3 files changed, 62 insertions, 9 deletions

diff --git a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
index 9786068..0b27948 100644
--- a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
+++ b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
@@ -218,6 +218,16 @@
 								</xs:documentation>
 							</xs:annotation>
 						</xs:attribute>
+						<xs:attribute name="maximumIndirectMessageUrlLength" type="xs:int" default="2048">
+							<xs:annotation>
+								<xs:documentation>
+									The maximum allowable size for a 301 Redirect response before we send
+									a 200 OK response with a scripted form POST with the parameters instead
+									in order to ensure successfully sending a large payload to another server
+									that might have a maximum allowable size restriction on its GET request.
+								</xs:documentation>
+							</xs:annotation>
+						</xs:attribute>
 					</xs:complexType>
 				</xs:element>
 				<xs:element name="openid">
diff --git a/src/DotNetOpenAuth/Configuration/MessagingElement.cs b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
index f130dbc..28b34a3 100644
--- a/src/DotNetOpenAuth/Configuration/MessagingElement.cs
+++ b/src/DotNetOpenAuth/Configuration/MessagingElement.cs
@@ -37,6 +37,20 @@ namespace DotNetOpenAuth.Configuration {
 		private const string StrictConfigName = "strict";
 
 		/// <summary>
+		/// The default value for the <see cref="MaximumIndirectMessageUrlLength"/> property.
+		/// </summary>
+		/// <value>
+		/// 2KB, recommended by OpenID group
+		/// </value>
+		private const int DefaultMaximumIndirectMessageUrlLength = 2 * 1024;
+
+		/// <summary>
+		/// The name of the attribute that controls the maximum length of a URL before it is converted
+		/// to a POST payload.
+		/// </summary>
+		private const string MaximumIndirectMessageUrlLengthConfigName = "maximumIndirectMessageUrlLength";
+
+		/// <summary>
 		/// Gets the actual maximum message lifetime that a program should allow.
 		/// </summary>
 		/// <value>The sum of the <see cref="MaximumMessageLifetime"/> and 
@@ -114,5 +128,19 @@ namespace DotNetOpenAuth.Configuration {
 			get { return (UntrustedWebRequestElement)this[UntrustedWebRequestElementName] ?? new UntrustedWebRequestElement(); }
 			set { this[UntrustedWebRequestElementName] = value; }
 		}
+
+		/// <summary>
+		/// Gets or sets the maximum allowable size for a 301 Redirect response before we send
+		/// a 200 OK response with a scripted form POST with the parameters instead
+		/// in order to ensure successfully sending a large payload to another server
+		/// that might have a maximum allowable size restriction on its GET request.
+		/// </summary>
+		/// <value>The default value is 2048.</value>
+		[ConfigurationProperty(MaximumIndirectMessageUrlLengthConfigName, DefaultValue = DefaultMaximumIndirectMessageUrlLength)]
+		[IntegerValidator(MinValue = 500, MaxValue = 4096)]
+		internal int MaximumIndirectMessageUrlLength {
+			get { return (int)this[MaximumIndirectMessageUrlLengthConfigName]; }
+			set { this[MaximumIndirectMessageUrlLengthConfigName] = value; }
+		}
 	}
 }
diff --git a/src/DotNetOpenAuth/Messaging/Channel.cs b/src/DotNetOpenAuth/Messaging/Channel.cs
index 84dbe3c..fd06f1f 100644
--- a/src/DotNetOpenAuth/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth/Messaging/Channel.cs
@@ -47,14 +47,6 @@ namespace DotNetOpenAuth.Messaging {
 		protected internal static readonly ContentType HttpFormUrlEncodedContentType = new ContentType(HttpFormUrlEncoded) { CharSet = PostEntityEncoding.WebName };
 
 		/// <summary>
-		/// The maximum allowable size for a 301 Redirect response before we send
-		/// a 200 OK response with a scripted form POST with the parameters instead
-		/// in order to ensure successfully sending a large payload to another server
-		/// that might have a maximum allowable size restriction on its GET request.
-		/// </summary>
-		private const int IndirectMessageGetToPostThreshold = 2 * 1024; // 2KB, recommended by OpenID group
-
-		/// <summary>
 		/// The HTML that should be returned to the user agent as part of a 301 Redirect.
 		/// </summary>
 		/// <value>A string that should be used as the first argument to String.Format, where the {0} should be replaced with the URL to redirect to.</value>
@@ -120,6 +112,11 @@ namespace DotNetOpenAuth.Messaging {
 		private RequestCachePolicy cachePolicy = new HttpRequestCachePolicy(HttpRequestCacheLevel.NoCacheNoStore);
 
 		/// <summary>
+		/// Backing field for the <see cref="MaximumIndirectMessageUrlLength"/> property.
+		/// </summary>
+		private int maximumIndirectMessageUrlLength = Configuration.DotNetOpenAuthSection.Configuration.Messaging.MaximumIndirectMessageUrlLength;
+
+		/// <summary>
 		/// Initializes a new instance of the <see cref="Channel"/> class.
 		/// </summary>
 		/// <param name="messageTypeProvider">
@@ -157,6 +154,24 @@ namespace DotNetOpenAuth.Messaging {
 		public IDirectWebRequestHandler WebRequestHandler { get; set; }
 
 		/// <summary>
+		/// Gets or sets the maximum allowable size for a 301 Redirect response before we send
+		/// a 200 OK response with a scripted form POST with the parameters instead
+		/// in order to ensure successfully sending a large payload to another server
+		/// that might have a maximum allowable size restriction on its GET request.
+		/// </summary>
+		/// <value>The default value is 2048.</value>
+		public int MaximumIndirectMessageUrlLength {
+			get {
+				return this.maximumIndirectMessageUrlLength;
+			}
+
+			set {
+				Contract.Requires<ArgumentOutOfRangeException>(value >= 500 && value <= 4096);
+				this.maximumIndirectMessageUrlLength = value;
+			}
+		}
+
+		/// <summary>
 		/// Gets or sets the message descriptions.
 		/// </summary>
 		internal MessageDescriptionCollection MessageDescriptions {
@@ -730,7 +745,7 @@ namespace DotNetOpenAuth.Messaging {
 			// First try creating a 301 redirect, and fallback to a form POST
 			// if the message is too big.
 			OutgoingWebResponse response = this.Create301RedirectResponse(message, fields);
-			if (response.Headers[HttpResponseHeader.Location].Length > IndirectMessageGetToPostThreshold) {
+			if (response.Headers[HttpResponseHeader.Location].Length > this.MaximumIndirectMessageUrlLength) {
 				response = this.CreateFormPostResponse(message, fields);
 			}