8 files changed, 106 insertions, 63 deletions
diff --git a/samples/OpenIdProviderWebForms/Code/Util.cs b/samples/OpenIdProviderWebForms/Code/Util.cs
index 84d3c63..8700dbd 100644
--- a/samples/OpenIdProviderWebForms/Code/Util.cs
+++ b/samples/OpenIdProviderWebForms/Code/Util.cs
@@ -6,10 +6,6 @@
 
 namespace OpenIdProviderWebForms.Code {
 	using System;
-	using System.Collections.Generic;
-	using System.Diagnostics;
-	using System.Net;
-	using System.Text;
 	using System.Web;
 	using DotNetOpenAuth.OpenId;
 	using DotNetOpenAuth.OpenId.Provider;
@@ -51,6 +47,26 @@ namespace OpenIdProviderWebForms.Code {
 					// to know the answer.
 					idrequest.IsAuthenticated = userOwningOpenIdUrl == HttpContext.Current.User.Identity.Name;
 				}
+
+				if (idrequest.IsAuthenticated.Value) {
+					// add extension responses here.
+				}
+			} else {
+				HttpContext.Current.Response.Redirect("~/decide.aspx", true);
+			}
+		}
+
+		internal static void ProcessAnonymousRequest(IAnonymousRequest request) {
+			if (request.Immediate) {
+				// NOTE: in a production provider site, you may want to only
+				// respond affirmatively if the user has already authorized this consumer
+				// to know the answer.
+				request.IsApproved = HttpContext.Current.User.Identity.IsAuthenticated;
+
+				if (request.IsApproved.Value) {
+					// Add extension responses here.
+					// These would typically be filled in from a user database
+				}
 			} else {
 				HttpContext.Current.Response.Redirect("~/decide.aspx", true);
 			}
diff --git a/samples/OpenIdProviderWebForms/Provider.ashx.cs b/samples/OpenIdProviderWebForms/Provider.ashx.cs
index 40acc04..c8441cf 100644
--- a/samples/OpenIdProviderWebForms/Provider.ashx.cs
+++ b/samples/OpenIdProviderWebForms/Provider.ashx.cs
@@ -24,17 +24,20 @@
 				// But authentication requests cannot be responded to until something on
 				// this site decides whether to approve or disapprove the authentication.
 				if (!request.IsResponseReady) {
-					var idrequest = (IAuthenticationRequest)request;
-
-					// We store the authentication request in the user's session so that
+					// We store the request in the user's session so that
 					// redirects and user prompts can appear and eventually some page can decide
 					// to respond to the OpenID authentication request either affirmatively or
 					// negatively.
-					ProviderEndpoint.PendingAuthenticationRequest = idrequest;
+					ProviderEndpoint.PendingAnonymousRequest = request as IAnonymousRequest;
+					ProviderEndpoint.PendingAuthenticationRequest = request as IAuthenticationRequest;
 
 					// We delegate that approval process to our utility method that we share
 					// with our other Provider sample page server.aspx.
-					Code.Util.ProcessAuthenticationChallenge(idrequest);
+					if (ProviderEndpoint.PendingAuthenticationRequest != null) {
+						Code.Util.ProcessAuthenticationChallenge(ProviderEndpoint.PendingAuthenticationRequest);
+					} else if (ProviderEndpoint.PendingAnonymousRequest != null) {
+						Code.Util.ProcessAnonymousRequest(ProviderEndpoint.PendingAnonymousRequest);
+					}
 
 					// As part of authentication approval, the user may need to authenticate
 					// to this Provider and/or decide whether to allow the requesting RP site
@@ -52,7 +55,7 @@
 					ProviderEndpoint.Provider.SendResponse(request);
 
 					// Make sure that any PendingAuthenticationRequest that MAY be set is cleared.
-					ProviderEndpoint.PendingAuthenticationRequest = null;
+					ProviderEndpoint.PendingRequest = null;
 				}
 			}
 		}
diff --git a/samples/OpenIdProviderWebForms/Web.config b/samples/OpenIdProviderWebForms/Web.config
index a6cd2eb..159dcd1 100644
--- a/samples/OpenIdProviderWebForms/Web.config
+++ b/samples/OpenIdProviderWebForms/Web.config
@@ -47,6 +47,13 @@
 	<dotNetOpenAuth>
 		<openid>
 			<provider>
+				<security requireSsl="false" />
+				<behaviors>
+					<!-- Behaviors activate themselves automatically for individual matching requests. 
+					     The first one in this list to match an incoming request "owns" the request.  If no
+					     profile matches, the default behavior is assumed. -->
+					<!--<add type="DotNetOpenAuth.OpenId.Behaviors.PpidGeneration, DotNetOpenAuth" />-->
+				</behaviors>
 				<!-- Uncomment the following to activate the sample custom store.  -->
 				<!--<store type="OpenIdProviderWebForms.Code.CustomStore, OpenIdProviderWebForms" />-->
 			</provider>
diff --git a/samples/OpenIdProviderWebForms/decide.aspx b/samples/OpenIdProviderWebForms/decide.aspx
index 54c2f01..4a6e2d8 100644
--- a/samples/OpenIdProviderWebForms/decide.aspx
+++ b/samples/OpenIdProviderWebForms/decide.aspx
@@ -1,34 +1,24 @@
-<%@ Page Language="C#" AutoEventWireup="true" Inherits="OpenIdProviderWebForms.decide" CodeBehind="decide.aspx.cs" MasterPageFile="~/Site.Master" %>
+<%@ Page Language="C#" AutoEventWireup="true" Inherits="OpenIdProviderWebForms.decide"
+	CodeBehind="decide.aspx.cs" MasterPageFile="~/Site.Master" %>
 
 <%@ Register Src="ProfileFields.ascx" TagName="ProfileFields" TagPrefix="uc1" %>
 <asp:Content runat="server" ContentPlaceHolderID="Main">
-	<p>
-		A site has asked to authenticate that you own the identifier below.&nbsp; You should 
-		only do this if you wish to log in to the site given by the Realm.</p>
-	<p>
-		This site
-		<asp:Label ID="relyingPartyVerificationResultLabel" runat="server" 
-			Font-Bold="True" Text="failed" /> verification. </p>
+	<p><asp:Label ID="siteRequestLabel" runat="server" Text="A site has asked to authenticate that you own the identifier below." />
+		You should only do this if you wish to log in to the site given by the Realm.</p>
+	<p>This site <asp:Label ID="relyingPartyVerificationResultLabel" runat="server" Font-Bold="True"
+		Text="failed" /> verification. </p>
 	<table>
 		<tr>
-			<td>
-				Identifier: 			</td>
-			<td>
-				<asp:Label runat="server" ID='identityUrlLabel' />
-			</td>
+			<td>Identifier: </td>
+			<td><asp:Label runat="server" ID='identityUrlLabel' /> </td>
 		</tr>
 		<tr>
-			<td>
-				Realm: 			</td>
-			<td>
-				<asp:Label runat="server" ID='realmLabel' />
-			</td>
+			<td>Realm: </td>
+			<td><asp:Label runat="server" ID='realmLabel' /> </td>
 		</tr>
 	</table>
-	<p>
-		Allow this authentication to proceed?
-	</p>
+	<p>Allow this to proceed? </p>
 	<uc1:ProfileFields ID="profileFields" runat="server" Visible="false" />
 	<asp:Button ID="yes_button" OnClick="Yes_Click" Text="  yes  " runat="Server" />
 	<asp:Button ID="no_button" OnClick="No_Click" Text="  no  " runat="Server" />
-</asp:Content>
-\ No newline at end of file
+</asp:Content>
diff --git a/samples/OpenIdProviderWebForms/decide.aspx.cs b/samples/OpenIdProviderWebForms/decide.aspx.cs
index 777a688..3a14cf7 100644
--- a/samples/OpenIdProviderWebForms/decide.aspx.cs
+++ b/samples/OpenIdProviderWebForms/decide.aspx.cs
@@ -12,61 +12,75 @@ namespace OpenIdProviderWebForms {
 	/// </summary>
 	public partial class decide : Page {
 		protected void Page_Load(object src, EventArgs e) {
-			if (ProviderEndpoint.PendingAuthenticationRequest == null) {
+			if (ProviderEndpoint.PendingRequest == null) {
 				Response.Redirect("~/");
 			}
 
-			if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity) {
-				ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier = Code.Util.BuildIdentityUrl();
-			}
 			this.relyingPartyVerificationResultLabel.Text =
-				ProviderEndpoint.PendingAuthenticationRequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider.Channel.WebRequestHandler) ? "passed" : "failed";
+				ProviderEndpoint.PendingRequest.IsReturnUrlDiscoverable(ProviderEndpoint.Provider) == RelyingPartyDiscoveryResult.Success ? "passed" : "failed";
+
+			this.realmLabel.Text = ProviderEndpoint.PendingRequest.Realm.ToString();
 
-			this.identityUrlLabel.Text = ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier.ToString();
-			this.realmLabel.Text = ProviderEndpoint.PendingAuthenticationRequest.Realm.ToString();
+			if (ProviderEndpoint.PendingAuthenticationRequest != null) {
+				if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity) {
+					ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier = Code.Util.BuildIdentityUrl();
+				}
+				this.identityUrlLabel.Text = ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier.ToString();
 
-			// check that the logged in user is the same as the user requesting authentication to the consumer. If not, then log them out.
-			if (string.Equals(User.Identity.Name, Code.Util.ExtractUserName(ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier), StringComparison.OrdinalIgnoreCase)) {
-				// if simple registration fields were used, then prompt the user for them
-				var requestedFields = ProviderEndpoint.PendingAuthenticationRequest.GetExtension<ClaimsRequest>();
-				if (requestedFields != null) {
-					this.profileFields.Visible = true;
-					this.profileFields.SetRequiredFieldsFromRequest(requestedFields);
-					if (!IsPostBack) {
-						var sregResponse = requestedFields.CreateResponse();
-						sregResponse.Email = Membership.GetUser().Email;
-						this.profileFields.SetOpenIdProfileFields(sregResponse);
-					}
+				// check that the logged in user is the same as the user requesting authentication to the consumer. If not, then log them out.
+				if (!string.Equals(User.Identity.Name, Code.Util.ExtractUserName(ProviderEndpoint.PendingAuthenticationRequest.LocalIdentifier), StringComparison.OrdinalIgnoreCase)) {
+					FormsAuthentication.SignOut();
+					Response.Redirect(Request.Url.AbsoluteUri);
 				}
 			} else {
-				FormsAuthentication.SignOut();
-				Response.Redirect(Request.Url.AbsoluteUri);
+				this.identityUrlLabel.Text = "(not applicable)";
+				this.siteRequestLabel.Text = "A site has asked for information about you.";
+			}
+
+			// if simple registration fields were used, then prompt the user for them
+			var requestedFields = ProviderEndpoint.PendingRequest.GetExtension<ClaimsRequest>();
+			if (requestedFields != null) {
+				this.profileFields.Visible = true;
+				this.profileFields.SetRequiredFieldsFromRequest(requestedFields);
+				if (!IsPostBack) {
+					var sregResponse = requestedFields.CreateResponse();
+					sregResponse.Email = Membership.GetUser().Email;
+					this.profileFields.SetOpenIdProfileFields(sregResponse);
+				}
 			}
 		}
 
 		protected void Yes_Click(object sender, EventArgs e) {
-			var sregRequest = ProviderEndpoint.PendingAuthenticationRequest.GetExtension<ClaimsRequest>();
+			var sregRequest = ProviderEndpoint.PendingRequest.GetExtension<ClaimsRequest>();
 			ClaimsResponse sregResponse = null;
 			if (sregRequest != null) {
 				sregResponse = this.profileFields.GetOpenIdProfileFields(sregRequest);
-				ProviderEndpoint.PendingAuthenticationRequest.AddResponseExtension(sregResponse);
+				ProviderEndpoint.PendingRequest.AddResponseExtension(sregResponse);
 			}
-			var papeRequest = ProviderEndpoint.PendingAuthenticationRequest.GetExtension<PolicyRequest>();
+			var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>();
 			PolicyResponse papeResponse = null;
 			if (papeRequest != null) {
 				papeResponse = new PolicyResponse();
 				papeResponse.NistAssuranceLevel = NistAssuranceLevel.InsufficientForLevel1;
-				ProviderEndpoint.PendingAuthenticationRequest.AddResponseExtension(papeResponse);
+				ProviderEndpoint.PendingRequest.AddResponseExtension(papeResponse);
 			}
 
-			ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
-			Debug.Assert(ProviderEndpoint.PendingAuthenticationRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
+			if (ProviderEndpoint.PendingAuthenticationRequest != null) {
+				ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
+			} else {
+				ProviderEndpoint.PendingAnonymousRequest.IsApproved = true;
+			}
+			Debug.Assert(ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
 			ProviderEndpoint.SendResponse();
 		}
 
 		protected void No_Click(object sender, EventArgs e) {
-			ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = false;
-			Debug.Assert(ProviderEndpoint.PendingAuthenticationRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
+			if (ProviderEndpoint.PendingAuthenticationRequest != null) {
+				ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = false;
+			} else {
+				ProviderEndpoint.PendingAnonymousRequest.IsApproved = false;
+			}
+			Debug.Assert(ProviderEndpoint.PendingRequest.IsResponseReady, "Setting authentication should be all that's necessary.");
 			ProviderEndpoint.SendResponse();
 		}
 	}
diff --git a/samples/OpenIdProviderWebForms/decide.aspx.designer.cs b/samples/OpenIdProviderWebForms/decide.aspx.designer.cs
index 795d1c7..05386cd 100644
--- a/samples/OpenIdProviderWebForms/decide.aspx.designer.cs
+++ b/samples/OpenIdProviderWebForms/decide.aspx.designer.cs
@@ -1,7 +1,7 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.3521
+//     Runtime Version:2.0.50727.4918
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -14,6 +14,15 @@ namespace OpenIdProviderWebForms {
     public partial class decide {
         
         /// <summary>
+        /// siteRequestLabel control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::System.Web.UI.WebControls.Label siteRequestLabel;
+        
+        /// <summary>
         /// relyingPartyVerificationResultLabel control.
         /// </summary>
         /// <remarks>
diff --git a/samples/OpenIdProviderWebForms/server.aspx b/samples/OpenIdProviderWebForms/server.aspx
index 10030a6..d3ce78d 100644
--- a/samples/OpenIdProviderWebForms/server.aspx
+++ b/samples/OpenIdProviderWebForms/server.aspx
@@ -14,7 +14,7 @@
 	     This server.aspx page is the default provider endpoint to use.  To switch to the .ashx handler,
 	     change the user_xrds.aspx and op_xrds.aspx files to point to provider.ashx instead of server.aspx.
 	     --%>
-	<openid:ProviderEndpoint runat="server" OnAuthenticationChallenge="provider_AuthenticationChallenge" />
+	<openid:ProviderEndpoint runat="server" OnAuthenticationChallenge="provider_AuthenticationChallenge" OnAnonymousRequest="provider_AnonymousRequest" />
 	<p>
 		<asp:Label ID="serverEndpointUrl" runat="server" EnableViewState="false" />
 		is an OpenID server endpoint.
diff --git a/samples/OpenIdProviderWebForms/server.aspx.cs b/samples/OpenIdProviderWebForms/server.aspx.cs
index c0af0b4..89e14f4 100644
--- a/samples/OpenIdProviderWebForms/server.aspx.cs
+++ b/samples/OpenIdProviderWebForms/server.aspx.cs
@@ -14,5 +14,9 @@ namespace OpenIdProviderWebForms {
 		protected void provider_AuthenticationChallenge(object sender, AuthenticationChallengeEventArgs e) {
 			Code.Util.ProcessAuthenticationChallenge(e.Request);
 		}
+
+		protected void provider_AnonymousRequest(object sender, AnonymousRequestEventArgs e) {
+			Code.Util.ProcessAnonymousRequest(e.Request);
+		}
 	}
 }
 \ No newline at end of file