summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAndrew Arnott <andrewarnott@gmail.com>2009-02-15 14:24:55 -0800
committerAndrew Arnott <andrewarnott@gmail.com>2009-02-15 14:24:55 -0800
commit2371d9cca82d2069596d0ced96bcc1a7ece94351 (patch)
tree3862855c2c6e0b7aa6988afd3525867a998faff4 /src
parent52da6a97a2d0f35d4b285f7379af4d5fdbd64f23 (diff)
downloadDotNetOpenAuth-2371d9cca82d2069596d0ced96bcc1a7ece94351.zip
DotNetOpenAuth-2371d9cca82d2069596d0ced96bcc1a7ece94351.tar.gz
DotNetOpenAuth-2371d9cca82d2069596d0ced96bcc1a7ece94351.tar.bz2
Modified comment on second discovery of identifier indicating that background caching of discovery information is happening.
Diffstat (limited to 'src')
-rw-r--r--src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs9
1 files changed, 4 insertions, 5 deletions
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs
index 4e76a48..db1720f 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs
@@ -230,11 +230,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
private void VerifyDiscoveryMatchesAssertion() {
Logger.Debug("Verifying assertion matches identifier discovery results...");
- // TODO: optimize this to not perform a second discovery when we could cache it
- // either through the return_to URL or application state.
- // PROPOSAL: sign the discovered information in the request so that when it
- // comes back in the assertion we can verify that it hasn't changed, without
- // sending two copies of all the data in the request.
+ // While it LOOKS like we're performing discovery over HTTP again
+ // Yadis.IdentifierDiscoveryCachePolicy is set to HttpRequestCacheLevel.CacheIfAvailable
+ // which means that the .NET runtime is caching our discoveries for us. This turns out
+ // to be very fast and keeps our code clean and easily verifiable as correct and secure.
var discoveryResults = this.response.ClaimedIdentifier.Discover(this.relyingParty.WebRequestHandler);
ErrorUtilities.VerifyProtocol(discoveryResults.Contains(this.endpoint), OpenIdStrings.IssuedAssertionFailsIdentifierDiscovery, this.endpoint, discoveryResults.ToStringDeferred(true));
}