diff options
11 files changed, 546 insertions, 535 deletions
diff --git a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs index bcce1dc..c07b554 100644 --- a/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs +++ b/projecttemplates/MvcRelyingParty/Controllers/AccountController.cs @@ -1,233 +1,112 @@ -using System; -using System.Collections.Generic; -using System.Globalization; -using System.Linq; -using System.Security.Principal; -using System.Web; -using System.Web.Mvc; -using System.Web.Security; -using System.Web.UI; - -namespace MvcRelyingParty.Controllers { +namespace MvcRelyingParty.Controllers { + using System; + using System.Collections.Generic; + using System.Globalization; + using System.Linq; + using System.Security.Principal; + using System.Web; + using System.Web.Mvc; + using System.Web.Security; + using System.Web.UI; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration; + using DotNetOpenAuth.OpenId.RelyingParty; + using RelyingPartyLogic; + using DotNetOpenAuth.OpenId; [HandleError] public class AccountController : Controller { + internal static OpenIdRelyingParty relyingParty = new OpenIdRelyingParty(); // This constructor is used by the MVC framework to instantiate the controller using // the default forms authentication and membership providers. public AccountController() - : this(null, null) { + : this(null) { } // This constructor is not used by the MVC framework but is instead provided for ease // of unit testing this type. See the comments at the end of this file for more // information. - public AccountController(IFormsAuthentication formsAuth, IMembershipService service) { + public AccountController(IFormsAuthentication formsAuth) { FormsAuth = formsAuth ?? new FormsAuthenticationService(); - MembershipService = service ?? new AccountMembershipService(); - } - - public IFormsAuthentication FormsAuth { - get; - private set; } - public IMembershipService MembershipService { - get; - private set; - } - - public ActionResult LogOn() { - - return View(); - } - - [AcceptVerbs(HttpVerbs.Post)] - [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1054:UriParametersShouldNotBeStrings", - Justification = "Needs to take same parameter type as Controller.Redirect()")] - public ActionResult LogOn(string userName, string password, bool rememberMe, string returnUrl) { - - if (!ValidateLogOn(userName, password)) { - return View(); - } + public IFormsAuthentication FormsAuth { get; private set; } - FormsAuth.SignIn(userName, rememberMe); - if (!String.IsNullOrEmpty(returnUrl)) { - return Redirect(returnUrl); - } else { - return RedirectToAction("Index", "Home"); + public Realm Realm { + get { + UriBuilder builder = new UriBuilder(Request.Url); + builder.Path = Request.ApplicationPath; + return builder.Uri; } } - - public ActionResult LogOff() { - - FormsAuth.SignOut(); - - return RedirectToAction("Index", "Home"); + public Uri ReturnTo { + get { return new Uri(Request.Url, Url.Action("LogOnReturnTo")); } } - public ActionResult Register() { - - ViewData["PasswordLength"] = MembershipService.MinPasswordLength; - + public ActionResult LogOn() { return View(); } [AcceptVerbs(HttpVerbs.Post)] - public ActionResult Register(string userName, string email, string password, string confirmPassword) { - - ViewData["PasswordLength"] = MembershipService.MinPasswordLength; - - if (ValidateRegistration(userName, email, password, confirmPassword)) { - // Attempt to register the user - MembershipCreateStatus createStatus = MembershipService.CreateUser(userName, password, email); + public ActionResult LogOn(string openid_identifier, bool rememberMe, string returnUrl) { + try { + var request = relyingParty.CreateRequest(openid_identifier, this.Realm, this.ReturnTo); + request.SetUntrustedCallbackArgument("rememberMe", rememberMe ? "1" : "0"); - if (createStatus == MembershipCreateStatus.Success) { - FormsAuth.SignIn(userName, false /* createPersistentCookie */); - return RedirectToAction("Index", "Home"); - } else { - ModelState.AddModelError("_FORM", ErrorCodeToString(createStatus)); + // This might be signed so the OP can't send the user to a dangerous URL. + // Of course, if that itself was a danger then the site is vulnerable to XSRF attacks anyway. + if (!string.IsNullOrEmpty(returnUrl)) { + request.SetUntrustedCallbackArgument("returnUrl", returnUrl); } - } - - // If we got this far, something failed, redisplay form - return View(); - } - - [Authorize] - public ActionResult ChangePassword() { - - ViewData["PasswordLength"] = MembershipService.MinPasswordLength; - - return View(); - } - - [Authorize] - [AcceptVerbs(HttpVerbs.Post)] - [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Design", "CA1031:DoNotCatchGeneralExceptionTypes", - Justification = "Exceptions result in password not being changed.")] - public ActionResult ChangePassword(string currentPassword, string newPassword, string confirmPassword) { - ViewData["PasswordLength"] = MembershipService.MinPasswordLength; - - if (!ValidateChangePassword(currentPassword, newPassword, confirmPassword)) { + // Ask for the user's email, not because we necessarily need it to do our work, + // but so we can display something meaningful to the user as their "username" + // when they log in with a PPID from Google, for example. + request.AddExtension(new ClaimsRequest { + Email = DemandLevel.Require, + FullName = DemandLevel.Request, + }); + + return request.RedirectingResponse.AsActionResult(); + } catch (ProtocolException ex) { + ModelState.AddModelError("OpenID", ex); return View(); } - - try { - if (MembershipService.ChangePassword(User.Identity.Name, currentPassword, newPassword)) { - return RedirectToAction("ChangePasswordSuccess"); - } else { - ModelState.AddModelError("_FORM", "The current password is incorrect or the new password is invalid."); - return View(); - } - } catch { - ModelState.AddModelError("_FORM", "The current password is incorrect or the new password is invalid."); - return View(); - } - } - - public ActionResult ChangePasswordSuccess() { - - return View(); - } - - protected override void OnActionExecuting(ActionExecutingContext filterContext) { - if (filterContext.HttpContext.User.Identity is WindowsIdentity) { - throw new InvalidOperationException("Windows authentication is not supported."); - } } - #region Validation Methods - - private bool ValidateChangePassword(string currentPassword, string newPassword, string confirmPassword) { - if (String.IsNullOrEmpty(currentPassword)) { - ModelState.AddModelError("currentPassword", "You must specify a current password."); - } - if (newPassword == null || newPassword.Length < MembershipService.MinPasswordLength) { - ModelState.AddModelError("newPassword", - String.Format(CultureInfo.CurrentCulture, - "You must specify a new password of {0} or more characters.", - MembershipService.MinPasswordLength)); - } - - if (!String.Equals(newPassword, confirmPassword, StringComparison.Ordinal)) { - ModelState.AddModelError("_FORM", "The new password and confirmation password do not match."); - } - - return ModelState.IsValid; - } - - private bool ValidateLogOn(string userName, string password) { - if (String.IsNullOrEmpty(userName)) { - ModelState.AddModelError("username", "You must specify a username."); - } - if (String.IsNullOrEmpty(password)) { - ModelState.AddModelError("password", "You must specify a password."); - } - if (!MembershipService.ValidateUser(userName, password)) { - ModelState.AddModelError("_FORM", "The username or password provided is incorrect."); + [AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)] + public ActionResult LogOnReturnTo() { + var response = relyingParty.GetResponse(); + if (response != null) { + switch (response.Status) { + case AuthenticationStatus.Authenticated: + bool rememberMe = response.GetUntrustedCallbackArgument("rememberMe") == "1"; + FormsAuth.SignIn(response.ClaimedIdentifier, rememberMe); + string returnUrl = response.GetCallbackArgument("returnUrl"); + if (!String.IsNullOrEmpty(returnUrl)) { + return Redirect(returnUrl); + } else { + return RedirectToAction("Index", "Home"); + } + break; + case AuthenticationStatus.Canceled: + ModelState.AddModelError("OpenID", "It looks like you canceled login at your OpenID Provider."); + break; + case AuthenticationStatus.Failed: + ModelState.AddModelError("OpenID", response.Exception); + break; + } } - return ModelState.IsValid; - } - - private bool ValidateRegistration(string userName, string email, string password, string confirmPassword) { - if (String.IsNullOrEmpty(userName)) { - ModelState.AddModelError("username", "You must specify a username."); - } - if (String.IsNullOrEmpty(email)) { - ModelState.AddModelError("email", "You must specify an email address."); - } - if (password == null || password.Length < MembershipService.MinPasswordLength) { - ModelState.AddModelError("password", - String.Format(CultureInfo.CurrentCulture, - "You must specify a password of {0} or more characters.", - MembershipService.MinPasswordLength)); - } - if (!String.Equals(password, confirmPassword, StringComparison.Ordinal)) { - ModelState.AddModelError("_FORM", "The new password and confirmation password do not match."); - } - return ModelState.IsValid; + return View("LogOn"); } - private static string ErrorCodeToString(MembershipCreateStatus createStatus) { - // See http://msdn.microsoft.com/en-us/library/system.web.security.membershipcreatestatus.aspx for - // a full list of status codes. - switch (createStatus) { - case MembershipCreateStatus.DuplicateUserName: - return "Username already exists. Please enter a different user name."; - - case MembershipCreateStatus.DuplicateEmail: - return "A username for that e-mail address already exists. Please enter a different e-mail address."; - - case MembershipCreateStatus.InvalidPassword: - return "The password provided is invalid. Please enter a valid password value."; - - case MembershipCreateStatus.InvalidEmail: - return "The e-mail address provided is invalid. Please check the value and try again."; - - case MembershipCreateStatus.InvalidAnswer: - return "The password retrieval answer provided is invalid. Please check the value and try again."; - - case MembershipCreateStatus.InvalidQuestion: - return "The password retrieval question provided is invalid. Please check the value and try again."; - - case MembershipCreateStatus.InvalidUserName: - return "The user name provided is invalid. Please check the value and try again."; - - case MembershipCreateStatus.ProviderError: - return "The authentication provider returned an error. Please verify your entry and try again. If the problem persists, please contact your system administrator."; - - case MembershipCreateStatus.UserRejected: - return "The user creation request has been canceled. Please verify your entry and try again. If the problem persists, please contact your system administrator."; - - default: - return "An unknown error occurred. Please verify your entry and try again. If the problem persists, please contact your system administrator."; - } + public ActionResult LogOff() { + FormsAuth.SignOut(); + return RedirectToAction("Index", "Home"); } - #endregion } // The FormsAuthentication type is sealed and contains static members, so it is difficult to @@ -236,57 +115,17 @@ namespace MvcRelyingParty.Controllers { // code unit testable. public interface IFormsAuthentication { - void SignIn(string userName, bool createPersistentCookie); + void SignIn(string claimedIdentifier, bool createPersistentCookie); void SignOut(); } public class FormsAuthenticationService : IFormsAuthentication { - public void SignIn(string userName, bool createPersistentCookie) { - FormsAuthentication.SetAuthCookie(userName, createPersistentCookie); + public void SignIn(string claimedIdentifier, bool createPersistentCookie) { + FormsAuthentication.SetAuthCookie(claimedIdentifier, createPersistentCookie); } + public void SignOut() { FormsAuthentication.SignOut(); } } - - public interface IMembershipService { - int MinPasswordLength { get; } - - bool ValidateUser(string userName, string password); - MembershipCreateStatus CreateUser(string userName, string password, string email); - bool ChangePassword(string userName, string oldPassword, string newPassword); - } - - public class AccountMembershipService : IMembershipService { - private MembershipProvider _provider; - - public AccountMembershipService() - : this(null) { - } - - public AccountMembershipService(MembershipProvider provider) { - _provider = provider ?? Membership.Provider; - } - - public int MinPasswordLength { - get { - return _provider.MinRequiredPasswordLength; - } - } - - public bool ValidateUser(string userName, string password) { - return _provider.ValidateUser(userName, password); - } - - public MembershipCreateStatus CreateUser(string userName, string password, string email) { - MembershipCreateStatus status; - _provider.CreateUser(userName, password, email, null, null, true, null, out status); - return status; - } - - public bool ChangePassword(string userName, string oldPassword, string newPassword) { - MembershipUser currentUser = _provider.GetUser(userName, true /* userIsOnline */); - return currentUser.ChangePassword(oldPassword, newPassword); - } - } } diff --git a/projecttemplates/MvcRelyingParty/Global.asax.cs b/projecttemplates/MvcRelyingParty/Global.asax.cs index 5957ff5..9761fb4 100644 --- a/projecttemplates/MvcRelyingParty/Global.asax.cs +++ b/projecttemplates/MvcRelyingParty/Global.asax.cs @@ -10,6 +10,15 @@ namespace MvcRelyingParty { // visit http://go.microsoft.com/?LinkId=9394801 public class MvcApplication : System.Web.HttpApplication { + /// <summary> + /// The logger for this web site to use. + /// </summary> + private static log4net.ILog logger = log4net.LogManager.GetLogger("MvcRelyingParty"); + + public static log4net.ILog Logger { + get { return logger; } + } + public static void RegisterRoutes(RouteCollection routes) { routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); @@ -18,11 +27,23 @@ namespace MvcRelyingParty { "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = "" } // Parameter defaults ); - } protected void Application_Start() { + log4net.Config.XmlConfigurator.Configure(); + Logger.Info("Web application starting..."); RegisterRoutes(RouteTable.Routes); } + + protected void Application_Error(object sender, EventArgs e) { + Logger.Error("An unhandled exception occurred in ASP.NET processing for page " + HttpContext.Current.Request.Path, Server.GetLastError()); + } + + protected void Application_End(object sender, EventArgs e) { + Logger.Info("Web application shutting down..."); + + // this would be automatic, but in partial trust scenarios it is not. + log4net.LogManager.Shutdown(); + } } }
\ No newline at end of file diff --git a/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj b/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj index d160d6c..e6bd0e3 100644 --- a/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj +++ b/projecttemplates/MvcRelyingParty/MvcRelyingParty.csproj @@ -69,11 +69,19 @@ <DependentUpon>Global.asax</DependentUpon> </Compile> <Compile Include="Properties\AssemblyInfo.cs" /> + <Compile Include="Setup.aspx.cs"> + <DependentUpon>Setup.aspx</DependentUpon> + <SubType>ASPXCodeBehind</SubType> + </Compile> + <Compile Include="Setup.aspx.designer.cs"> + <DependentUpon>Setup.aspx</DependentUpon> + </Compile> </ItemGroup> <ItemGroup> <Content Include="Default.aspx" /> <Content Include="GettingStarted.htm" /> <Content Include="Global.asax" /> + <Content Include="Setup.aspx" /> <Content Include="Web.config" /> <Content Include="Content\Site.css" /> <Content Include="Scripts\jquery-1.3.2.js" /> @@ -84,10 +92,7 @@ <Content Include="Scripts\MicrosoftAjax.debug.js" /> <Content Include="Scripts\MicrosoftMvcAjax.js" /> <Content Include="Scripts\MicrosoftMvcAjax.debug.js" /> - <Content Include="Views\Account\ChangePassword.aspx" /> - <Content Include="Views\Account\ChangePasswordSuccess.aspx" /> <Content Include="Views\Account\LogOn.aspx" /> - <Content Include="Views\Account\Register.aspx" /> <Content Include="Views\Home\About.aspx" /> <Content Include="Views\Home\Index.aspx" /> <Content Include="Views\Shared\Error.aspx" /> diff --git a/projecttemplates/MvcRelyingParty/Setup.aspx b/projecttemplates/MvcRelyingParty/Setup.aspx new file mode 100644 index 0000000..498bef2 --- /dev/null +++ b/projecttemplates/MvcRelyingParty/Setup.aspx @@ -0,0 +1,43 @@ +<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Setup.aspx.cs" Inherits="MvcRelyingParty.Setup" %> + +<%@ Register Assembly="DotNetOpenAuth" Namespace="DotNetOpenAuth.OpenId.RelyingParty" + TagPrefix="rp" %> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head runat="server"> + <title>OpenID RP one-time setup</title> +</head> +<body> + <form id="form1" runat="server"> + <h2> + First steps: + </h2> + <asp:MultiView ID="MultiView1" runat="server" ActiveViewIndex="0"> + <asp:View ID="View1" runat="server"> + <p> + Before you can use this site, you must create your SQL database that will store + your user accounts and add an admin account to that database. + Just tell me what OpenID you will use to administer the site. + </p> + <rp:OpenIdLogin runat="server" ButtonText="Create database" ID="openidLogin" + OnLoggingIn="openidLogin_LoggingIn" Stateless="true" + TabIndex="1" LabelText="Administrator's OpenID:" + ButtonToolTip="Clicking this button will create the database and initialize the OpenID you specify as an admin of this web site." + RegisterText="get an OpenID" /> + <asp:Label ID="noOPIdentifierLabel" Visible="false" EnableViewState="false" ForeColor="Red" Font-Bold="true" runat="server" Text="Sorry. To help your admin account remain functional when you push this web site to production, directed identity is disabled on this page. Please use your personal claimed identifier." /> + </asp:View> + <asp:View ID="View2" runat="server"> + <p> + Your database has been successfully initialized. + </p> + <p> + <b>Remember to delete this Setup.aspx page.</b> + </p> + <p> + Visit the <a href="Default.aspx">home page</a>. + </p> + </asp:View> + </asp:MultiView> + </form> +</body> +</html> diff --git a/projecttemplates/MvcRelyingParty/Setup.aspx.cs b/projecttemplates/MvcRelyingParty/Setup.aspx.cs new file mode 100644 index 0000000..633496f --- /dev/null +++ b/projecttemplates/MvcRelyingParty/Setup.aspx.cs @@ -0,0 +1,39 @@ +namespace MvcRelyingParty { + using System; + using System.Collections.Generic; + using System.Globalization; + using System.IO; + using System.Linq; + using System.Web; + using System.Web.UI; + using System.Web.UI.WebControls; + using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.RelyingParty; + using RelyingPartyLogic; + + public partial class Setup : System.Web.UI.Page { + private bool databaseCreated; + + protected void Page_Load(object sender, EventArgs e) { + if (!Page.IsPostBack) { + this.openidLogin.Focus(); + } + } + + protected void openidLogin_LoggingIn(object sender, OpenIdEventArgs e) { + // We don't actually want to log in... we just want the claimed identifier. + e.Cancel = true; + if (e.IsDirectedIdentity) { + this.noOPIdentifierLabel.Visible = true; + } else if (!this.databaseCreated) { + Utilities.CreateDatabase(e.ClaimedIdentifier, this.openidLogin.Text, "MvcRelyingParty"); + this.MultiView1.ActiveViewIndex = 1; + + // indicate we have already created the database so that if the + // identifier the user gave has multiple service endpoints, + // we won't try to recreate the database as the next one is considered. + this.databaseCreated = true; + } + } + } +} diff --git a/projecttemplates/MvcRelyingParty/Setup.aspx.designer.cs b/projecttemplates/MvcRelyingParty/Setup.aspx.designer.cs new file mode 100644 index 0000000..d8ab448 --- /dev/null +++ b/projecttemplates/MvcRelyingParty/Setup.aspx.designer.cs @@ -0,0 +1,70 @@ +//------------------------------------------------------------------------------ +// <auto-generated> +// This code was generated by a tool. +// Runtime Version:2.0.50727.4927 +// +// Changes to this file may cause incorrect behavior and will be lost if +// the code is regenerated. +// </auto-generated> +//------------------------------------------------------------------------------ + +namespace MvcRelyingParty { + + + public partial class Setup { + + /// <summary> + /// form1 control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.HtmlControls.HtmlForm form1; + + /// <summary> + /// MultiView1 control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.MultiView MultiView1; + + /// <summary> + /// View1 control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View View1; + + /// <summary> + /// openidLogin control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::DotNetOpenAuth.OpenId.RelyingParty.OpenIdLogin openidLogin; + + /// <summary> + /// noOPIdentifierLabel control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.Label noOPIdentifierLabel; + + /// <summary> + /// View2 control. + /// </summary> + /// <remarks> + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// </remarks> + protected global::System.Web.UI.WebControls.View View2; + } +} diff --git a/projecttemplates/MvcRelyingParty/Views/Account/ChangePassword.aspx b/projecttemplates/MvcRelyingParty/Views/Account/ChangePassword.aspx deleted file mode 100644 index 2ba0163..0000000 --- a/projecttemplates/MvcRelyingParty/Views/Account/ChangePassword.aspx +++ /dev/null @@ -1,42 +0,0 @@ -<%@ Page Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage" %> - -<asp:Content ID="changePasswordTitle" ContentPlaceHolderID="TitleContent" runat="server"> - Change Password -</asp:Content> - -<asp:Content ID="changePasswordContent" ContentPlaceHolderID="MainContent" runat="server"> - <h2>Change Password</h2> - <p> - Use the form below to change your password. - </p> - <p> - New passwords are required to be a minimum of <%=Html.Encode(ViewData["PasswordLength"])%> characters in length. - </p> - <%= Html.ValidationSummary("Password change was unsuccessful. Please correct the errors and try again.")%> - - <% using (Html.BeginForm()) { %> - <div> - <fieldset> - <legend>Account Information</legend> - <p> - <label for="currentPassword">Current password:</label> - <%= Html.Password("currentPassword") %> - <%= Html.ValidationMessage("currentPassword") %> - </p> - <p> - <label for="newPassword">New password:</label> - <%= Html.Password("newPassword") %> - <%= Html.ValidationMessage("newPassword") %> - </p> - <p> - <label for="confirmPassword">Confirm new password:</label> - <%= Html.Password("confirmPassword") %> - <%= Html.ValidationMessage("confirmPassword") %> - </p> - <p> - <input type="submit" value="Change Password" /> - </p> - </fieldset> - </div> - <% } %> -</asp:Content> diff --git a/projecttemplates/MvcRelyingParty/Views/Account/ChangePasswordSuccess.aspx b/projecttemplates/MvcRelyingParty/Views/Account/ChangePasswordSuccess.aspx deleted file mode 100644 index ec42f7b..0000000 --- a/projecttemplates/MvcRelyingParty/Views/Account/ChangePasswordSuccess.aspx +++ /dev/null @@ -1,12 +0,0 @@ -<%@Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage" %> - -<asp:Content ID="changePasswordTitle" ContentPlaceHolderID="TitleContent" runat="server"> - Change Password -</asp:Content> - -<asp:Content ID="changePasswordSuccessContent" ContentPlaceHolderID="MainContent" runat="server"> - <h2>Change Password</h2> - <p> - Your password has been changed successfully. - </p> -</asp:Content> diff --git a/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx b/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx index ca27b6a..ca6dfc8 100644 --- a/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx +++ b/projecttemplates/MvcRelyingParty/Views/Account/LogOn.aspx @@ -1,37 +1,30 @@ <%@ Page Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage" %> <asp:Content ID="loginTitle" ContentPlaceHolderID="TitleContent" runat="server"> - Log On + Log On </asp:Content> - <asp:Content ID="loginContent" ContentPlaceHolderID="MainContent" runat="server"> - <h2>Log On</h2> - <p> - Please enter your username and password. <%= Html.ActionLink("Register", "Register") %> if you don't have an account. - </p> - <%= Html.ValidationSummary("Login was unsuccessful. Please correct the errors and try again.") %> + <h2> + Log On + </h2> + <%= Html.ValidationSummary("Login was unsuccessful. Please correct the errors and try again.") %> - <% using (Html.BeginForm()) { %> - <div> - <fieldset> - <legend>Account Information</legend> - <p> - <label for="username">Username:</label> - <%= Html.TextBox("username") %> - <%= Html.ValidationMessage("username") %> - </p> - <p> - <label for="password">Password:</label> - <%= Html.Password("password") %> - <%= Html.ValidationMessage("password") %> - </p> - <p> - <%= Html.CheckBox("rememberMe") %> <label class="inline" for="rememberMe">Remember me?</label> - </p> - <p> - <input type="submit" value="Log On" /> - </p> - </fieldset> - </div> - <% } %> + <% using (Html.BeginForm("LogOn", "Account")) { %> + <div> + <fieldset> + <legend>Account Information</legend> + <p> + <label for="openid_identifier">OpenID:</label> + <%= Html.TextBox("openid_identifier")%> + <%= Html.ValidationMessage("openid_identifier")%> + </p> + <p> + <%= Html.CheckBox("rememberMe") %> <label class="inline" for="rememberMe">Remember me?</label> + </p> + <p> + <input type="submit" value="Log On" /> + </p> + </fieldset> + </div> + <% } %> </asp:Content> diff --git a/projecttemplates/MvcRelyingParty/Views/Account/Register.aspx b/projecttemplates/MvcRelyingParty/Views/Account/Register.aspx deleted file mode 100644 index 13c7a3c..0000000 --- a/projecttemplates/MvcRelyingParty/Views/Account/Register.aspx +++ /dev/null @@ -1,47 +0,0 @@ -<%@ Page Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage" %> - -<asp:Content ID="registerTitle" ContentPlaceHolderID="TitleContent" runat="server"> - Register -</asp:Content> - -<asp:Content ID="registerContent" ContentPlaceHolderID="MainContent" runat="server"> - <h2>Create a New Account</h2> - <p> - Use the form below to create a new account. - </p> - <p> - Passwords are required to be a minimum of <%=Html.Encode(ViewData["PasswordLength"])%> characters in length. - </p> - <%= Html.ValidationSummary("Account creation was unsuccessful. Please correct the errors and try again.") %> - - <% using (Html.BeginForm()) { %> - <div> - <fieldset> - <legend>Account Information</legend> - <p> - <label for="username">Username:</label> - <%= Html.TextBox("username") %> - <%= Html.ValidationMessage("username") %> - </p> - <p> - <label for="email">Email:</label> - <%= Html.TextBox("email") %> - <%= Html.ValidationMessage("email") %> - </p> - <p> - <label for="password">Password:</label> - <%= Html.Password("password") %> - <%= Html.ValidationMessage("password") %> - </p> - <p> - <label for="confirmPassword">Confirm password:</label> - <%= Html.Password("confirmPassword") %> - <%= Html.ValidationMessage("confirmPassword") %> - </p> - <p> - <input type="submit" value="Register" /> - </p> - </fieldset> - </div> - <% } %> -</asp:Content> diff --git a/projecttemplates/MvcRelyingParty/Web.config b/projecttemplates/MvcRelyingParty/Web.config index d18d969..e4c2684 100644 --- a/projecttemplates/MvcRelyingParty/Web.config +++ b/projecttemplates/MvcRelyingParty/Web.config @@ -8,189 +8,291 @@ \Windows\Microsoft.Net\Framework\v2.x\Config --> <configuration> + <configSections> + <section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> + <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" /> + <section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true" /> + <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> + <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> + <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> + <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> + <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" /> + <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> + <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> + <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> + </sectionGroup> + </sectionGroup> + </sectionGroup> + </configSections> - <configSections> - <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> - <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> - <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> - <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> - <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere" /> - <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> - <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> - <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication" /> - </sectionGroup> - </sectionGroup> - </sectionGroup> - </configSections> - - <appSettings/> - - <connectionStrings> - <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/> - </connectionStrings> - - <system.web> - - <!-- + <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names), + which is necessary for OpenID urls with unicode characters in the domain/host name. + It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. --> + <uri> + <idn enabled="All" /> + <iriParsing enabled="true" /> + </uri> + + <system.net> + <defaultProxy enabled="true" /> + <settings> + <!-- This setting causes .NET to check certificate revocation lists (CRL) + before trusting HTTPS certificates. But this setting tends to not + be allowed in shared hosting environments. --> + <servicePointManager checkCertificateRevocationList="true" /> + </settings> + </system.net> + + <!-- this is an optional configuration section where aspects of dotnetopenauth can be customized --> + <dotNetOpenAuth> + <messaging> + <untrustedWebRequest> + <whitelistHosts> + <!--<add name="localhost" />--> + </whitelistHosts> + </untrustedWebRequest> + </messaging> + <openid> + <relyingParty> + <behaviors> + <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible + with OPs that use Attribute Exchange (in various formats). --> + <add type="DotNetOpenAuth.OpenId.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth" /> + </behaviors> + <store type="RelyingPartyLogic.RelyingPartyApplicationDbStore, RelyingPartyLogic"/> + </relyingParty> + </openid> + <oauth> + <serviceProvider> + <store type="RelyingPartyLogic.NonceDbStore, RelyingPartyLogic"/> + </serviceProvider> + </oauth> + <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. --> + <reporting enabled="true" /> + </dotNetOpenAuth> + + <!-- log4net is a 3rd party (free) logger library that DotNetOpenAuth will use if present but does not require. --> + <log4net> + <appender name="AdoNetAppender" type="log4net.Appender.AdoNetAppender"> + <bufferSize value="100" /> + <connectionType value="System.Data.SqlClient.SqlConnection, System.Data, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> + <connectionString value="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\WebFormsRelyingParty.mdf;Integrated Security=True;User Instance=True" /> + <commandText value="INSERT INTO [Log] ([Date],[Thread],[Level],[Logger],[Message],[Exception]) VALUES (@log_date, @thread, @log_level, @logger, @message, @exception)" /> + <parameter> + <parameterName value="@log_date" /> + <dbType value="DateTime" /> + <layout type="log4net.Layout.RawTimeStampLayout" /> + </parameter> + <parameter> + <parameterName value="@thread" /> + <dbType value="String" /> + <size value="255" /> + <layout type="log4net.Layout.PatternLayout"> + <conversionPattern value="%thread" /> + </layout> + </parameter> + <parameter> + <parameterName value="@log_level" /> + <dbType value="String" /> + <size value="50" /> + <layout type="log4net.Layout.PatternLayout"> + <conversionPattern value="%level" /> + </layout> + </parameter> + <parameter> + <parameterName value="@logger" /> + <dbType value="String" /> + <size value="255" /> + <layout type="log4net.Layout.PatternLayout"> + <conversionPattern value="%logger" /> + </layout> + </parameter> + <parameter> + <parameterName value="@message" /> + <dbType value="String" /> + <size value="4000" /> + <layout type="log4net.Layout.PatternLayout"> + <conversionPattern value="%message" /> + </layout> + </parameter> + <parameter> + <parameterName value="@exception" /> + <dbType value="String" /> + <size value="2000" /> + <layout type="log4net.Layout.ExceptionLayout" /> + </parameter> + </appender> + <!-- Setup the root category, add the appenders and set the default level --> + <root> + <level value="WARN" /> + <appender-ref ref="AdoNetAppender" /> + </root> + <!-- Specify the level for some specific categories --> + <logger name="DotNetOpenAuth"> + <level value="WARN" /> + </logger> + <logger name="DotNetOpenAuth.OpenId"> + <level value="INFO" /> + </logger> + <logger name="DotNetOpenAuth.OAuth"> + <level value="INFO" /> + </logger> + </log4net> + + <appSettings/> + + <connectionStrings> + <!-- Remember to keep this connection string in sync with the one (if any) that appears in the log4net section. --> + <add name="DatabaseEntities" connectionString="metadata=res://*/Model.csdl|res://*/Model.ssdl|res://*/Model.msl;provider=System.Data.SqlClient;provider connection string="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\MvcRelyingParty.mdf;Integrated Security=True;User Instance=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" /> + </connectionStrings> + + <system.web> + + <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> - <compilation debug="false"> - <assemblies> - <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> - <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add assembly="System.Web.Abstractions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add assembly="System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add assembly="System.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> - <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> - <add assembly="System.Data.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> - </assemblies> - </compilation> - - <!-- + <compilation debug="false"> + <assemblies> + <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> + <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add assembly="System.Web.Abstractions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add assembly="System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add assembly="System.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> + <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> + <add assembly="System.Data.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /> + </assemblies> + </compilation> + + <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> - <authentication mode="Forms"> - <forms loginUrl="~/Account/LogOn" timeout="2880" /> - </authentication> - - <membership> - <providers> - <clear/> - <add name="AspNetSqlMembershipProvider" - type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" - connectionStringName="ApplicationServices" - enablePasswordRetrieval="false" - enablePasswordReset="true" - requiresQuestionAndAnswer="false" - requiresUniqueEmail="false" - passwordFormat="Hashed" - maxInvalidPasswordAttempts="5" - minRequiredPasswordLength="6" - minRequiredNonalphanumericCharacters="0" - passwordAttemptWindow="10" - passwordStrengthRegularExpression="" - applicationName="/" - /> - </providers> - </membership> - - <profile> - <providers> - <clear/> - <add name="AspNetSqlProfileProvider" - type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" - connectionStringName="ApplicationServices" - applicationName="/" - /> - </providers> - </profile> - - <roleManager enabled="false"> - <providers> - <clear /> - <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> - <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> - </providers> - </roleManager> - - <!-- - The <customErrors> section enables configuration - of what to do if/when an unhandled error occurs - during the execution of a request. Specifically, - it enables developers to configure html error pages - to be displayed in place of a error stack trace. - - <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> - <error statusCode="403" redirect="NoAccess.htm" /> - <error statusCode="404" redirect="FileNotFound.htm" /> - </customErrors> - --> + <authentication mode="Forms"> + <forms loginUrl="~/Account/LogOn" timeout="2880" /> + </authentication> + + <roleManager enabled="true" defaultProvider="Database"> + <providers> + <add name="Database" type="RelyingPartyLogic.DataRoleProvider, RelyingPartyLogic" /> + </providers> + </roleManager> - <pages> - <controls> - <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - </controls> - - <namespaces> - <add namespace="System.Web.Mvc"/> - <add namespace="System.Web.Mvc.Ajax"/> - <add namespace="System.Web.Mvc.Html"/> - <add namespace="System.Web.Routing"/> - <add namespace="System.Linq"/> - <add namespace="System.Collections.Generic"/> - </namespaces> - </pages> - - <httpHandlers> - <remove verb="*" path="*.asmx"/> - <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> - <add verb="*" path="*.mvc" validate="false" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - </httpHandlers> - - <httpModules> - <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> - </httpModules> - - </system.web> - - <system.codedom> - <compilers> - <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" + <!-- + The <customErrors> section enables configuration + of what to do if/when an unhandled error occurs + during the execution of a request. Specifically, + it enables developers to configure html error pages + to be displayed in place of a error stack trace. + + <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> + <error statusCode="403" redirect="NoAccess.htm" /> + <error statusCode="404" redirect="FileNotFound.htm" /> + </customErrors> + --> + + <pages> + <controls> + <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + </controls> + + <namespaces> + <add namespace="System.Web.Mvc"/> + <add namespace="System.Web.Mvc.Ajax"/> + <add namespace="System.Web.Mvc.Html"/> + <add namespace="System.Web.Routing"/> + <add namespace="System.Linq"/> + <add namespace="System.Collections.Generic"/> + </namespaces> + </pages> + + <httpHandlers> + <remove verb="*" path="*.asmx"/> + <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> + <add verb="*" path="*.mvc" validate="false" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + </httpHandlers> + + <httpModules> + <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> + <add name="OAuthAuthenticationModule" type="RelyingPartyLogic.OAuthAuthenticationModule, RelyingPartyLogic" /> + <add name="Database" type="RelyingPartyLogic.Database, RelyingPartyLogic"/> + </httpModules> + + </system.web> + + <system.codedom> + <compilers> + <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> - <providerOption name="CompilerVersion" value="v3.5"/> - <providerOption name="WarnAsError" value="false"/> - </compiler> + <providerOption name="CompilerVersion" value="v3.5"/> + <providerOption name="WarnAsError" value="false"/> + </compiler> - <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" + <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> - <providerOption name="CompilerVersion" value="v3.5"/> - <providerOption name="OptionInfer" value="true"/> - <providerOption name="WarnAsError" value="false"/> - </compiler> - </compilers> - </system.codedom> + <providerOption name="CompilerVersion" value="v3.5"/> + <providerOption name="OptionInfer" value="true"/> + <providerOption name="WarnAsError" value="false"/> + </compiler> + </compilers> + </system.codedom> - <system.web.extensions/> + <system.web.extensions/> - <!-- + <!-- The system.webServer section is required for running ASP.NET AJAX under Internet Information Services 7.0. It is not necessary for previous version of IIS. --> - <system.webServer> - <validation validateIntegratedModeConfiguration="false"/> - - <modules runAllManagedModulesForAllRequests="true"> - <remove name="ScriptModule" /> - <remove name="UrlRoutingModule" /> - <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> - </modules> - - <handlers> - <remove name="WebServiceHandlerFactory-Integrated"/> - <remove name="ScriptHandlerFactory" /> - <remove name="ScriptHandlerFactoryAppServices" /> - <remove name="ScriptResource" /> - <remove name="MvcHttpHandler" /> - <remove name="UrlRoutingHandler" /> - <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" + <system.webServer> + <validation validateIntegratedModeConfiguration="false"/> + + <modules runAllManagedModulesForAllRequests="true"> + <remove name="ScriptModule" /> + <remove name="UrlRoutingModule" /> + <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> + <add name="OAuthAuthenticationModule" type="RelyingPartyLogic.OAuthAuthenticationModule, RelyingPartyLogic" /> + <add name="Database" type="RelyingPartyLogic.Database, RelyingPartyLogic"/> + </modules> + + <handlers> + <remove name="WebServiceHandlerFactory-Integrated"/> + <remove name="ScriptHandlerFactory" /> + <remove name="ScriptHandlerFactoryAppServices" /> + <remove name="ScriptResource" /> + <remove name="MvcHttpHandler" /> + <remove name="UrlRoutingHandler" /> + <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" + <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> - <add name="MvcHttpHandler" preCondition="integratedMode" verb="*" path="*.mvc" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - <add name="UrlRoutingHandler" preCondition="integratedMode" verb="*" path="UrlRouting.axd" type="System.Web.HttpForbiddenHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> - </handlers> - </system.webServer> + <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> + <add name="MvcHttpHandler" preCondition="integratedMode" verb="*" path="*.mvc" type="System.Web.Mvc.MvcHttpHandler, System.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> + <add name="UrlRoutingHandler" preCondition="integratedMode" verb="*" path="UrlRouting.axd" type="System.Web.HttpForbiddenHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> + </handlers> + </system.webServer> + <system.serviceModel> + <behaviors> + <serviceBehaviors> + <behavior name="DataApiBehavior"> + <serviceMetadata httpGetEnabled="true" /> + <serviceDebug includeExceptionDetailInFaults="true" /> + <serviceAuthorization serviceAuthorizationManagerType="OAuthAuthorizationManager, __code" principalPermissionMode="Custom" /> + </behavior> + </serviceBehaviors> + </behaviors> + <services> + <!--<service behaviorConfiguration="DataApiBehavior" name="DataApi"> + </service>--> + </services> + </system.serviceModel> </configuration>
\ No newline at end of file |