diff options
Diffstat (limited to 'samples/OpenIdProviderMvc/Controllers/OpenIdController.cs')
| -rw-r--r-- | samples/OpenIdProviderMvc/Controllers/OpenIdController.cs | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs index 04b54da..6abbe17 100644 --- a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs +++ b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs @@ -267,12 +267,13 @@ namespace OpenIdProviderMvc.Controllers { } Uri userLocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name); - - return authReq.LocalIdentifier.ToString().ToLowerInvariant() == userLocalIdentifier.ToString().ToLowerInvariant() - || - authReq.LocalIdentifier.ToString().ToLowerInvariant() == PpidGeneration.PpidIdentifierProvider - .GetIdentifier(userLocalIdentifier, authReq.Realm) - .ToString().ToLowerInvariant(); + + // Assuming the URLs on the web server are not case sensitive (on Windows servers they almost never are), + // and usernames aren't either, compare the identifiers without case sensitivity. + // No reason to do this for the PPID identifiers though, since they *can* be case sensitive and are highly + // unlikely to be typed in by the user anyway. + return string.Equals(authReq.LocalIdentifier.ToString(), userLocalIdentifier.ToString(), StringComparison.OrdinalIgnoreCase) || + authReq.LocalIdentifier == PpidGeneration.PpidIdentifierProvider.GetIdentifier(userLocalIdentifier, authReq.Realm); } } } |