9 files changed, 131 insertions, 128 deletions
diff --git a/samples/OpenIdProviderWebForms/Code/URLRewriter.cs b/samples/OpenIdProviderWebForms/Code/URLRewriter.cs
deleted file mode 100644
index be65e0a..0000000
--- a/samples/OpenIdProviderWebForms/Code/URLRewriter.cs
+++ /dev/null
@@ -1,63 +0,0 @@
-namespace OpenIdProviderWebForms.Code {
-	using System.Configuration;
-	using System.Diagnostics;
-	using System.Text.RegularExpressions;
-	using System.Web;
-	using System.Xml;
-
-	// nicked from http://www.codeproject.com/aspnet/URLRewriter.asp
-	public class URLRewriter : IConfigurationSectionHandler {
-		public static log4net.ILog Logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
-
-		protected XmlNode rules = null;
-
-		protected URLRewriter() {
-		}
-
-		public static void Process() {
-			URLRewriter rewriter = (URLRewriter)ConfigurationManager.GetSection("urlrewrites");
-
-			string subst = rewriter.GetSubstitution(HttpContext.Current.Request.Path);
-
-			if (!string.IsNullOrEmpty(subst)) {
-				Logger.InfoFormat("Rewriting url '{0}' to '{1}' ", HttpContext.Current.Request.Path, subst);
-				HttpContext.Current.RewritePath(subst);
-			}
-		}
-
-		public string GetSubstitution(string path) {
-			foreach (XmlNode node in this.rules.SelectNodes("rule")) {
-				// get the url and rewrite nodes
-				XmlNode urlNode = node.SelectSingleNode("url");
-				XmlNode rewriteNode = node.SelectSingleNode("rewrite");
-
-				// check validity of the values
-				if (urlNode == null || string.IsNullOrEmpty(urlNode.InnerText)
-					|| rewriteNode == null || string.IsNullOrEmpty(rewriteNode.InnerText)) {
-					Logger.Warn("Invalid urlrewrites rule discovered in web.config file.");
-					continue;
-				}
-
-				string oldValue = HttpContext.Current.Response.ApplyAppPathModifier(urlNode.InnerText);
-
-				Regex reg = new Regex(oldValue, RegexOptions.IgnoreCase);
-
-				// if match, return the substitution
-				Match match = reg.Match(path);
-				if (match.Success) {
-					return reg.Replace(path, HttpContext.Current.Response.ApplyAppPathModifier(rewriteNode.InnerText));
-				}
-			}
-
-			return null; // no rewrite
-		}
-
-		#region Implementation of IConfigurationSectionHandler
-		public object Create(object parent, object configContext, XmlNode section) {
-			this.rules = section;
-
-			return this;
-		}
-		#endregion
-	}
-}
-\ No newline at end of file
diff --git a/samples/OpenIdProviderWebForms/Code/Util.cs b/samples/OpenIdProviderWebForms/Code/Util.cs
index 5cec951..84d3c63 100644
--- a/samples/OpenIdProviderWebForms/Code/Util.cs
+++ b/samples/OpenIdProviderWebForms/Code/Util.cs
@@ -24,11 +24,14 @@ namespace OpenIdProviderWebForms.Code {
 		}
 
 		public static Identifier BuildIdentityUrl() {
-			string username = HttpContext.Current.User.Identity.Name;
+			return BuildIdentityUrl(HttpContext.Current.User.Identity.Name);
+		}
 
-			// be sure to normalize case the way the user's identity page does.
+		public static Identifier BuildIdentityUrl(string username) {
+			// This sample Provider has a custom policy for normalizing URIs, which is that the whole
+			// path of the URI be lowercase except for the first letter of the username.
 			username = username.Substring(0, 1).ToUpperInvariant() + username.Substring(1).ToLowerInvariant();
-			return new Uri(HttpContext.Current.Request.Url, "/user/" + username);
+			return new Uri(HttpContext.Current.Request.Url, HttpContext.Current.Response.ApplyAppPathModifier("~/user.aspx/" + username));
 		}
 
 		internal static void ProcessAuthenticationChallenge(IAuthenticationRequest idrequest) {
diff --git a/samples/OpenIdProviderWebForms/Default.aspx b/samples/OpenIdProviderWebForms/Default.aspx
index 5f6ccbd..ef090e1 100644
--- a/samples/OpenIdProviderWebForms/Default.aspx
+++ b/samples/OpenIdProviderWebForms/Default.aspx
@@ -1,28 +1,32 @@
-<%@ Page Language="C#" AutoEventWireup="true" MasterPageFile="~/Site.Master" %>
+<%@ Page Language="C#" AutoEventWireup="true" MasterPageFile="~/Site.Master" CodeBehind="Default.aspx.cs"
+	Inherits="OpenIdProviderWebForms._default" %>
 
 <%@ Import Namespace="OpenIdProviderWebForms.Code" %>
-<%@ Import Namespace="DotNetOpenAuth.OpenId.Provider" %>
-<%@ Import Namespace="DotNetOpenAuth.Messaging" %>
 <%@ Register Assembly="DotNetOpenAuth" Namespace="DotNetOpenAuth.OpenId" TagPrefix="openid" %>
 <%@ Register Assembly="DotNetOpenAuth" Namespace="DotNetOpenAuth" TagPrefix="openauth" %>
+<asp:Content runat="server" ContentPlaceHolderID="head">
+	<openauth:XrdsPublisher runat="server" XrdsUrl="~/op_xrds.aspx" />
+
+	<script language="javascript">
+		String.prototype.startsWith = function(substring) {
+			if (this.length < substring.length) {
+				return false;
+			}
+			return this.substring(0, substring.length) == substring;
+		};
 
-<script runat="server">
-	protected void sendAssertionButton_Click(object sender, EventArgs e) {
-		TextBox relyingPartySite = (TextBox)loginView.FindControl("relyingPartySite");
-		Uri providerEndpoint = new Uri(Request.Url, Page.ResolveUrl("~/server.aspx"));
-		OpenIdProvider op = new OpenIdProvider();
-		try {
-			op.PrepareUnsolicitedAssertion(providerEndpoint, relyingPartySite.Text, Util.BuildIdentityUrl(), Util.BuildIdentityUrl()).Send();
-		} catch (ProtocolException ex) {
-			Label errorLabel = (Label)loginView.FindControl("errorLabel");
-			errorLabel.Visible = true;
-			errorLabel.Text = ex.Message;
+		function updateBookmark(rpRealm) {
+			if (!(rpRealm.startsWith("http://") || rpRealm.startsWith("https://"))) {
+				rpRealm = "http://" + rpRealm;
+			}
+
+			var bookmarkUrl = document.location + "?rp=" + encodeURIComponent(rpRealm);
+			bookmarkParagraph.style.display = '';
+			bookmark.href = bookmarkUrl;
+			bookmark.innerHTML = bookmarkUrl;
 		}
-	}
-</script>
+	</script>
 
-<asp:Content runat="server" ContentPlaceHolderID="head">
-	<openauth:XrdsPublisher runat="server" XrdsUrl="~/op_xrds.aspx" />
 </asp:Content>
 <asp:Content runat="server" ContentPlaceHolderID="Main">
 	<h2>Provider </h2>
@@ -32,16 +36,21 @@
 	<asp:LoginView runat="server" ID="loginView">
 		<LoggedInTemplate>
 			<asp:Panel runat="server" DefaultButton="sendAssertionButton">
-			<p>You're logged in as <b><%= HttpUtility.HtmlEncode(User.Identity.Name) %></b> </p>
-			<p>Your claimed identifier is <b><%= HttpUtility.HtmlEncode(Util.BuildIdentityUrl()) %></b> </p>
+				<p>You're logged in as <b>
+					<%= HttpUtility.HtmlEncode(User.Identity.Name) %></b> </p>
+				<p>Your claimed identifier is <b>
+					<%= HttpUtility.HtmlEncode(Util.BuildIdentityUrl()) %></b> </p>
 				<p>Since you're logged in, try sending an unsolicited assertion to an OpenID 2.0 relying
 					party site. Just type in the URL to the site's home page. This could be the sample
 					relying party web site. </p>
 				<div>
-					<asp:TextBox runat="server" ID="relyingPartySite" Columns="40" />
-					<asp:Button runat="server" ID="sendAssertionButton" Text="Send assertion" OnClick="sendAssertionButton_Click" />
+					<asp:TextBox runat="server" ID="relyingPartySite" Columns="40" onchange="updateBookmark(this.value)"
+						onkeyup="updateBookmark(this.value)" />
+					<asp:Button runat="server" ID="sendAssertionButton" Text="Login" OnClick="sendAssertionButton_Click" />
 					<asp:RequiredFieldValidator runat="server" ControlToValidate="relyingPartySite" Text="Specify relying party site first" />
 				</div>
+				<p id="bookmarkParagraph" style="display: none">Bookmark <a id="bookmark"></a>so you
+					can log into the RP automatically in the future.</p>
 				<p>An unsolicited assertion is a way to log in to a relying party site directly from
 					your OpenID Provider. </p>
 				<p><asp:Label runat="server" EnableViewState="false" Visible="false" ID="errorLabel"
diff --git a/samples/OpenIdProviderWebForms/Default.aspx.cs b/samples/OpenIdProviderWebForms/Default.aspx.cs
new file mode 100644
index 0000000..808dbb1
--- /dev/null
+++ b/samples/OpenIdProviderWebForms/Default.aspx.cs
@@ -0,0 +1,48 @@
+namespace OpenIdProviderWebForms {
+	using System;
+	using System.Web.Security;
+	using System.Web.UI.WebControls;
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OpenId;
+	using DotNetOpenAuth.OpenId.Provider;
+	using OpenIdProviderWebForms.Code;
+
+	/// <summary>
+	/// Page for handling logins to this server. 
+	/// </summary>
+	public partial class _default : System.Web.UI.Page {
+		protected void Page_Load(object sender, EventArgs e) {
+			if (Request.QueryString["rp"] != null) {
+				if (Page.User.Identity.IsAuthenticated) {
+					SendAssertion(Request.QueryString["rp"]);
+				} else {
+					FormsAuthentication.RedirectToLoginPage();
+				}
+			} else {
+				TextBox relyingPartySite = (TextBox)loginView.FindControl("relyingPartySite");
+				if (relyingPartySite != null) {
+					relyingPartySite.Focus();
+				}
+			}
+		}
+
+		protected void sendAssertionButton_Click(object sender, EventArgs e) {
+			TextBox relyingPartySite = (TextBox)loginView.FindControl("relyingPartySite");
+			SendAssertion(relyingPartySite.Text);
+		}
+
+		private void SendAssertion(string relyingPartyRealm) {
+			Uri providerEndpoint = new Uri(Request.Url, Page.ResolveUrl("~/server.aspx"));
+			OpenIdProvider op = new OpenIdProvider();
+			try {
+				// Send user input through identifier parser so we accept more free-form input.
+				string rpSite = Identifier.Parse(relyingPartyRealm);
+				op.PrepareUnsolicitedAssertion(providerEndpoint, rpSite, Util.BuildIdentityUrl(), Util.BuildIdentityUrl()).Send();
+			} catch (ProtocolException ex) {
+				Label errorLabel = (Label)loginView.FindControl("errorLabel");
+				errorLabel.Visible = true;
+				errorLabel.Text = ex.Message;
+			}
+		}
+	}
+}
+\ No newline at end of file
diff --git a/samples/OpenIdProviderWebForms/Default.aspx.designer.cs b/samples/OpenIdProviderWebForms/Default.aspx.designer.cs
new file mode 100644
index 0000000..74f2647
--- /dev/null
+++ b/samples/OpenIdProviderWebForms/Default.aspx.designer.cs
@@ -0,0 +1,25 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:2.0.50727.4912
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace OpenIdProviderWebForms {
+    
+    
+    public partial class _default {
+        
+        /// <summary>
+        /// loginView control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.LoginView loginView;
+    }
+}
diff --git a/samples/OpenIdProviderWebForms/Global.asax.cs b/samples/OpenIdProviderWebForms/Global.asax.cs
index 79aca23..3048b17 100644
--- a/samples/OpenIdProviderWebForms/Global.asax.cs
+++ b/samples/OpenIdProviderWebForms/Global.asax.cs
@@ -39,13 +39,6 @@ namespace OpenIdProviderWebForms {
 		}
 
 		protected void Application_BeginRequest(object sender, EventArgs e) {
-			/*
-			 * The URLRewriter was taken from http://www.codeproject.com/aspnet/URLRewriter.asp and modified slightly.
-			 * It will read the config section called 'urlrewrites' from web.config and process each rule 
-			 * The rules are set of url transformations defined using regular expressions with support for substitutions (the ability to extract regex-matched portions of a string).
-			 * There is only one rule currenty defined. It rewrites urls like: user/john ->user.aspx?username=john
-			 */
-			//// System.Diagnostics.Debugger.Launch();
 			Logger.DebugFormat("Processing {0} on {1} ", this.Request.HttpMethod, this.stripQueryString(this.Request.Url));
 			if (Request.QueryString.Count > 0) {
 				Logger.DebugFormat("Querystring follows: \n{0}", ToString(Request.QueryString));
@@ -53,8 +46,6 @@ namespace OpenIdProviderWebForms {
 			if (Request.Form.Count > 0) {
 				Logger.DebugFormat("Posted form follows: \n{0}", ToString(Request.Form));
 			}
-
-			URLRewriter.Process();
 		}
 
 		protected void Application_AuthenticateRequest(object sender, EventArgs e) {
diff --git a/samples/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj b/samples/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj
index 5203150..ceea842 100644
--- a/samples/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj
+++ b/samples/OpenIdProviderWebForms/OpenIdProviderWebForms.csproj
@@ -91,7 +91,6 @@
     </Compile>
     <Compile Include="Code\ReadOnlyXmlMembershipProvider.cs" />
     <Compile Include="Code\TracePageAppender.cs" />
-    <Compile Include="Code\URLRewriter.cs" />
     <Compile Include="Code\Util.cs" />
     <Compile Include="decide.aspx.cs">
       <DependentUpon>decide.aspx</DependentUpon>
@@ -100,6 +99,13 @@
     <Compile Include="decide.aspx.designer.cs">
       <DependentUpon>decide.aspx</DependentUpon>
     </Compile>
+    <Compile Include="Default.aspx.cs">
+      <DependentUpon>Default.aspx</DependentUpon>
+      <SubType>ASPXCodeBehind</SubType>
+    </Compile>
+    <Compile Include="Default.aspx.designer.cs">
+      <DependentUpon>Default.aspx</DependentUpon>
+    </Compile>
     <Compile Include="Global.asax.cs">
       <DependentUpon>Global.asax</DependentUpon>
     </Compile>
diff --git a/samples/OpenIdProviderWebForms/Web.config b/samples/OpenIdProviderWebForms/Web.config
index d429e21..85b3c30 100644
--- a/samples/OpenIdProviderWebForms/Web.config
+++ b/samples/OpenIdProviderWebForms/Web.config
@@ -10,7 +10,6 @@
 <configuration>
 	<configSections>
 		<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
-		<section name="urlrewrites" type="OpenIdProviderWebForms.Code.URLRewriter" requirePermission="false"/>
 		<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false"/>
 		<section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection" requirePermission="false" allowLocation="true"/>
 		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
@@ -48,21 +47,16 @@
 		<idn enabled="All"/>
 		<iriParsing enabled="true"/>
 	</uri>
-	<connectionStrings/>
-	<!-- 
-       Original version created by  Richard Birkby (2002-02-22, http://www.codeproject.com/aspnet/URLRewriter.asp)
-       Maps from old website to new website using Regular Expressions
-       rule/url - old website url (Regular Expression)
-       rule/rewrite - new website replacement expression
-       Of two or more rules which match a given request, the first  will always take precedance.
-    -->
-	<urlrewrites>
-		<rule>
-			<!--  This rewrites urls like: user/john ->user.aspx?username=john-->
-			<url>~/user/(.*)</url>
-			<rewrite>~/user.aspx?username=$1</rewrite>
-		</rule>
-	</urlrewrites>
+
+	<!-- This setting causes .NET to check certificate revocation lists (CRL) 
+	     before trusting HTTPS certificates.  But this setting tends to not 
+	     be allowed in shared hosting environments. -->
+	<system.net>
+		<settings>
+			<!--<servicePointManager checkCertificateRevocationList="true"/>-->
+		</settings>
+	</system.net>
+
 	<system.web>
 		<!-- 
             Set compilation debug="true" to insert debugging 
diff --git a/samples/OpenIdProviderWebForms/user.aspx.cs b/samples/OpenIdProviderWebForms/user.aspx.cs
index f530f15..5cd84c9 100644
--- a/samples/OpenIdProviderWebForms/user.aspx.cs
+++ b/samples/OpenIdProviderWebForms/user.aspx.cs
@@ -1,33 +1,23 @@
 namespace OpenIdProviderWebForms {
 	using System;
 	using DotNetOpenAuth.OpenId.Provider;
+	using OpenIdProviderWebForms.Code;
 
 	/// <summary>
 	/// This page is a required as part of the service discovery phase of the openid protocol (step 1).
 	/// </summary>
 	/// <remarks>
-	/// <para>How does a url like http://www.myserver.com/user/bob map to  http://www.myserver.com/user.aspx?username=bob ?
-	/// Check out gobal.asax and the URLRewriter class. Essentially there's a little framework that allows for URLRewrting using the HttpContext.Current.RewritePath method.</para>
-	/// <para>A url such as http://www.myserver.com/user/bob which is entered on  the consumer side will cause this page to be invoked.
-	/// This page must be parsed by the openid compatible consumer and the url of the openid server is extracted from href in:  rel="openid.server" href="?".
-	/// It is the responsibility of the consumer to redirect the user to this url.</para>
 	/// <para>The XRDS (or Yadis) content is also rendered to provide the consumer with an alternative discovery mechanism. The Yadis protocol allows the consumer 
 	/// to provide the user with a more flexible range of authentication mechanisms (which ever has been defined in xrds.aspx). See http://en.wikipedia.org/wiki/Yadis.</para>
 	/// </remarks>
 	public partial class user : System.Web.UI.Page {
 		protected void Page_Load(object sender, EventArgs e) {
-			this.usernameLabel.Text = Request.QueryString["username"];
+			this.usernameLabel.Text = Util.ExtractUserName(Page.Request.Url);
 		}
 
 		protected void IdentityEndpoint20_NormalizeUri(object sender, IdentityEndpointNormalizationEventArgs e) {
-			// This sample Provider has a custom policy for normalizing URIs, which is that the whole
-			// path of the URI be lowercase except for the first letter of the username.
-			UriBuilder normalized = new UriBuilder(e.UserSuppliedIdentifier);
-			string username = Request.QueryString["username"].TrimEnd('/').ToLowerInvariant();
-			username = username.Substring(0, 1).ToUpperInvariant() + username.Substring(1);
-			normalized.Path = "/user/" + username;
-			normalized.Scheme = "http"; // for a real Provider, this should be HTTPS if supported.
-			e.NormalizedIdentifier = normalized.Uri;
+			string username = Util.ExtractUserName(Page.Request.Url);
+			e.NormalizedIdentifier = new Uri(Util.BuildIdentityUrl(username));
 		}
 	}
 }
 \ No newline at end of file