Added missing capability for Service Providers to specify a non-memory nonce store.

8 files changed, 70 insertions, 16 deletions

diff --git a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
index 53d52d3..eecaecf 100644
--- a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
+++ b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
@@ -236,6 +236,11 @@
 												<xs:attribute name="maxAuthorizationTime" type="xs:string" default="0:05" />
 											</xs:complexType>
 										</xs:element>
+										<xs:element name="store">
+											<xs:complexType>
+												<xs:attribute name="type" type="xs:string"/>
+											</xs:complexType>
+										</xs:element>
 									</xs:choice>
 								</xs:complexType>
 							</xs:element>
diff --git a/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs b/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs
index 5ff528d..8e910a0 100644
--- a/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs
+++ b/src/DotNetOpenAuth/Configuration/OAuthServiceProviderElement.cs
@@ -6,12 +6,18 @@
 
 namespace DotNetOpenAuth.Configuration {
 	using System.Configuration;
+	using DotNetOpenAuth.Messaging.Bindings;
 
 	/// <summary>
 	/// Represents the &lt;oauth/serviceProvider&gt; element in the host's .config file.
 	/// </summary>
 	internal class OAuthServiceProviderElement : ConfigurationElement {
 		/// <summary>
+		/// The name of the custom store sub-element.
+		/// </summary>
+		private const string StoreConfigName = "store";
+
+		/// <summary>
 		/// Gets the name of the security sub-element.
 		/// </summary>
 		private const string SecuritySettingsConfigName = "security";
@@ -23,6 +29,15 @@ namespace DotNetOpenAuth.Configuration {
 		}
 
 		/// <summary>
+		/// Gets or sets the type to use for storing application state.
+		/// </summary>
+		[ConfigurationProperty(StoreConfigName)]
+		public TypeConfigurationElement<INonceStore> ApplicationStore {
+			get { return (TypeConfigurationElement<INonceStore>)this[StoreConfigName] ?? new TypeConfigurationElement<INonceStore>(); }
+			set { this[StoreConfigName] = value; }
+		}
+
+		/// <summary>
 		/// Gets or sets the security settings.
 		/// </summary>
 		[ConfigurationProperty(SecuritySettingsConfigName)]
diff --git a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
index f9c4e4e..70ecf75 100644
--- a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
+++ b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.OAuth {
 	using System;
 	using System.Collections.Generic;
+	using System.ComponentModel;
 	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
 	using System.Globalization;
@@ -31,6 +32,12 @@ namespace DotNetOpenAuth.OAuth {
 	/// </remarks>
 	public class ServiceProvider : IDisposable {
 		/// <summary>
+		/// The name of the key to use in the HttpApplication cache to store the
+		/// instance of <see cref="NonceMemoryStore"/> to use.
+		/// </summary>
+		private const string ApplicationStoreKey = "DotNetOpenAuth.OAuth.ServiceProvider.HttpApplicationStore";
+
+		/// <summary>
 		/// The length of the verifier code (in raw bytes before base64 encoding) to generate.
 		/// </summary>
 		private const int VerifierCodeLength = 5;
@@ -56,7 +63,7 @@ namespace DotNetOpenAuth.OAuth {
 		/// <param name="tokenManager">The host's method of storing and recalling tokens and secrets.</param>
 		/// <param name="messageTypeProvider">An object that can figure out what type of message is being received for deserialization.</param>
 		public ServiceProvider(ServiceProviderDescription serviceDescription, IServiceProviderTokenManager tokenManager, OAuthServiceProviderMessageFactory messageTypeProvider)
-			: this(serviceDescription, tokenManager, new NonceMemoryStore(StandardExpirationBindingElement.DefaultMaximumMessageAge), messageTypeProvider) {
+			: this(serviceDescription, tokenManager, DotNetOpenAuthSection.Configuration.OAuth.ServiceProvider.ApplicationStore.CreateInstance(HttpApplicationStore), messageTypeProvider) {
 		}
 
 		/// <summary>
@@ -90,6 +97,33 @@ namespace DotNetOpenAuth.OAuth {
 		}
 
 		/// <summary>
+		/// Gets the standard state storage mechanism that uses ASP.NET's
+		/// HttpApplication state dictionary to store associations and nonces.
+		/// </summary>
+		[EditorBrowsable(EditorBrowsableState.Advanced)]
+		public static INonceStore HttpApplicationStore {
+			get {
+				Contract.Ensures(Contract.Result<INonceStore>() != null);
+
+				HttpContext context = HttpContext.Current;
+				ErrorUtilities.VerifyOperation(context != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(INonceStore).Name);
+				var store = (INonceStore)context.Application[ApplicationStoreKey];
+				if (store == null) {
+					context.Application.Lock();
+					try {
+						if ((store = (INonceStore)context.Application[ApplicationStoreKey]) == null) {
+							context.Application[ApplicationStoreKey] = store = new NonceMemoryStore(StandardExpirationBindingElement.DefaultMaximumMessageAge);
+						}
+					} finally {
+						context.Application.UnLock();
+					}
+				}
+
+				return store;
+			}
+		}
+
+		/// <summary>
 		/// Gets the description of this Service Provider.
 		/// </summary>
 		public ServiceProviderDescription ServiceDescription { get; private set; }
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
index 4c44439..a5802d8 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
@@ -542,15 +542,6 @@ namespace DotNetOpenAuth.OpenId {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}..
-        /// </summary>
-        internal static string StoreRequiredWhenNoHttpContextAvailable {
-            get {
-                return ResourceManager.GetString("StoreRequiredWhenNoHttpContextAvailable", resourceCulture);
-            }
-        }
-        
-        /// <summary>
         ///   Looks up a localized string similar to The type must implement {0}..
         /// </summary>
         internal static string TypeMustImplementX {
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
index 0cc193b..40a0d0b 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
@@ -244,9 +244,6 @@ Discovered endpoint info:
   <data name="XriResolutionFailed" xml:space="preserve">
     <value>XRI resolution failed.</value>
   </data>
-  <data name="StoreRequiredWhenNoHttpContextAvailable" xml:space="preserve">
-    <value>No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}.</value>
-  </data>
   <data name="AttributeAlreadyAdded" xml:space="preserve">
     <value>An attribute with type URI '{0}' has already been added.</value>
   </data>
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index 7efa60c..f05115c 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -40,7 +40,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// The name of the key to use in the HttpApplication cache to store the
 		/// instance of <see cref="StandardRelyingPartyApplicationStore"/> to use.
 		/// </summary>
-		private const string ApplicationStoreKey = "DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.ApplicationStore";
+		private const string ApplicationStoreKey = "DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.HttpApplicationStore";
 
 		/// <summary>
 		/// Backing field for the <see cref="SecuritySettings"/> property.
@@ -119,7 +119,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 				Contract.Ensures(Contract.Result<IRelyingPartyApplicationStore>() != null);
 
 				HttpContext context = HttpContext.Current;
-				ErrorUtilities.VerifyOperation(context != null, OpenIdStrings.StoreRequiredWhenNoHttpContextAvailable, typeof(IRelyingPartyApplicationStore).Name);
+				ErrorUtilities.VerifyOperation(context != null, Strings.StoreRequiredWhenNoHttpContextAvailable, typeof(IRelyingPartyApplicationStore).Name);
 				var store = (IRelyingPartyApplicationStore)context.Application[ApplicationStoreKey];
 				if (store == null) {
 					context.Application.Lock();
diff --git a/src/DotNetOpenAuth/Strings.Designer.cs b/src/DotNetOpenAuth/Strings.Designer.cs
index eea4675..760ef97 100644
--- a/src/DotNetOpenAuth/Strings.Designer.cs
+++ b/src/DotNetOpenAuth/Strings.Designer.cs
@@ -1,7 +1,7 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.3521
+//     Runtime Version:2.0.50727.4927
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -68,5 +68,14 @@ namespace DotNetOpenAuth {
                 return ResourceManager.GetString("ConfigurationTypeMustBePublic", resourceCulture);
             }
         }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}..
+        /// </summary>
+        internal static string StoreRequiredWhenNoHttpContextAvailable {
+            get {
+                return ResourceManager.GetString("StoreRequiredWhenNoHttpContextAvailable", resourceCulture);
+            }
+        }
     }
 }
diff --git a/src/DotNetOpenAuth/Strings.resx b/src/DotNetOpenAuth/Strings.resx
index c42347b..0cf00a5 100644
--- a/src/DotNetOpenAuth/Strings.resx
+++ b/src/DotNetOpenAuth/Strings.resx
@@ -120,4 +120,7 @@
   <data name="ConfigurationTypeMustBePublic" xml:space="preserve">
     <value>The configuration-specified type {0} must be public, and is not.</value>
   </data>
+  <data name="StoreRequiredWhenNoHttpContextAvailable" xml:space="preserve">
+    <value>No current HttpContext was detected, so an {0} instance must be explicitly provided or specified in the .config file.  Call the constructor overload that takes an {0}.</value>
+  </data>
 </root>
\ No newline at end of file