6 files changed, 183 insertions, 1 deletions

diff --git a/src/DotNetOpenAuth/DotNetOpenAuth.csproj b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
index eaac6b8..7686ff6 100644
--- a/src/DotNetOpenAuth/DotNetOpenAuth.csproj
+++ b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
@@ -294,6 +294,7 @@
     <Compile Include="OpenId\ProviderEndpointDescription.cs" />
     <Compile Include="OpenId\Provider\ProviderSecuritySettings.cs" />
     <Compile Include="OpenId\RelyingParty\IRelyingPartyApplicationStore.cs" />
+    <Compile Include="OpenId\RelyingParty\AuthenticationResponseSnapshot.cs" />
     <Compile Include="OpenId\RelyingParty\RelyingPartySecuritySettings.cs" />
     <Compile Include="OpenId\RelyingParty\ServiceEndpoint.cs" />
     <Compile Include="OpenId\OpenIdXrdsHelper.cs" />
diff --git a/src/DotNetOpenAuth/Messaging/DirectWebRequestOptions.cs b/src/DotNetOpenAuth/Messaging/DirectWebRequestOptions.cs
index e07f4f1..f3ce805 100644
--- a/src/DotNetOpenAuth/Messaging/DirectWebRequestOptions.cs
+++ b/src/DotNetOpenAuth/Messaging/DirectWebRequestOptions.cs
@@ -6,6 +6,7 @@
 
 namespace DotNetOpenAuth.Messaging {
 	using System;
+	using System.Net;
 
 	/// <summary>
 	/// A set of flags that can control the behavior of an individual web request.
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
index 2a33c07..8d9f04e 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
@@ -389,6 +389,15 @@ namespace DotNetOpenAuth.OpenId {
         }
         
         /// <summary>
+        ///   Looks up a localized string similar to This operation is not supported by serialized authentication responses.  Try this operation from the LoggedIn event handler..
+        /// </summary>
+        internal static string NotSupportedByAuthenticationSnapshot {
+            get {
+                return ResourceManager.GetString("NotSupportedByAuthenticationSnapshot", resourceCulture);
+            }
+        }
+        
+        /// <summary>
         ///   Looks up a localized string similar to No OpenId endpoint found..
         /// </summary>
         internal static string OpenIdEndpointNotFound {
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
index 1d528db..43133db 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
@@ -280,4 +280,7 @@ Discovered endpoint info:
   <data name="UnexpectedHttpStatusCode" xml:space="preserve">
     <value>Unexpected HTTP status code {0} {1} received in direct response.</value>
   </data>
+  <data name="NotSupportedByAuthenticationSnapshot" xml:space="preserve">
+    <value>This operation is not supported by serialized authentication responses.  Try this operation from the LoggedIn event handler.</value>
+  </data>
 </root>
\ No newline at end of file
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationResponseSnapshot.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationResponseSnapshot.cs
new file mode 100644
index 0000000..f70bbaa
--- /dev/null
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationResponseSnapshot.cs
@@ -0,0 +1,168 @@
+//-----------------------------------------------------------------------
+// <copyright file="AuthenticationResponseSnapshot.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OpenId.RelyingParty {
+	using System;
+	using System.Collections.Generic;
+	using System.Text;
+	using System.Web;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OpenId.Messages;
+
+	/// <summary>
+	/// A serializable snapshot of a verified authentication message.
+	/// </summary>
+	[Serializable]
+	internal class AuthenticationResponseSnapshot : IAuthenticationResponse {
+		/// <summary>
+		/// The callback arguments that came with the authentication response.
+		/// </summary>
+		private IDictionary<string, string> callbackArguments;
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="AuthenticationResponseSnapshot"/> class.
+		/// </summary>
+		/// <param name="copyFrom">The authentication response to copy from.</param>
+		internal AuthenticationResponseSnapshot(IAuthenticationResponse copyFrom) {
+			ErrorUtilities.VerifyArgumentNotNull(copyFrom, "copyFrom");
+
+			this.ClaimedIdentifier = copyFrom.ClaimedIdentifier;
+			this.FriendlyIdentifierForDisplay = copyFrom.FriendlyIdentifierForDisplay;
+			this.Status = copyFrom.Status;
+			this.callbackArguments = copyFrom.GetCallbackArguments();
+		}
+
+		#region IAuthenticationResponse Members
+
+		/// <summary>
+		/// Gets the Identifier that the end user claims to own.  For use with user database storage and lookup.
+		/// May be null for some failed authentications (i.e. failed directed identity authentications).
+		/// </summary>
+		/// <value></value>
+		/// <remarks>
+		/// 	<para>
+		/// This is the secure identifier that should be used for database storage and lookup.
+		/// It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects
+		/// user identities against spoofing and other attacks.
+		/// </para>
+		/// 	<para>
+		/// For user-friendly identifiers to display, use the
+		/// <see cref="FriendlyIdentifierForDisplay"/> property.
+		/// </para>
+		/// </remarks>
+		public Identifier ClaimedIdentifier { get; private set; }
+
+		/// <summary>
+		/// Gets a user-friendly OpenID Identifier for display purposes ONLY.
+		/// </summary>
+		/// <value></value>
+		/// <remarks>
+		/// 	<para>
+		/// This <i>should</i> be put through <see cref="HttpUtility.HtmlEncode(string)"/> before
+		/// sending to a browser to secure against javascript injection attacks.
+		/// </para>
+		/// 	<para>
+		/// This property retains some aspects of the user-supplied identifier that get lost
+		/// in the <see cref="ClaimedIdentifier"/>.  For example, XRIs used as user-supplied
+		/// identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD).
+		/// For display purposes, such as text on a web page that says "You're logged in as ...",
+		/// this property serves to provide the =Arnott string, or whatever else is the most friendly
+		/// string close to what the user originally typed in.
+		/// </para>
+		/// 	<para>
+		/// If the user-supplied identifier is a URI, this property will be the URI after all
+		/// redirects, and with the protocol and fragment trimmed off.
+		/// If the user-supplied identifier is an XRI, this property will be the original XRI.
+		/// If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com),
+		/// this property will be the Claimed Identifier, with the protocol stripped if it is a URI.
+		/// </para>
+		/// 	<para>
+		/// It is <b>very</b> important that this property <i>never</i> be used for database storage
+		/// or lookup to avoid identity spoofing and other security risks.  For database storage
+		/// and lookup please use the <see cref="ClaimedIdentifier"/> property.
+		/// </para>
+		/// </remarks>
+		public string FriendlyIdentifierForDisplay { get; private set; }
+
+		/// <summary>
+		/// Gets the detailed success or failure status of the authentication attempt.
+		/// </summary>
+		/// <value></value>
+		public AuthenticationStatus Status { get; private set; }
+
+		/// <summary>
+		/// Gets the details regarding a failed authentication attempt, if available.
+		/// This will be set if and only if <see cref="Status"/> is <see cref="AuthenticationStatus.Failed"/>.
+		/// </summary>
+		/// <value></value>
+		public Exception Exception {
+			get { throw new NotSupportedException(OpenIdStrings.NotSupportedByAuthenticationSnapshot); }
+		}
+
+		/// <summary>
+		/// Tries to get an OpenID extension that may be present in the response.
+		/// </summary>
+		/// <typeparam name="T">The type of extension to look for in the response message.</typeparam>
+		/// <returns>
+		/// The extension, if it is found.  Null otherwise.
+		/// </returns>
+		public T GetExtension<T>() where T : IOpenIdMessageExtension {
+			throw new NotSupportedException(OpenIdStrings.NotSupportedByAuthenticationSnapshot);
+		}
+
+		/// <summary>
+		/// Tries to get an OpenID extension that may be present in the response.
+		/// </summary>
+		/// <param name="extensionType">Type of the extension to look for in the response.</param>
+		/// <returns>
+		/// The extension, if it is found.  Null otherwise.
+		/// </returns>
+		public IOpenIdMessageExtension GetExtension(Type extensionType) {
+			throw new NotSupportedException(OpenIdStrings.NotSupportedByAuthenticationSnapshot);
+		}
+
+		/// <summary>
+		/// Gets all the callback arguments that were previously added using
+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part
+		/// of the return_to URL.
+		/// </summary>
+		/// <returns>A name-value dictionary.  Never null.</returns>
+		/// <remarks>
+		/// 	<para>This MAY return any argument on the querystring that came with the authentication response,
+		/// which may include parameters not explicitly added using
+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para>
+		/// 	<para>Note that these values are NOT protected against tampering in transit.</para>
+		/// </remarks>
+		public IDictionary<string, string> GetCallbackArguments() {
+			// Return a copy so that the caller cannot change the contents.
+			return new Dictionary<string, string>(this.callbackArguments);
+		}
+
+		/// <summary>
+		/// Gets a callback argument's value that was previously added using
+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.
+		/// </summary>
+		/// <param name="key">The name of the parameter whose value is sought.</param>
+		/// <returns>
+		/// The value of the argument, or null if the named parameter could not be found.
+		/// </returns>
+		/// <remarks>
+		/// 	<para>This may return any argument on the querystring that came with the authentication response,
+		/// which may include parameters not explicitly added using
+		/// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para>
+		/// 	<para>Note that these values are NOT protected against tampering in transit.</para>
+		/// </remarks>
+		public string GetCallbackArgument(string key) {
+			ErrorUtilities.VerifyArgumentNotNull(key, "key");
+
+			string value;
+			this.callbackArguments.TryGetValue(key, out value);
+			return value;
+		}
+
+		#endregion
+	}
+}
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs
index 2076b8e..42342dd 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs
@@ -358,7 +358,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 
 						// Save out the authentication response to viewstate so we can find it on
 						// a subsequent postback.
-						this.ViewState[AuthenticationResponseViewStateKey] = this.authenticationResponse;
+						this.ViewState[AuthenticationResponseViewStateKey] = new AuthenticationResponseSnapshot(this.authenticationResponse);
 					} else {
 						this.authenticationResponse = viewstateResponse;
 					}