param name="key">The parameter name.</param> - /// <param name="value">The value of the argument. Must not be null.</param> - /// <remarks> - /// <para>Note that these values are NOT protected against eavesdropping in transit. No - /// privacy-sensitive data should be stored using this method.</para> - /// <para>The value stored here can be retrieved using - /// <see cref="IAuthenticationResponse.GetCallbackArgument"/>, which will only return the value - /// if it can be verified as untampered with in transit.</para> - /// <para>Since the data set here is sent in the querystring of the request and some - /// servers place limits on the size of a request URL, this data should be kept relatively - /// small to ensure successful authentication. About 1.5KB is about all that should be stored.</para> - /// </remarks> - void AddCallbackArguments(string key, string value); - - /// <summary> - /// Makes a key/value pair available when the authentication is completed. - /// </summary> - /// <param name="key">The parameter name.</param> - /// <param name="value">The value of the argument. Must not be null.</param> - /// <remarks> - /// <para>Note that these values are NOT protected against eavesdropping in transit. No - /// security-sensitive data should be stored using this method.</para> - /// <para>The value stored here can be retrieved using - /// <see cref="IAuthenticationResponse.GetCallbackArgument"/>.</para> - /// <para>Since the data set here is sent in the querystring of the request and some - /// servers place limits on the size of a request URL, this data should be kept relatively - /// small to ensure successful authentication. About 1.5KB is about all that should be stored.</para> - /// </remarks> - void SetCallbackArgument(string key, string value); - - /// <summary> - /// Makes a key/value pair available when the authentication is completed without - /// requiring a return_to signature to protect against tampering of the callback argument. - /// </summary> - /// <param name="key">The parameter name.</param> - /// <param name="value">The value of the argument. Must not be null.</param> - /// <remarks> - /// <para>Note that these values are NOT protected against eavesdropping or tampering in transit. No - /// security-sensitive data should be stored using this method. </para> - /// <para>The value stored here can be retrieved using - /// <see cref="IAuthenticationResponse.GetCallbackArgument"/>.</para> - /// <para>Since the data set here is sent in the querystring of the request and some - /// servers place limits on the size of a request URL, this data should be kept relatively - /// small to ensure successful authentication. About 1.5KB is about all that should be stored.</para> - /// </remarks> - void SetUntrustedCallbackArgument(string key, string value); - - /// <summary> - /// Adds an OpenID extension to the request directed at the OpenID provider. - /// </summary> - /// <param name="extension">The initialized extension to add to the request.</param> - void AddExtension(IOpenIdMessageExtension extension); - - /// <summary> - /// Redirects the user agent to the provider for authentication. - /// Execution of the current page terminates after this call. - /// </summary> - /// <remarks> - /// This method requires an ASP.NET HttpContext. - /// </remarks> - void RedirectToProvider(); - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationRequestContract.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationRequestContract.cs deleted file mode 100644 index cd36cc7..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationRequestContract.cs +++ /dev/null @@ -1,111 +0,0 @@ -// <auto-generated /> - -namespace DotNetOpenAuth.OpenId.RelyingParty { - using System; - using System.Collections.Generic; - using System.Diagnostics.Contracts; - using System.Linq; - using System.Text; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - [ContractClassFor(typeof(IAuthenticationRequest))] - internal abstract class IAuthenticationRequestContract : IAuthenticationRequest { - #region IAuthenticationRequest Members - - AuthenticationRequestMode IAuthenticationRequest.Mode { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - OutgoingWebResponse IAuthenticationRequest.RedirectingResponse { - get { throw new NotImplementedException(); } - } - - Uri IAuthenticationRequest.ReturnToUrl { - get { throw new NotImplementedException(); } - } - - Realm IAuthenticationRequest.Realm { - get { - Contract.Ensures(Contract.Result<Realm>() != null); - throw new NotImplementedException(); - } - } - - Identifier IAuthenticationRequest.ClaimedIdentifier { - get { - throw new NotImplementedException(); - } - } - - bool IAuthenticationRequest.IsDirectedIdentity { - get { throw new NotImplementedException(); } - } - - bool IAuthenticationRequest.IsExtensionOnly { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - IProviderEndpoint IAuthenticationRequest.Provider { - get { - Contract.Ensures(Contract.Result<IProviderEndpoint>() != null); - throw new NotImplementedException(); - } - } - - IdentifierDiscoveryResult IAuthenticationRequest.DiscoveryResult { - get { - Contract.Ensures(Contract.Result<IdentifierDiscoveryResult>() != null); - throw new NotImplementedException(); - } - } - - void IAuthenticationRequest.AddCallbackArguments(IDictionary<string, string> arguments) { - Contract.Requires<ArgumentNullException>(arguments != null); - Contract.Requires<ArgumentException>(arguments.Keys.All(k => !String.IsNullOrEmpty(k))); - Contract.Requires<ArgumentException>(arguments.Values.All(v => v != null)); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.AddCallbackArguments(string key, string value) { - Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(key)); - Contract.Requires<ArgumentNullException>(value != null); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.SetCallbackArgument(string key, string value) { - Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(key)); - Contract.Requires<ArgumentNullException>(value != null); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.AddExtension(IOpenIdMessageExtension extension) { - Contract.Requires<ArgumentNullException>(extension != null); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.RedirectToProvider() { - throw new NotImplementedException(); - } - - void IAuthenticationRequest.SetUntrustedCallbackArgument(string key, string value) { - Contract.Requires<ArgumentException>(!string.IsNullOrEmpty(key)); - Contract.Requires<ArgumentNullException>(value != null); - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationResponse.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationResponse.cs deleted file mode 100644 index a24220f..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IAuthenticationResponse.cs +++ /dev/null @@ -1,532 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IAuthenticationResponse.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.RelyingParty { - using System; - using System.Collections.Generic; - using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; - using System.Globalization; - using System.Text; - using System.Web; - using DotNetOpenAuth.OpenId.Extensions; - using DotNetOpenAuth.OpenId.Messages; - - /// <summary> - /// An instance of this interface represents an identity assertion - /// from an OpenID Provider. It may be in response to an authentication - /// request previously put to it by a Relying Party site or it may be an - /// unsolicited assertion. - /// </summary> - /// <remarks> - /// Relying party web sites should handle both solicited and unsolicited - /// assertions. This interface does not offer a way to discern between - /// solicited and unsolicited assertions as they should be treated equally. - /// </remarks> - [ContractClass(typeof(IAuthenticationResponseContract))] - public interface IAuthenticationResponse { - /// <summary> - /// Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - /// May be null for some failed authentications (i.e. failed directed identity authentications). - /// </summary> - /// <remarks> - /// <para> - /// This is the secure identifier that should be used for database storage and lookup. - /// It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - /// user identities against spoofing and other attacks. - /// </para> - /// <para> - /// For user-friendly identifiers to display, use the - /// <see cref="FriendlyIdentifierForDisplay"/> property. - /// </para> - /// </remarks> - Identifier ClaimedIdentifier { get; } - - /// <summary> - /// Gets a user-friendly OpenID Identifier for display purposes ONLY. - /// </summary> - /// <remarks> - /// <para> - /// This <i>should</i> be put through <see cref="HttpUtility.HtmlEncode(string)"/> before - /// sending to a browser to secure against javascript injection attacks. - /// </para> - /// <para> - /// This property retains some aspects of the user-supplied identifier that get lost - /// in the <see cref="ClaimedIdentifier"/>. For example, XRIs used as user-supplied - /// identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - /// For display purposes, such as text on a web page that says "You're logged in as ...", - /// this property serves to provide the =Arnott string, or whatever else is the most friendly - /// string close to what the user originally typed in. - /// </para> - /// <para> - /// If the user-supplied identifier is a URI, this property will be the URI after all - /// redirects, and with the protocol and fragment trimmed off. - /// If the user-supplied identifier is an XRI, this property will be the original XRI. - /// If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - /// this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - /// </para> - /// <para> - /// It is <b>very</b> important that this property <i>never</i> be used for database storage - /// or lookup to avoid identity spoofing and other security risks. For database storage - /// and lookup please use the <see cref="ClaimedIdentifier"/> property. - /// </para> - /// </remarks> - string FriendlyIdentifierForDisplay { get; } - - /// <summary> - /// Gets the detailed success or failure status of the authentication attempt. - /// </summary> - AuthenticationStatus Status { get; } - - /// <summary> - /// Gets information about the OpenId Provider, as advertised by the - /// OpenID discovery documents found at the <see cref="ClaimedIdentifier"/> - /// location, if available. - /// </summary> - /// <value> - /// The Provider endpoint that issued the positive assertion; - /// or <c>null</c> if information about the Provider is unavailable. - /// </value> - IProviderEndpoint Provider { get; } - - /// <summary> - /// Gets the details regarding a failed authentication attempt, if available. - /// This will be set if and only if <see cref="Status"/> is <see cref="AuthenticationStatus.Failed"/>. - /// </summary> - Exception Exception { get; } - - /// <summary> - /// Gets a callback argument's value that was previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>. - /// </summary> - /// <param name="key">The name of the parameter whose value is sought.</param> - /// <returns> - /// The value of the argument, or null if the named parameter could not be found. - /// </returns> - /// <remarks> - /// Callback parameters are only available if they are complete and untampered with - /// since the original request message (as proven by a signature). - /// If the relying party is operating in stateless mode <c>null</c> is always - /// returned since the callback arguments could not be signed to protect against - /// tampering. - /// </remarks> - string GetCallbackArgument(string key); - - /// <summary> - /// Gets a callback argument's value that was previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>. - /// </summary> - /// <param name="key">The name of the parameter whose value is sought.</param> - /// <returns> - /// The value of the argument, or null if the named parameter could not be found. - /// </returns> - /// <remarks> - /// Callback parameters are only available even if the RP is in stateless mode, - /// or the callback parameters are otherwise unverifiable as untampered with. - /// Therefore, use this method only when the callback argument is not to be - /// used to make a security-sensitive decision. - /// </remarks> - string GetUntrustedCallbackArgument(string key); - - /// <summary> - /// Gets all the callback arguments that were previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part - /// of the return_to URL. - /// </summary> - /// <returns>A name-value dictionary. Never null.</returns> - /// <remarks> - /// Callback parameters are only available if they are complete and untampered with - /// since the original request message (as proven by a signature). - /// If the relying party is operating in stateless mode an empty dictionary is always - /// returned since the callback arguments could not be signed to protect against - /// tampering. - /// </remarks> - [SuppressMessage("Microsoft.Design", "CA1024:UsePropertiesWhereAppropriate", Justification = "Historically an expensive operation.")] - IDictionary<string, string> GetCallbackArguments(); - - /// <summary> - /// Gets all the callback arguments that were previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part - /// of the return_to URL. - /// </summary> - /// <returns>A name-value dictionary. Never null.</returns> - /// <remarks> - /// Callback parameters are only available even if the RP is in stateless mode, - /// or the callback parameters are otherwise unverifiable as untampered with. - /// Therefore, use this method only when the callback argument is not to be - /// used to make a security-sensitive decision. - /// </remarks> - [SuppressMessage("Microsoft.Design", "CA1024:UsePropertiesWhereAppropriate", Justification = "Historically an expensive operation.")] - IDictionary<string, string> GetUntrustedCallbackArguments(); - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response. - /// </summary> - /// <typeparam name="T">The type of extension to look for in the response message.</typeparam> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned only if the Provider signed them. - /// Relying parties that do not care if the values were modified in - /// transit should use the <see cref="GetUntrustedExtension<T>"/> method - /// in order to allow the Provider to not sign the extension. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - [SuppressMessage("Microsoft.Design", "CA1004:GenericMethodsShouldProvideTypeParameter", Justification = "No parameter at all is required. T is used for return type.")] - T GetExtension<T>() where T : IOpenIdMessageExtension; - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response. - /// </summary> - /// <param name="extensionType">Type of the extension to look for in the response.</param> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned only if the Provider signed them. - /// Relying parties that do not care if the values were modified in - /// transit should use the <see cref="GetUntrustedExtension"/> method - /// in order to allow the Provider to not sign the extension. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - IOpenIdMessageExtension GetExtension(Type extensionType); - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response, without - /// requiring it to be signed by the Provider. - /// </summary> - /// <typeparam name="T">The type of extension to look for in the response message.</typeparam> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned whether they are signed or not. - /// Use the <see cref="GetExtension<T>"/> method to retrieve - /// extension responses only if they are signed by the Provider to - /// protect against tampering. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - [SuppressMessage("Microsoft.Design", "CA1004:GenericMethodsShouldProvideTypeParameter", Justification = "No parameter at all is required. T is used for return type.")] - T GetUntrustedExtension<T>() where T : IOpenIdMessageExtension; - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response, without - /// requiring it to be signed by the Provider. - /// </summary> - /// <param name="extensionType">Type of the extension to look for in the response.</param> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned whether they are signed or not. - /// Use the <see cref="GetExtension"/> method to retrieve - /// extension responses only if they are signed by the Provider to - /// protect against tampering. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - IOpenIdMessageExtension GetUntrustedExtension(Type extensionType); - } - - /// <summary> - /// Code contract for the <see cref="IAuthenticationResponse"/> type. - /// </summary> - [ContractClassFor(typeof(IAuthenticationResponse))] - internal abstract class IAuthenticationResponseContract : IAuthenticationResponse { - /// <summary> - /// Initializes a new instance of the <see cref="IAuthenticationResponseContract"/> class. - /// </summary> - protected IAuthenticationResponseContract() { - } - - #region IAuthenticationResponse Members - - /// <summary> - /// Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - /// May be null for some failed authentications (i.e. failed directed identity authentications). - /// </summary> - /// <value></value> - /// <remarks> - /// <para> - /// This is the secure identifier that should be used for database storage and lookup. - /// It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - /// user identities against spoofing and other attacks. - /// </para> - /// <para> - /// For user-friendly identifiers to display, use the - /// <see cref="IAuthenticationResponse.FriendlyIdentifierForDisplay"/> property. - /// </para> - /// </remarks> - Identifier IAuthenticationResponse.ClaimedIdentifier { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a user-friendly OpenID Identifier for display purposes ONLY. - /// </summary> - /// <value></value> - /// <remarks> - /// <para> - /// This <i>should</i> be put through <see cref="HttpUtility.HtmlEncode(string)"/> before - /// sending to a browser to secure against javascript injection attacks. - /// </para> - /// <para> - /// This property retains some aspects of the user-supplied identifier that get lost - /// in the <see cref="IAuthenticationResponse.ClaimedIdentifier"/>. For example, XRIs used as user-supplied - /// identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - /// For display purposes, such as text on a web page that says "You're logged in as ...", - /// this property serves to provide the =Arnott string, or whatever else is the most friendly - /// string close to what the user originally typed in. - /// </para> - /// <para> - /// If the user-supplied identifier is a URI, this property will be the URI after all - /// redirects, and with the protocol and fragment trimmed off. - /// If the user-supplied identifier is an XRI, this property will be the original XRI. - /// If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - /// this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - /// </para> - /// <para> - /// It is <b>very</b> important that this property <i>never</i> be used for database storage - /// or lookup to avoid identity spoofing and other security risks. For database storage - /// and lookup please use the <see cref="IAuthenticationResponse.ClaimedIdentifier"/> property. - /// </para> - /// </remarks> - string IAuthenticationResponse.FriendlyIdentifierForDisplay { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets the detailed success or failure status of the authentication attempt. - /// </summary> - /// <value></value> - AuthenticationStatus IAuthenticationResponse.Status { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets information about the OpenId Provider, as advertised by the - /// OpenID discovery documents found at the <see cref="IAuthenticationResponse.ClaimedIdentifier"/> - /// location, if available. - /// </summary> - /// <value> - /// The Provider endpoint that issued the positive assertion; - /// or <c>null</c> if information about the Provider is unavailable. - /// </value> - IProviderEndpoint IAuthenticationResponse.Provider { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets the details regarding a failed authentication attempt, if available. - /// This will be set if and only if <see cref="IAuthenticationResponse.Status"/> is <see cref="AuthenticationStatus.Failed"/>. - /// </summary> - /// <value></value> - Exception IAuthenticationResponse.Exception { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a callback argument's value that was previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>. - /// </summary> - /// <param name="key">The name of the parameter whose value is sought.</param> - /// <returns> - /// The value of the argument, or null if the named parameter could not be found. - /// </returns> - /// <remarks> - /// <para>This may return any argument on the querystring that came with the authentication response, - /// which may include parameters not explicitly added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para> - /// <para>Note that these values are NOT protected against tampering in transit.</para> - /// </remarks> - string IAuthenticationResponse.GetCallbackArgument(string key) { - Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(key)); - throw new NotImplementedException(); - } - - /// <summary> - /// Gets all the callback arguments that were previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part - /// of the return_to URL. - /// </summary> - /// <returns>A name-value dictionary. Never null.</returns> - /// <remarks> - /// <para>This MAY return any argument on the querystring that came with the authentication response, - /// which may include parameters not explicitly added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para> - /// <para>Note that these values are NOT protected against tampering in transit.</para> - /// </remarks> - IDictionary<string, string> IAuthenticationResponse.GetCallbackArguments() { - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response. - /// </summary> - /// <typeparam name="T">The type of extension to look for in the response message.</typeparam> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned only if the Provider signed them. - /// Relying parties that do not care if the values were modified in - /// transit should use the <see cref="IAuthenticationResponse.GetUntrustedExtension<T>"/> method - /// in order to allow the Provider to not sign the extension. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - T IAuthenticationResponse.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response. - /// </summary> - /// <param name="extensionType">Type of the extension to look for in the response.</param> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned only if the Provider signed them. - /// Relying parties that do not care if the values were modified in - /// transit should use the <see cref="IAuthenticationResponse.GetUntrustedExtension"/> method - /// in order to allow the Provider to not sign the extension. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - IOpenIdMessageExtension IAuthenticationResponse.GetExtension(Type extensionType) { - Contract.Requires<ArgumentNullException>(extensionType != null); - Contract.Requires<ArgumentException>(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)); - ////ErrorUtilities.VerifyArgument(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType), string.Format(CultureInfo.CurrentCulture, OpenIdStrings.TypeMustImplementX, typeof(IOpenIdMessageExtension).FullName)); - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response, without - /// requiring it to be signed by the Provider. - /// </summary> - /// <typeparam name="T">The type of extension to look for in the response message.</typeparam> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned whether they are signed or not. - /// Use the <see cref="IAuthenticationResponse.GetExtension<T>"/> method to retrieve - /// extension responses only if they are signed by the Provider to - /// protect against tampering. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - T IAuthenticationResponse.GetUntrustedExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response, without - /// requiring it to be signed by the Provider. - /// </summary> - /// <param name="extensionType">Type of the extension to look for in the response.</param> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned whether they are signed or not. - /// Use the <see cref="IAuthenticationResponse.GetExtension"/> method to retrieve - /// extension responses only if they are signed by the Provider to - /// protect against tampering. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - IOpenIdMessageExtension IAuthenticationResponse.GetUntrustedExtension(Type extensionType) { - Contract.Requires<ArgumentNullException>(extensionType != null); - Contract.Requires<ArgumentException>(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType)); - ////ErrorUtilities.VerifyArgument(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType), string.Format(CultureInfo.CurrentCulture, OpenIdStrings.TypeMustImplementX, typeof(IOpenIdMessageExtension).FullName)); - throw new NotImplementedException(); - } - - /// <summary> - /// Gets a callback argument's value that was previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>. - /// </summary> - /// <param name="key">The name of the parameter whose value is sought.</param> - /// <returns> - /// The value of the argument, or null if the named parameter could not be found. - /// </returns> - /// <remarks> - /// Callback parameters are only available even if the RP is in stateless mode, - /// or the callback parameters are otherwise unverifiable as untampered with. - /// Therefore, use this method only when the callback argument is not to be - /// used to make a security-sensitive decision. - /// </remarks> - string IAuthenticationResponse.GetUntrustedCallbackArgument(string key) { - Contract.Requires<ArgumentException>(!string.IsNullOrEmpty(key)); - throw new NotImplementedException(); - } - - /// <summary> - /// Gets all the callback arguments that were previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part - /// of the return_to URL. - /// </summary> - /// <returns>A name-value dictionary. Never null.</returns> - /// <remarks> - /// Callback parameters are only available even if the RP is in stateless mode, - /// or the callback parameters are otherwise unverifiable as untampered with. - /// Therefore, use this method only when the callback argument is not to be - /// used to make a security-sensitive decision. - /// </remarks> - IDictionary<string, string> IAuthenticationResponse.GetUntrustedCallbackArguments() { - Contract.Ensures(Contract.Result<IDictionary<string, string>>() != null); - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IRelyingPartyBehavior.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IRelyingPartyBehavior.cs deleted file mode 100644 index 1bfa0db..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/IRelyingPartyBehavior.cs +++ /dev/null @@ -1,92 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="IRelyingPartyBehavior.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.RelyingParty { - using System; - using System.Diagnostics.Contracts; - - /// <summary> - /// Applies a custom security policy to certain OpenID security settings and behaviors. - /// </summary> - [ContractClass(typeof(IRelyingPartyBehaviorContract))] - public interface IRelyingPartyBehavior { - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void ApplySecuritySettings(RelyingPartySecuritySettings securitySettings); - - /// <summary> - /// Called when an authentication request is about to be sent. - /// </summary> - /// <param name="request">The request.</param> - /// <remarks> - /// Implementations should be prepared to be called multiple times on the same outgoing message - /// without malfunctioning. - /// </remarks> - void OnOutgoingAuthenticationRequest(IAuthenticationRequest request); - - /// <summary> - /// Called when an incoming positive assertion is received. - /// </summary> - /// <param name="assertion">The positive assertion.</param> - void OnIncomingPositiveAssertion(IAuthenticationResponse assertion); - } - - /// <summary> - /// Contract class for the <see cref="IRelyingPartyBehavior"/> interface. - /// </summary> - [ContractClassFor(typeof(IRelyingPartyBehavior))] - internal abstract class IRelyingPartyBehaviorContract : IRelyingPartyBehavior { - /// <summary> - /// Prevents a default instance of the <see cref="IRelyingPartyBehaviorContract"/> class from being created. - /// </summary> - private IRelyingPartyBehaviorContract() { - } - - #region IRelyingPartyBehavior Members - - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void IRelyingPartyBehavior.ApplySecuritySettings(RelyingPartySecuritySettings securitySettings) { - Contract.Requires<ArgumentNullException>(securitySettings != null); - } - - /// <summary> - /// Called when an authentication request is about to be sent. - /// </summary> - /// <param name="request">The request.</param> - /// <remarks> - /// Implementations should be prepared to be called multiple times on the same outgoing message - /// without malfunctioning. - /// </remarks> - void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(IAuthenticationRequest request) { - Contract.Requires<ArgumentNullException>(request != null); - } - - /// <summary> - /// Called when an incoming positive assertion is received. - /// </summary> - /// <param name="assertion">The positive assertion.</param> - void IRelyingPartyBehavior.OnIncomingPositiveAssertion(IAuthenticationResponse assertion) { - Contract.Requires<ArgumentNullException>(assertion != null); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/RelyingPartySecuritySettings.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/RelyingPartySecuritySettings.cs deleted file mode 100644 index fc6d4c7..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/RelyingPartySecuritySettings.cs +++ /dev/null @@ -1,187 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="RelyingPartySecuritySettings.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId.RelyingParty { - using System; - using System.Collections.Generic; - using System.Collections.ObjectModel; - using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; - using System.Linq; - using DotNetOpenAuth.Messaging; - - /// <summary> - /// Security settings that are applicable to relying parties. - /// </summary> - public sealed class RelyingPartySecuritySettings : SecuritySettings { - /// <summary> - /// The default value for the <see cref="ProtectDownlevelReplayAttacks"/> property. - /// </summary> - internal const bool ProtectDownlevelReplayAttacksDefault = true; - - /// <summary> - /// Initializes a new instance of the <see cref="RelyingPartySecuritySettings"/> class. - /// </summary> - internal RelyingPartySecuritySettings() - : base(false) { - this.PrivateSecretMaximumAge = TimeSpan.FromDays(7); - this.ProtectDownlevelReplayAttacks = ProtectDownlevelReplayAttacksDefault; - this.AllowApproximateIdentifierDiscovery = true; - this.TrustedProviderEndpoints = new HashSet<Uri>(); - } - - /// <summary> - /// Gets or sets a value indicating whether the entire pipeline from Identifier discovery to - /// Provider redirect is guaranteed to be encrypted using HTTPS for authentication to succeed. - /// </summary> - /// <remarks> - /// <para>Setting this property to true is appropriate for RPs with highly sensitive - /// personal information behind the authentication (money management, health records, etc.)</para> - /// <para>When set to true, some behavioral changes and additional restrictions are placed:</para> - /// <list> - /// <item>User-supplied identifiers lacking a scheme are prepended with - /// HTTPS:// rather than the standard HTTP:// automatically.</item> - /// <item>User-supplied identifiers are not allowed to use HTTP for the scheme.</item> - /// <item>All redirects during discovery on the user-supplied identifier must be HTTPS.</item> - /// <item>Any XRDS file found by discovery on the User-supplied identifier must be protected using HTTPS.</item> - /// <item>Only Provider endpoints found at HTTPS URLs will be considered.</item> - /// <item>If the discovered identifier is an OP Identifier (directed identity), the - /// Claimed Identifier eventually asserted by the Provider must be an HTTPS identifier.</item> - /// <item>In the case of an unsolicited assertion, the asserted Identifier, discovery on it and - /// the asserting provider endpoint must all be secured by HTTPS.</item> - /// </list> - /// <para>Although the first redirect from this relying party to the Provider is required - /// to use HTTPS, any additional redirects within the Provider cannot be protected and MAY - /// revert the user's connection to HTTP, based on individual Provider implementation. - /// There is nothing that the RP can do to detect or prevent this.</para> - /// <para> - /// A <see cref="ProtocolException"/> is thrown during discovery or authentication when a secure pipeline cannot be established. - /// </para> - /// </remarks> - public bool RequireSsl { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether only OP Identifiers will be discoverable - /// when creating authentication requests. - /// </summary> - public bool RequireDirectedIdentity { get; set; } - - /// <summary> - /// Gets or sets the oldest version of OpenID the remote party is allowed to implement. - /// </summary> - /// <value>Defaults to <see cref="ProtocolVersion.V10"/></value> - public ProtocolVersion MinimumRequiredOpenIdVersion { get; set; } - - /// <summary> - /// Gets or sets the maximum allowable age of the secret a Relying Party - /// uses to its return_to URLs and nonces with 1.0 Providers. - /// </summary> - /// <value>The default value is 7 days.</value> - public TimeSpan PrivateSecretMaximumAge { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether all unsolicited assertions should be ignored. - /// </summary> - /// <value>The default value is <c>false</c>.</value> - public bool RejectUnsolicitedAssertions { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether delegating identifiers are refused for authentication. - /// </summary> - /// <value>The default value is <c>false</c>.</value> - /// <remarks> - /// When set to <c>true</c>, login attempts that start at the RP or arrive via unsolicited - /// assertions will be rejected if discovery on the identifier shows that OpenID delegation - /// is used for the identifier. This is useful for an RP that should only accept identifiers - /// directly issued by the Provider that is sending the assertion. - /// </remarks> - public bool RejectDelegatingIdentifiers { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether unsigned extensions in authentication responses should be ignored. - /// </summary> - /// <value>The default value is <c>false</c>.</value> - /// <remarks> - /// When set to true, the <see cref="IAuthenticationResponse.GetUntrustedExtension"/> methods - /// will not return any extension that was not signed by the Provider. - /// </remarks> - public bool IgnoreUnsignedExtensions { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether authentication requests will only be - /// sent to Providers with whom we can create a shared association. - /// </summary> - /// <value> - /// <c>true</c> to immediately fail authentication if an association with the Provider cannot be established; otherwise, <c>false</c>. - /// The default value is <c>false</c>. - /// </value> - public bool RequireAssociation { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers - /// should ever be recognized as claimed identifiers. - /// </summary> - /// <value> - /// The default value is <c>false</c>, per the OpenID 2.0 spec. - /// </value> - /// <remarks> - /// OpenID 2.0 sections 7.3.2.2 and 11.2 specify that OP Identifiers never be recognized as Claimed Identifiers. - /// However, for some scenarios it may be desirable for an RP to override this behavior and allow this. - /// The security ramifications of setting this property to <c>true</c> have not been fully explored and - /// therefore this setting should only be changed with caution. - /// </remarks> - public bool AllowDualPurposeIdentifiers { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether certain Claimed Identifiers that exploit - /// features that .NET does not have the ability to send exact HTTP requests for will - /// still be allowed by using an approximate HTTP request. - /// </summary> - /// <value> - /// The default value is <c>true</c>. - /// </value> - public bool AllowApproximateIdentifierDiscovery { get; set; } - - /// <summary> - /// Gets the set of trusted OpenID Provider Endpoint URIs. - /// </summary> - public HashSet<Uri> TrustedProviderEndpoints { get; private set; } - - /// <summary> - /// Gets or sets a value indicating whether any login attempt coming from an OpenID Provider Endpoint that is not on this - /// whitelist of trusted OP Endpoints will be rejected. If the trusted providers list is empty and this value - /// is true, all assertions are rejected. - /// </summary> - /// <value>Default is <c>false</c>.</value> - public bool RejectAssertionsFromUntrustedProviders { get; set; } - - /// <summary> - /// Gets or sets a value indicating whether special measures are taken to - /// protect users from replay attacks when those users' identities are hosted - /// by OpenID 1.x Providers. - /// </summary> - /// <value>The default value is <c>true</c>.</value> - /// <remarks> - /// <para>Nonces for protection against replay attacks were not mandated - /// by OpenID 1.x, which leaves users open to replay attacks.</para> - /// <para>This feature works by adding a signed nonce to the authentication request. - /// This might increase the request size beyond what some OpenID 1.1 Providers - /// (such as Blogger) are capable of handling.</para> - /// </remarks> - internal bool ProtectDownlevelReplayAttacks { get; set; } - - /// <summary> - /// Filters out any disallowed endpoints. - /// </summary> - /// <param name="endpoints">The endpoints discovered on an Identifier.</param> - /// <returns>A sequence of endpoints that satisfy all security requirements.</returns> - internal IEnumerable<IdentifierDiscoveryResult> FilterEndpoints(IEnumerable<IdentifierDiscoveryResult> endpoints) { - return endpoints - .Where(se => !this.RejectDelegatingIdentifiers || se.ClaimedIdentifier == se.ProviderLocalIdentifier) - .Where(se => !this.RequireDirectedIdentity || se.ClaimedIdentifier == se.Protocol.ClaimedIdentifierForOPIdentifier); - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/UriDiscoveryService.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/UriDiscoveryService.cs deleted file mode 100644 index 7d17fd9..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/UriDiscoveryService.cs +++ /dev/null @@ -1,139 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="UriDiscoveryService.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId { - using System; - using System.Collections.Generic; - using System.Linq; - using System.Text; - using System.Text.RegularExpressions; - using System.Web.UI.HtmlControls; - using System.Xml; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.RelyingParty; - using DotNetOpenAuth.Xrds; - using DotNetOpenAuth.Yadis; - - /// <summary> - /// The discovery service for URI identifiers. - /// </summary> - public class UriDiscoveryService : IIdentifierDiscoveryService { - /// <summary> - /// Initializes a new instance of the <see cref="UriDiscoveryService"/> class. - /// </summary> - public UriDiscoveryService() { - } - - #region IDiscoveryService Members - - /// <summary> - /// Performs discovery on the specified identifier. - /// </summary> - /// <param name="identifier">The identifier to perform discovery on.</param> - /// <param name="requestHandler">The means to place outgoing HTTP requests.</param> - /// <param name="abortDiscoveryChain">if set to <c>true</c>, no further discovery services will be called for this identifier.</param> - /// <returns> - /// A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - /// </returns> - public IEnumerable<IdentifierDiscoveryResult> Discover(Identifier identifier, IDirectWebRequestHandler requestHandler, out bool abortDiscoveryChain) { - abortDiscoveryChain = false; - var uriIdentifier = identifier as UriIdentifier; - if (uriIdentifier == null) { - return Enumerable.Empty<IdentifierDiscoveryResult>(); - } - - var endpoints = new List<IdentifierDiscoveryResult>(); - - // Attempt YADIS discovery - DiscoveryResult yadisResult = Yadis.Discover(requestHandler, uriIdentifier, identifier.IsDiscoverySecureEndToEnd); - if (yadisResult != null) { - if (yadisResult.IsXrds) { - try { - XrdsDocument xrds = new XrdsDocument(yadisResult.ResponseText); - var xrdsEndpoints = xrds.XrdElements.CreateServiceEndpoints(yadisResult.NormalizedUri, uriIdentifier); - - // Filter out insecure endpoints if high security is required. - if (uriIdentifier.IsDiscoverySecureEndToEnd) { - xrdsEndpoints = xrdsEndpoints.Where(se => se.ProviderEndpoint.IsTransportSecure()); - } - endpoints.AddRange(xrdsEndpoints); - } catch (XmlException ex) { - Logger.Yadis.Error("Error while parsing the XRDS document. Falling back to HTML discovery.", ex); - } - } - - // Failing YADIS discovery of an XRDS document, we try HTML discovery. - if (endpoints.Count == 0) { - yadisResult.TryRevertToHtmlResponse(); - var htmlEndpoints = new List<IdentifierDiscoveryResult>(DiscoverFromHtml(yadisResult.NormalizedUri, uriIdentifier, yadisResult.ResponseText)); - if (htmlEndpoints.Any()) { - Logger.Yadis.DebugFormat("Total services discovered in HTML: {0}", htmlEndpoints.Count); - Logger.Yadis.Debug(htmlEndpoints.ToStringDeferred(true)); - endpoints.AddRange(htmlEndpoints.Where(ep => !uriIdentifier.IsDiscoverySecureEndToEnd || ep.ProviderEndpoint.IsTransportSecure())); - if (endpoints.Count == 0) { - Logger.Yadis.Info("No HTML discovered endpoints met the security requirements."); - } - } else { - Logger.Yadis.Debug("HTML discovery failed to find any endpoints."); - } - } else { - Logger.Yadis.Debug("Skipping HTML discovery because XRDS contained service endpoints."); - } - } - return endpoints; - } - - #endregion - - /// <summary> - /// Searches HTML for the HEAD META tags that describe OpenID provider services. - /// </summary> - /// <param name="claimedIdentifier">The final URL that provided this HTML document. - /// This may not be the same as (this) userSuppliedIdentifier if the - /// userSuppliedIdentifier pointed to a 301 Redirect.</param> - /// <param name="userSuppliedIdentifier">The user supplied identifier.</param> - /// <param name="html">The HTML that was downloaded and should be searched.</param> - /// <returns> - /// A sequence of any discovered ServiceEndpoints. - /// </returns> - private static IEnumerable<IdentifierDiscoveryResult> DiscoverFromHtml(Uri claimedIdentifier, UriIdentifier userSuppliedIdentifier, string html) { - var linkTags = new List<HtmlLink>(HtmlParser.HeadTags<HtmlLink>(html)); - foreach (var protocol in Protocol.AllPracticalVersions) { - // rel attributes are supposed to be interpreted with case INsensitivity, - // and is a space-delimited list of values. (http://www.htmlhelp.com/reference/html40/values.html#linktypes) - var serverLinkTag = linkTags.WithAttribute("rel").FirstOrDefault(tag => Regex.IsMatch(tag.Attributes["rel"], @"\b" + Regex.Escape(protocol.HtmlDiscoveryProviderKey) + @"\b", RegexOptions.IgnoreCase)); - if (serverLinkTag == null) { - continue; - } - - Uri providerEndpoint = null; - if (Uri.TryCreate(serverLinkTag.Href, UriKind.Absolute, out providerEndpoint)) { - // See if a LocalId tag of the discovered version exists - Identifier providerLocalIdentifier = null; - var delegateLinkTag = linkTags.WithAttribute("rel").FirstOrDefault(tag => Regex.IsMatch(tag.Attributes["rel"], @"\b" + Regex.Escape(protocol.HtmlDiscoveryLocalIdKey) + @"\b", RegexOptions.IgnoreCase)); - if (delegateLinkTag != null) { - if (Identifier.IsValid(delegateLinkTag.Href)) { - providerLocalIdentifier = delegateLinkTag.Href; - } else { - Logger.Yadis.WarnFormat("Skipping endpoint data because local id is badly formed ({0}).", delegateLinkTag.Href); - continue; // skip to next version - } - } - - // Choose the TypeURI to match the OpenID version detected. - string[] typeURIs = { protocol.ClaimedIdentifierServiceTypeURI }; - yield return IdentifierDiscoveryResult.CreateForClaimedIdentifier( - claimedIdentifier, - userSuppliedIdentifier, - providerLocalIdentifier, - new ProviderEndpointDescription(providerEndpoint, typeURIs), - (int?)null, - (int?)null); - } - } - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/XriDiscoveryProxyService.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/XriDiscoveryProxyService.cs deleted file mode 100644 index d80c59e..0000000 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/XriDiscoveryProxyService.cs +++ /dev/null @@ -1,108 +0,0 @@ -//----------------------------------------------------------------------- -// <copyright file="XriDiscoveryProxyService.cs" company="Andrew Arnott"> -// Copyright (c) Andrew Arnott. All rights reserved. -// </copyright> -//----------------------------------------------------------------------- - -namespace DotNetOpenAuth.OpenId { - using System; - using System.Collections.Generic; - using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; - using System.Globalization; - using System.Linq; - using System.Text; - using System.Xml; - using DotNetOpenAuth.Configuration; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.RelyingParty; - using DotNetOpenAuth.Xrds; - using DotNetOpenAuth.Yadis; - - /// <summary> - /// The discovery service for XRI identifiers that uses an XRI proxy resolver for discovery. - /// </summary> - [SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Xri", Justification = "Acronym")] - public class XriDiscoveryProxyService : IIdentifierDiscoveryService { - /// <summary> - /// The magic URL that will provide us an XRDS document for a given XRI identifier. - /// </summary> - /// <remarks> - /// We use application/xrd+xml instead of application/xrds+xml because it gets - /// xri.net to automatically give us exactly the right XRD element for community i-names - /// automatically, saving us having to choose which one to use out of the result. - /// The ssl=true parameter tells the proxy resolver to accept only SSL connections - /// when resolving community i-names. - /// </remarks> - private const string XriResolverProxyTemplate = "https://{1}/{0}?_xrd_r=application/xrd%2Bxml;sep=false"; - - /// <summary> - /// Initializes a new instance of the <see cref="XriDiscoveryProxyService"/> class. - /// </summary> - public XriDiscoveryProxyService() { - } - - #region IDiscoveryService Members - - /// <summary> - /// Performs discovery on the specified identifier. - /// </summary> - /// <param name="identifier">The identifier to perform discovery on.</param> - /// <param name="requestHandler">The means to place outgoing HTTP requests.</param> - /// <param name="abortDiscoveryChain">if set to <c>true</c>, no further discovery services will be called for this identifier.</param> - /// <returns> - /// A sequence of service endpoints yielded by discovery. Must not be null, but may be empty. - /// </returns> - public IEnumerable<IdentifierDiscoveryResult> Discover(Identifier identifier, IDirectWebRequestHandler requestHandler, out bool abortDiscoveryChain) { - abortDiscoveryChain = false; - var xriIdentifier = identifier as XriIdentifier; - if (xriIdentifier == null) { - return Enumerable.Empty<IdentifierDiscoveryResult>(); - } - - return DownloadXrds(xriIdentifier, requestHandler).XrdElements.CreateServiceEndpoints(xriIdentifier); - } - - #endregion - - /// <summary> - /// Downloads the XRDS document for this XRI. - /// </summary> - /// <param name="identifier">The identifier.</param> - /// <param name="requestHandler">The request handler.</param> - /// <returns>The XRDS document.</returns> - private static XrdsDocument DownloadXrds(XriIdentifier identifier, IDirectWebRequestHandler requestHandler) { - Contract.Requires<ArgumentNullException>(identifier != null); - Contract.Requires<ArgumentNullException>(requestHandler != null); - Contract.Ensures(Contract.Result<XrdsDocument>() != null); - XrdsDocument doc; - using (var xrdsResponse = Yadis.Request(requestHandler, GetXrdsUrl(identifier), identifier.IsDiscoverySecureEndToEnd)) { - doc = new XrdsDocument(XmlReader.Create(xrdsResponse.ResponseStream)); - } - ErrorUtilities.VerifyProtocol(doc.IsXrdResolutionSuccessful, OpenIdStrings.XriResolutionFailed); - return doc; - } - - /// <summary> - /// Gets the URL from which this XRI's XRDS document may be downloaded. - /// </summary> - /// <param name="identifier">The identifier.</param> - /// <returns>The URI to HTTP GET from to get the services.</returns> - private static Uri GetXrdsUrl(XriIdentifier identifier) { - ErrorUtilities.VerifyProtocol(OpenIdElement.Configuration.XriResolver.Enabled, OpenIdStrings.XriResolutionDisabled); - string xriResolverProxy = XriResolverProxyTemplate; - if (identifier.IsDiscoverySecureEndToEnd) { - // Indicate to xri.net that we require SSL to be used for delegated resolution - // of community i-names. - xriResolverProxy += ";https=true"; - } - - return new Uri( - string.Format( - CultureInfo.InvariantCulture, - xriResolverProxy, - identifier, - OpenIdElement.Configuration.XriResolver.Proxy.Name)); - } - } -} diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/Properties/AssemblyInfo.cs new file mode 100644 index 0000000..2961dc2 --- /dev/null +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/Properties/AssemblyInfo.cs @@ -0,0 +1,56 @@ +//----------------------------------------------------------------------- +// <copyright file="AssemblyInfo.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +// We DON'T put an AssemblyVersionAttribute in here because it is generated in the build. + +using System; +using System.Diagnostics.Contracts; +using System.Net; +using System.Reflection; +using System.Resources; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; +using System.Security; +using System.Security.Permissions; +using System.Web.UI; + +[assembly: TagPrefix("DotNetOpenAuth.OpenId.RelyingParty", "rp")] + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +[assembly: AssemblyTitle("DotNetOpenAuth OpenID")] +[assembly: AssemblyDescription("")] +[assembly: AssemblyConfiguration("")] +[assembly: AssemblyCompany("")] +[assembly: AssemblyProduct("DotNetOpenAuth")] +[assembly: AssemblyCopyright("Copyright © 2008")] +[assembly: AssemblyTrademark("")] +[assembly: AssemblyCulture("")] +[assembly: NeutralResourcesLanguage("en-US")] +[assembly: CLSCompliant(true)] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +[assembly: Guid("7d73990c-47c0-4256-9f20-a893add9e289")] + +[assembly: ContractVerification(true)] + +#if StrongNameSigned +// See comment at top of this file. We need this so that strong-naming doesn't +// keep this assembly from being useful to shared host (medium trust) web sites. +[assembly: AllowPartiallyTrustedCallers] + +[assembly: InternalsVisibleTo("DotNetOpenAuth.Test, PublicKey=0024000004800000940000000602000000240000525341310004000001000100AD093C3765257C89A7010E853F2C7C741FF92FA8ACE06D7B8254702CAD5CF99104447F63AB05F8BB6F51CE0D81C8C93D2FCE8C20AAFF7042E721CBA16EAAE98778611DED11C0ABC8900DC5667F99B50A9DADEC24DBD8F2C91E3E8AD300EF64F1B4B9536CEB16FB440AF939F57624A9B486F867807C649AE4830EAB88C6C03998")] +[assembly: InternalsVisibleTo("DotNetOpenAuth.OpenId.Provider, PublicKey=0024000004800000940000000602000000240000525341310004000001000100AD093C3765257C89A7010E853F2C7C741FF92FA8ACE06D7B8254702CAD5CF99104447F63AB05F8BB6F51CE0D81C8C93D2FCE8C20AAFF7042E721CBA16EAAE98778611DED11C0ABC8900DC5667F99B50A9DADEC24DBD8F2C91E3E8AD300EF64F1B4B9536CEB16FB440AF939F57624A9B486F867807C649AE4830EAB88C6C03998")] +#else +[assembly: InternalsVisibleTo("DotNetOpenAuth.Test")] +[assembly: InternalsVisibleTo("DotNetOpenAuth.OpenId.Provider")] +#endif |