3 files changed, 41 insertions, 39 deletions

diff --git a/samples/OpenIdProviderMvc/Controllers/HomeController.cs b/samples/OpenIdProviderMvc/Controllers/HomeController.cs
index 346e838..5ba08b3 100644
--- a/samples/OpenIdProviderMvc/Controllers/HomeController.cs
+++ b/samples/OpenIdProviderMvc/Controllers/HomeController.cs
@@ -23,9 +23,5 @@
 		public ActionResult Xrds() {
 			return View();
 		}
-
-		public ActionResult PpidXrds() {
-			return View();
-		}
 	}
 }
diff --git a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
index 8aad0ba..d70401a 100644
--- a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
+++ b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
@@ -5,32 +5,50 @@ namespace OpenIdProviderMvc.Controllers {
 	using System.Web;
 	using System.Web.Mvc;
 	using System.Web.Mvc.Ajax;
-	using DotNetOpenAuth.ApplicationBlock.Provider;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy;
 	using DotNetOpenAuth.OpenId.Provider;
 	using OpenIdProviderMvc.Code;
 
 	public class OpenIdController : Controller {
 		internal static OpenIdProvider OpenIdProvider = new OpenIdProvider();
 
+		private static AnonymousIdentifierProvider anonProvider = new AnonymousIdentifierProvider();
+
 		internal static IAuthenticationRequest PendingAuthenticationRequest {
 			get { return ProviderEndpoint.PendingAuthenticationRequest; }
 			set { ProviderEndpoint.PendingAuthenticationRequest = value; }
 		}
 
 		[ValidateInput(false)]
-		public ActionResult PpidProvider() {
-			return this.DoProvider(true);
-		}
-
-		[ValidateInput(false)]
 		public ActionResult Provider() {
-			return this.DoProvider(false);
+			IRequest request = OpenIdProvider.GetRequest();
+			if (request != null) {
+				var authRequest = request as IAuthenticationRequest;
+				if (authRequest != null) {
+					PendingAuthenticationRequest = authRequest;
+					if (authRequest.IsReturnUrlDiscoverable(OpenIdProvider) == RelyingPartyDiscoveryResult.Success &&
+						User.Identity.IsAuthenticated &&
+						(authRequest.IsDirectedIdentity || Models.User.GetClaimedIdentifierForUser(User.Identity.Name) == authRequest.LocalIdentifier)) {
+						return this.SendAssertion();
+					} else {
+						return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion") });
+					}
+				}
+
+				if (request.IsResponseReady) {
+					return OpenIdProvider.PrepareResponse(request).AsActionResult();
+				} else {
+					return RedirectToAction("LogOn", "Account");
+				}
+			} else {
+				return View();
+			}
 		}
 
 		[Authorize]
-		public ActionResult SendAssertion(bool pseudonymous) {
+		public ActionResult SendAssertion() {
 			IAuthenticationRequest authReq = PendingAuthenticationRequest;
 			PendingAuthenticationRequest = null;
 			if (authReq == null) {
@@ -38,14 +56,14 @@ namespace OpenIdProviderMvc.Controllers {
 			}
 
 			Identifier localIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
-
-			if (pseudonymous) {
+			if (this.IsPpidRequested(authReq)) {
 				if (!authReq.IsDirectedIdentity) {
 					throw new InvalidOperationException("Directed identity is the only supported scenario for anonymous identifiers.");
 				}
 
-				var anonProvider = new AnonymousIdentifierProvider();
-				authReq.ScrubPersonallyIdentifiableInformation(localIdentifier, anonProvider);
+				var anonymousIdentifier = anonProvider.GetIdentifier(localIdentifier, authReq.Realm);
+				authReq.ClaimedIdentifier = anonymousIdentifier;
+				authReq.LocalIdentifier = anonymousIdentifier;
 				authReq.IsAuthenticated = true;
 			} else {
 				if (authReq.IsDirectedIdentity) {
@@ -71,27 +89,19 @@ namespace OpenIdProviderMvc.Controllers {
 			return OpenIdProvider.PrepareResponse(authReq).AsActionResult();
 		}
 
-		private ActionResult DoProvider(bool pseudonymous) {
-			IRequest request = OpenIdProvider.GetRequest();
-			if (request != null) {
-				var authRequest = request as IAuthenticationRequest;
-				if (authRequest != null) {
-					PendingAuthenticationRequest = authRequest;
-					if (User.Identity.IsAuthenticated && (authRequest.IsDirectedIdentity || Models.User.GetClaimedIdentifierForUser(User.Identity.Name) == authRequest.LocalIdentifier)) {
-						return this.SendAssertion(pseudonymous);
-					} else {
-						return RedirectToAction("LogOn", "Account", new { returnUrl = Url.Action("SendAssertion", new { pseudonymous = pseudonymous }) });
-					}
-				}
+		private bool IsPpidRequested(IAuthenticationRequest authRequest) {
+			if (authRequest == null) {
+				throw new ArgumentNullException("authRequest");
+			}
 
-				if (request.IsResponseReady) {
-					return OpenIdProvider.PrepareResponse(request).AsActionResult();
-				} else {
-					return RedirectToAction("LogOn", "Account");
+			var pape = authRequest.GetExtension<PolicyRequest>();
+			if (pape != null) {
+				if (pape.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) {
+					return true;
 				}
-			} else {
-				return View();
 			}
+
+			return false;
 		}
 	}
 }
diff --git a/samples/OpenIdProviderMvc/Controllers/UserController.cs b/samples/OpenIdProviderMvc/Controllers/UserController.cs
index c160fce..3cb87ae 100644
--- a/samples/OpenIdProviderMvc/Controllers/UserController.cs
+++ b/samples/OpenIdProviderMvc/Controllers/UserController.cs
@@ -9,7 +9,7 @@ namespace OpenIdProviderMvc.Controllers {
 	public class UserController : Controller {
 		public ActionResult PpidIdentity() {
 			if (Request.AcceptTypes.Contains("application/xrds+xml")) {
-				return View("PpidXrds");
+				return View("Xrds");
 			}
 
 			return View();
@@ -33,10 +33,6 @@ namespace OpenIdProviderMvc.Controllers {
 			return View();
 		}
 
-		public ActionResult PpidXrds() {
-			return View();
-		}
-
 		private ActionResult RedirectIfNotNormalizedRequestUri() {
 			Uri normalized = Models.User.GetNormalizedClaimedIdentifier(Request.Url);
 			if (Request.Url != normalized) {