Added the InfoCardSelector.Audience property.

3 files changed, 71 insertions, 14 deletions

diff --git a/src/DotNetOpenAuth/ComponentModel/UriConverter.cs b/src/DotNetOpenAuth/ComponentModel/UriConverter.cs
index 51fd15a..93e4809 100644
--- a/src/DotNetOpenAuth/ComponentModel/UriConverter.cs
+++ b/src/DotNetOpenAuth/ComponentModel/UriConverter.cs
@@ -17,7 +17,7 @@ namespace DotNetOpenAuth.ComponentModel {
 	/// A design-time helper to allow controls to have properties
 	/// of type <see cref="Uri"/>.
 	/// </summary>
-	public abstract class UriConverter : ConverterBase<Uri> {
+	public class UriConverter : ConverterBase<Uri> {
 		/// <summary>
 		/// Initializes a new instance of the UriConverter class.
 		/// </summary>
@@ -27,7 +27,9 @@ namespace DotNetOpenAuth.ComponentModel {
 		/// <summary>
 		/// Gets the type to reflect over to extract the well known values.
 		/// </summary>
-		protected abstract Type WellKnownValuesType { get; }
+		protected virtual Type WellKnownValuesType {
+			get { return null; }
+		}
 
 		/// <summary>
 		/// Returns whether the given value object is valid for this type and for the specified context.
@@ -38,11 +40,12 @@ namespace DotNetOpenAuth.ComponentModel {
 		/// true if the specified value is valid for this object; otherwise, false.
 		/// </returns>
 		public override bool IsValid(ITypeDescriptorContext context, object value) {
+			string stringValue;
 			if (value is Uri) {
 				return ((Uri)value).IsAbsoluteUri;
-			} else if (value is string) {
+			} else if ((stringValue = value as string) != null) {
 				Uri result;
-				return Uri.TryCreate((string)value, UriKind.Absolute, out result);
+				return stringValue.Length == 0 || Uri.TryCreate(stringValue, UriKind.Absolute, out result);
 			} else {
 				return false;
 			}
@@ -55,7 +58,7 @@ namespace DotNetOpenAuth.ComponentModel {
 		/// <returns>The strongly-typed object.</returns>
 		[Pure]
 		protected override Uri ConvertFrom(string value) {
-			return new Uri(value);
+			return string.IsNullOrEmpty(value) ? null : new Uri(value);
 		}
 
 		/// <summary>
@@ -67,6 +70,10 @@ namespace DotNetOpenAuth.ComponentModel {
 		/// </returns>
 		[Pure]
 		protected override InstanceDescriptor CreateFrom(Uri value) {
+			if (value == null) {
+				return null;
+			}
+
 			MemberInfo uriCtor = typeof(Uri).GetConstructor(new Type[] { typeof(string) });
 			return new InstanceDescriptor(uriCtor, new object[] { value.AbsoluteUri });
 		}
@@ -78,6 +85,10 @@ namespace DotNetOpenAuth.ComponentModel {
 		/// <returns>The string representation of the object.</returns>
 		[Pure]
 		protected override string ConvertToString(Uri value) {
+			if (value == null) {
+				return null;
+			}
+
 			return value.AbsoluteUri;
 		}
 
@@ -87,11 +98,15 @@ namespace DotNetOpenAuth.ComponentModel {
 		/// <returns>An array of the standard claim types.</returns>
 		[Pure]
 		protected override ICollection GetStandardValuesForCache() {
-			var fields = from field in this.WellKnownValuesType.GetFields(BindingFlags.Static | BindingFlags.Public)
-						 select new Uri((string)field.GetValue(null));
-			var properties = from prop in this.WellKnownValuesType.GetProperties(BindingFlags.Static | BindingFlags.Public)
-							 select new Uri((string)prop.GetValue(null, null));
-			return (fields.Concat(properties)).ToArray();
+			if (this.WellKnownValuesType != null) {
+				var fields = from field in this.WellKnownValuesType.GetFields(BindingFlags.Static | BindingFlags.Public)
+							 select new Uri((string)field.GetValue(null));
+				var properties = from prop in this.WellKnownValuesType.GetProperties(BindingFlags.Static | BindingFlags.Public)
+								 select new Uri((string)prop.GetValue(null, null));
+				return (fields.Concat(properties)).ToArray();
+			} else {
+				return new Uri[0];
+			}
 		}
 	}
 }
diff --git a/src/DotNetOpenAuth/InfoCard/InfoCardSelector.cs b/src/DotNetOpenAuth/InfoCard/InfoCardSelector.cs
index 55789fe..e6e69df 100644
--- a/src/DotNetOpenAuth/InfoCard/InfoCardSelector.cs
+++ b/src/DotNetOpenAuth/InfoCard/InfoCardSelector.cs
@@ -12,6 +12,7 @@ namespace DotNetOpenAuth.InfoCard {
 	using System.Collections.ObjectModel;
 	using System.ComponentModel;
 	using System.Diagnostics.Contracts;
+	using System.Drawing.Design;
 	using System.Globalization;
 	using System.Linq;
 	using System.Web.UI;
@@ -126,6 +127,11 @@ namespace DotNetOpenAuth.InfoCard {
 		private const string PrivacyVersionViewStateKey = "PrivacyVersion";
 
 		/// <summary>
+		/// The viewstate key for storing the <see cref="Audience" /> property.
+		/// </summary>
+		private const string AudienceViewStateKey = "Audience";
+
+		/// <summary>
 		/// The viewstate key for storing the <see cref="AutoPostBack" /> property.
 		/// </summary>
 		private const string AutoPostBackViewStateKey = "AutoPostBack";
@@ -177,6 +183,13 @@ namespace DotNetOpenAuth.InfoCard {
 		private Panel infoCardNotSupportedPanel;
 
 		/// <summary>
+		/// Recalls whether the <see cref="Audience"/> property has been set yet,
+		/// so its default can be set as soon as possible without overwriting
+		/// an intentional value.
+		/// </summary>
+		private bool audienceSet;
+
+		/// <summary>
 		/// Occurs when an InfoCard has been submitted but not decoded yet.
 		/// </summary>
 		[Category(InfoCardCategory)]
@@ -256,6 +269,30 @@ namespace DotNetOpenAuth.InfoCard {
 		}
 
 		/// <summary>
+		/// Gets or sets the URI that must be found for the SAML token's intended audience
+		/// in order for the token to be processed.
+		/// </summary>
+		/// <value>Typically the URI of the page hosting the control, or <c>null</c> to disable audience verification.</value>
+		/// <remarks>
+		/// Disabling audience verification introduces a security risk 
+		/// because tokens can be redirected to allow access to unintended resources.
+		/// </remarks>
+		[Description("Specifies the URI that must be found for the SAML token's intended audience.")]
+		[Bindable(true), Category(InfoCardCategory)]
+		[TypeConverter(typeof(ComponentModel.UriConverter))]
+		[UrlProperty, Editor("System.Web.UI.Design.UrlEditor, System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", typeof(UITypeEditor))]
+		public Uri Audience {
+			get {
+				return (Uri)this.ViewState[AudienceViewStateKey];
+			}
+
+			set {
+				this.ViewState[AudienceViewStateKey] = value;
+				this.audienceSet = true;
+			}
+		}
+
+		/// <summary>
 		/// Gets or sets a value indicating whether a postback will automatically
 		/// be invoked when the user selects an Information Card.
 		/// </summary>
@@ -345,7 +382,7 @@ namespace DotNetOpenAuth.InfoCard {
 
 				if (!receivingArgs.Cancel) {
 					try {
-						Token token = new Token(this.TokenXml, this.Page.Request.Url, decryptor);
+						Token token = new Token(this.TokenXml, this.Audience, decryptor);
 						this.OnReceivedToken(token);
 					} catch (InformationCardException ex) {
 						this.OnTokenProcessingError(this.TokenXml, ex);
@@ -409,6 +446,13 @@ namespace DotNetOpenAuth.InfoCard {
 		/// </summary>
 		/// <param name="e">An <see cref="T:System.EventArgs"/> object that contains the event data.</param>
 		protected override void OnInit(EventArgs e) {
+			// Give a default for the Audience property that allows for 
+			// the aspx page to have preset it, and ViewState
+			// to initialize it (even to null) after this.
+			if (!this.audienceSet) {
+				this.Audience = this.Page.Request.Url;
+			}
+
 			base.OnInit(e);
 			this.Page.LoadComplete += delegate { this.EnsureChildControls(); };
 		}
diff --git a/src/DotNetOpenAuth/InfoCard/Token/Token.cs b/src/DotNetOpenAuth/InfoCard/Token/Token.cs
index a7dd0e8..dc8c09a 100644
--- a/src/DotNetOpenAuth/InfoCard/Token/Token.cs
+++ b/src/DotNetOpenAuth/InfoCard/Token/Token.cs
@@ -37,15 +37,13 @@ namespace DotNetOpenAuth.InfoCard {
 		/// Initializes a new instance of the <see cref="Token"/> class.
 		/// </summary>
 		/// <param name="tokenXml">Xml token, which may be encrypted.</param>
-		/// <param name="audience">The audience.</param>
+		/// <param name="audience">The audience.  May be <c>null</c> to avoid audience checking.</param>
 		/// <param name="decryptor">The decryptor to use to decrypt the token, if necessary..</param>
 		/// <exception cref="InformationCardException">Thrown for any problem decoding or decrypting the token.</exception>
 		internal Token(string tokenXml, Uri audience, TokenDecryptor decryptor) {
 			Contract.Requires(tokenXml != null && tokenXml.Length > 0);
-			Contract.Requires(audience != null);
 			Contract.Requires(decryptor != null || !IsEncrypted(tokenXml));
 			ErrorUtilities.VerifyNonZeroLength(tokenXml, "tokenXml");
-			ErrorUtilities.VerifyArgumentNotNull(audience, "audience");
 
 			byte[] decryptedBytes;
 			string decryptedString;