Modified comment on second discovery of identifier indicating that background caching of discovery information is happening.

1 files changed, 4 insertions, 5 deletions

diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs
index 4e76a48..db1720f 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/PositiveAuthenticationResponse.cs
@@ -230,11 +230,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		private void VerifyDiscoveryMatchesAssertion() {
 			Logger.Debug("Verifying assertion matches identifier discovery results...");
 
-			// TODO: optimize this to not perform a second discovery when we could cache it
-			// either through the return_to URL or application state.
-			// PROPOSAL: sign the discovered information in the request so that when it
-			// comes back in the assertion we can verify that it hasn't changed, without
-			// sending two copies of all the data in the request.
+			// While it LOOKS like we're performing discovery over HTTP again
+			// Yadis.IdentifierDiscoveryCachePolicy is set to HttpRequestCacheLevel.CacheIfAvailable
+			// which means that the .NET runtime is caching our discoveries for us.  This turns out
+			// to be very fast and keeps our code clean and easily verifiable as correct and secure.
 			var discoveryResults = this.response.ClaimedIdentifier.Discover(this.relyingParty.WebRequestHandler);
 			ErrorUtilities.VerifyProtocol(discoveryResults.Contains(this.endpoint), OpenIdStrings.IssuedAssertionFailsIdentifierDiscovery, this.endpoint, discoveryResults.ToStringDeferred(true));
 		}