20 files changed, 574 insertions, 0 deletions

diff --git a/samples/ServiceProvider/App_Code/Constants.cs b/samples/ServiceProvider/App_Code/Constants.cs
new file mode 100644
index 0000000..7965dc0
--- /dev/null
+++ b/samples/ServiceProvider/App_Code/Constants.cs
@@ -0,0 +1,32 @@
+using System;

+using DotNetOAuth;

+using DotNetOAuth.ChannelElements;

+using DotNetOAuth.Messaging;

+

+/// <summary>

+/// Service Provider definitions.

+/// </summary>

+public static class Constants {

+	public static InMemoryTokenManager TokenManager { get; set; }

+

+	public static Uri WebRootUrl { get; set; }

+

+	public static ServiceProviderDescription SelfDescription {

+		get {

+			ServiceProviderDescription description = new ServiceProviderDescription {

+				AccessTokenEndpoint = new MessageReceivingEndpoint(new Uri(WebRootUrl, "/OAuth.ashx"), HttpDeliveryMethod.PostRequest),

+				RequestTokenEndpoint = new MessageReceivingEndpoint(new Uri(WebRootUrl, "/OAuth.ashx"), HttpDeliveryMethod.PostRequest),

+				UserAuthorizationEndpoint = new MessageReceivingEndpoint(new Uri(WebRootUrl, "/OAuth.ashx"), HttpDeliveryMethod.PostRequest),

+				TamperProtectionElements = new ITamperProtectionChannelBindingElement[] {

+					new HmacSha1SigningBindingElement(),

+				},

+			};

+

+			return description;

+		}

+	}

+

+	public static ServiceProvider CreateServiceProvider() {

+		return new ServiceProvider(SelfDescription, TokenManager);

+	}

+}

diff --git a/samples/ServiceProvider/App_Code/DataApi.cs b/samples/ServiceProvider/App_Code/DataApi.cs
new file mode 100644
index 0000000..9e679cd
--- /dev/null
+++ b/samples/ServiceProvider/App_Code/DataApi.cs
@@ -0,0 +1,16 @@
+using System;

+using System.Collections.Generic;

+using System.Linq;

+using System.Runtime.Serialization;

+using System.ServiceModel;

+using System.Text;

+

+public class DataApi : IDataApi {

+	public int GetAge() {

+		return 5;

+	}

+

+	public string GetName() {

+		return "Andrew";

+	}

+}

diff --git a/samples/ServiceProvider/App_Code/IDataApi.cs b/samples/ServiceProvider/App_Code/IDataApi.cs
new file mode 100644
index 0000000..895dda1
--- /dev/null
+++ b/samples/ServiceProvider/App_Code/IDataApi.cs
@@ -0,0 +1,15 @@
+using System;

+using System.Collections.Generic;

+using System.Linq;

+using System.Runtime.Serialization;

+using System.ServiceModel;

+using System.Text;

+

+[ServiceContract]

+public interface IDataApi {

+	[OperationContract]

+	int GetAge();

+

+	[OperationContract]

+	string GetName();

+}

diff --git a/samples/ServiceProvider/App_Code/InMemoryTokenManager.cs b/samples/ServiceProvider/App_Code/InMemoryTokenManager.cs
new file mode 100644
index 0000000..540fd81
--- /dev/null
+++ b/samples/ServiceProvider/App_Code/InMemoryTokenManager.cs
@@ -0,0 +1,91 @@
+//-----------------------------------------------------------------------

+// <copyright file="InMemoryTokenManager.cs" company="Andrew Arnott">

+//     Copyright (c) Andrew Arnott. All rights reserved.

+// </copyright>

+//-----------------------------------------------------------------------

+

+using System;

+using System.Collections.Generic;

+using System.Diagnostics;

+using DotNetOAuth.ChannelElements;

+

+public class InMemoryTokenManager : ITokenManager {

+	private Dictionary<string, string> consumersAndSecrets = new Dictionary<string, string>();

+	private Dictionary<string, string> tokensAndSecrets = new Dictionary<string, string>();

+

+	/// <summary>

+	/// Request tokens that have been issued, and whether they have been authorized yet.

+	/// </summary>

+	private Dictionary<string, bool> requestTokens = new Dictionary<string, bool>();

+

+	/// <summary>

+	/// Access tokens that have been issued and have not yet expired.

+	/// </summary>

+	private List<string> accessTokens = new List<string>();

+

+	#region ITokenManager Members

+

+	public string GetConsumerSecret(string consumerKey) {

+		return this.consumersAndSecrets[consumerKey];

+	}

+

+	public string GetTokenSecret(string token) {

+		return this.tokensAndSecrets[token];

+	}

+

+	public void StoreNewRequestToken(string consumerKey, string requestToken, string requestTokenSecret, IDictionary<string, string> parameters) {

+		this.tokensAndSecrets[requestToken] = requestTokenSecret;

+		this.requestTokens.Add(requestToken, false);

+	}

+

+	/// <summary>

+	/// Checks whether a given request token has already been authorized

+	/// by some user for use by the Consumer that requested it.

+	/// </summary>

+	/// <param name="requestToken">The Consumer's request token.</param>

+	/// <returns>

+	/// True if the request token has already been fully authorized by the user

+	/// who owns the relevant protected resources.  False if the token has not yet

+	/// been authorized, has expired or does not exist.

+	/// </returns>

+	public bool IsRequestTokenAuthorized(string requestToken) {

+		return this.requestTokens[requestToken];

+	}

+

+	public void ExpireRequestTokenAndStoreNewAccessToken(string consumerKey, string requestToken, string accessToken, string accessTokenSecret) {

+		Debug.Assert(this.requestTokens[requestToken], "Unauthorized token should not be exchanged for access token.");

+		this.requestTokens.Remove(requestToken);

+		this.accessTokens.Add(accessToken);

+		this.tokensAndSecrets.Remove(requestToken);

+		this.tokensAndSecrets[accessToken] = accessTokenSecret;

+	}

+

+	/// <summary>

+	/// Classifies a token as a request token or an access token.

+	/// </summary>

+	/// <param name="token">The token to classify.</param>

+	/// <returns>Request or Access token, or invalid if the token is not recognized.</returns>

+	public TokenType GetTokenType(string token) {

+		if (this.requestTokens.ContainsKey(token)) {

+			return TokenType.RequestToken;

+		} else if (this.accessTokens.Contains(token)) {

+			return TokenType.AccessToken;

+		} else {

+			return TokenType.InvalidToken;

+		}

+	}

+

+	#endregion

+

+	public void AddConsumer(string key, string secret) {

+		this.consumersAndSecrets.Add(key, secret);

+	}

+

+	public void AuthorizeRequestToken(string requestToken) {

+		if (requestToken == null) {

+			throw new ArgumentNullException("requestToken");

+		}

+

+		this.requestTokens[requestToken] = true;

+	}

+}

diff --git a/samples/ServiceProvider/App_Code/Logging.cs b/samples/ServiceProvider/App_Code/Logging.cs
new file mode 100644
index 0000000..cba9b4e
--- /dev/null
+++ b/samples/ServiceProvider/App_Code/Logging.cs
@@ -0,0 +1,20 @@
+using System;

+using System.Collections.Generic;

+using System.Linq;

+using System.Text;

+using System.Web;

+

+/// <summary>

+/// Logging tools for this sample.

+/// </summary>

+public static class Logging {

+	/// <summary>

+	/// An application memory cache of recent log messages.

+	/// </summary>

+	public static StringBuilder LogMessages = new StringBuilder();

+

+	/// <summary>

+	/// The logger for this sample to use.

+	/// </summary>

+	public static log4net.ILog Logger = log4net.LogManager.GetLogger("DotNetOAuth.ConsumerSample");

+}

diff --git a/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs b/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs
new file mode 100644
index 0000000..20536d8
--- /dev/null
+++ b/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs
@@ -0,0 +1,32 @@
+using System;

+using System.ServiceModel;

+using System.ServiceModel.Channels;

+using DotNetOAuth;

+

+/// <summary>

+/// A WCF extension to authenticate incoming messages using OAuth.

+/// </summary>

+public class OAuthAuthorizationManager : ServiceAuthorizationManager {

+	public OAuthAuthorizationManager() {

+	}

+

+	protected override bool CheckAccessCore(OperationContext operationContext) {

+		if (!base.CheckAccessCore(operationContext)) {

+			return false;

+		}

+

+		HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;

+		Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;

+		ServiceProvider sp = Constants.CreateServiceProvider();

+		var auth = sp.GetProtectedResourceAuthorization(httpDetails, requestUri);

+		if (auth != null) {

+			string consumer = auth.ConsumerKey;

+

+			//// TODO: pass the consumer along to the operation somehow

+

+			return true;

+		}

+

+		return false;

+	}

+}

diff --git a/samples/ServiceProvider/App_Code/TracePageAppender.cs b/samples/ServiceProvider/App_Code/TracePageAppender.cs
new file mode 100644
index 0000000..b3b539a
--- /dev/null
+++ b/samples/ServiceProvider/App_Code/TracePageAppender.cs
@@ -0,0 +1,11 @@
+using System;

+using System.Collections.Generic;

+using System.IO;

+using System.Web;

+

+public class TracePageAppender : log4net.Appender.AppenderSkeleton {

+	protected override void Append(log4net.Core.LoggingEvent loggingEvent) {

+		StringWriter sw = new StringWriter(Logging.LogMessages);

+		Layout.Format(sw, loggingEvent);

+	}

+}

diff --git a/samples/ServiceProvider/Authorize.aspx b/samples/ServiceProvider/Authorize.aspx
new file mode 100644
index 0000000..63774e9
--- /dev/null
+++ b/samples/ServiceProvider/Authorize.aspx
@@ -0,0 +1,20 @@
+<%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true"

+	CodeFile="Authorize.aspx.cs" Inherits="Authorize" %>

+

+<asp:Content ID="Content2" ContentPlaceHolderID="Body" runat="Server">

+	<div style="background-color: Yellow">

+		<b>Warning</b>: Never give your login credentials to another web site or application.

+	</div>

+	<p>The client web site or application

+		<asp:Label ID="consumerLabel" Font-Bold="true" runat="server" Text="[consumer]" />

+		wants access to your

+		<asp:Label ID="desiredAccessLabel" Font-Bold="true" runat="server" Text="[protected resource]" />.

+	</p>

+	<p>Do you want to allow this? </p>

+	<div>

+		<asp:Button ID="allowAccessButton" runat="server" Text="Yes" />

+		<asp:Button ID="denyAccessButton" runat="server" Text="No" />

+	</div>

+	<p>If you grant access now, you can revoke it at any time by returning to this page.

+	</p>

+</asp:Content>

diff --git a/samples/ServiceProvider/Authorize.aspx.cs b/samples/ServiceProvider/Authorize.aspx.cs
new file mode 100644
index 0000000..aecd831
--- /dev/null
+++ b/samples/ServiceProvider/Authorize.aspx.cs
@@ -0,0 +1,17 @@
+using System;

+using System.Collections.Generic;

+using System.Linq;

+using System.Web;

+using System.Web.UI;

+using System.Web.UI.WebControls;

+

+/// <summary>

+/// Conducts the user through a Consumer authorization process.

+/// </summary>

+public partial class Authorize : System.Web.UI.Page {

+	protected void Page_Load(object sender, EventArgs e) {

+		if (!IsPostBack && false) {

+			Response.Redirect("~/AuthorizedConsumers.aspx");

+		}

+	}

+}

diff --git a/samples/ServiceProvider/AuthorizedConsumers.aspx b/samples/ServiceProvider/AuthorizedConsumers.aspx
new file mode 100644
index 0000000..13d0f68
--- /dev/null
+++ b/samples/ServiceProvider/AuthorizedConsumers.aspx
@@ -0,0 +1,5 @@
+<%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage.master" AutoEventWireup="true" CodeFile="AuthorizedConsumers.aspx.cs" Inherits="AuthorizedConsumers" %>

+

+<asp:Content ID="Content2" ContentPlaceHolderID="Body" Runat="Server">

+</asp:Content>

+

diff --git a/samples/ServiceProvider/AuthorizedConsumers.aspx.cs b/samples/ServiceProvider/AuthorizedConsumers.aspx.cs
new file mode 100644
index 0000000..1fb4e95
--- /dev/null
+++ b/samples/ServiceProvider/AuthorizedConsumers.aspx.cs
@@ -0,0 +1,15 @@
+using System;

+using System.Collections.Generic;

+using System.Linq;

+using System.Web;

+using System.Web.UI;

+using System.Web.UI.WebControls;

+

+/// <summary>

+/// Lists the consumers that have active request or access tokens

+/// and provides a mechanism for the user to revoke permissions.

+/// </summary>

+public partial class AuthorizedConsumers : System.Web.UI.Page {

+	protected void Page_Load(object sender, EventArgs e) {

+	}

+}

diff --git a/samples/ServiceProvider/DataApi.svc b/samples/ServiceProvider/DataApi.svc
new file mode 100644
index 0000000..8dcf863
--- /dev/null
+++ b/samples/ServiceProvider/DataApi.svc
@@ -0,0 +1 @@
+<%@ ServiceHost Language="C#" Debug="true" Service="DataApi" CodeBehind="~/App_Code/DataApi.cs" %>

diff --git a/samples/ServiceProvider/Default.aspx b/samples/ServiceProvider/Default.aspx
new file mode 100644
index 0000000..6c8816d
--- /dev/null
+++ b/samples/ServiceProvider/Default.aspx
@@ -0,0 +1,9 @@
+<%@ Page Title="DotNetOAuth Service Provider Sample" Language="C#" MasterPageFile="~/MasterPage.master" %>

+

+<script runat="server">

+

+</script>

+

+<asp:Content ID="Content2" ContentPlaceHolderID="Body" Runat="Server">

+</asp:Content>

+

diff --git a/samples/ServiceProvider/Global.asax b/samples/ServiceProvider/Global.asax
new file mode 100644
index 0000000..ab1280b
--- /dev/null
+++ b/samples/ServiceProvider/Global.asax
@@ -0,0 +1,36 @@
+<%@ Application Language="C#" %>

+

+<script RunAt="server">

+	void Application_Start(object sender, EventArgs e) {

+		log4net.Config.XmlConfigurator.Configure();

+		Logging.Logger.Info("Sample starting...");

+		Constants.WebRootUrl = new Uri(HttpContext.Current.Request.Url, "/");

+		var tokenManager = new InMemoryTokenManager();

+		tokenManager.AddConsumer("sampleconsumer", "samplesecret");

+		Constants.TokenManager = tokenManager;

+	}

+

+	void Application_End(object sender, EventArgs e) {

+		Logging.Logger.Info("Sample shutting down...");

+		// this would be automatic, but in partial trust scenarios it is not.

+		log4net.LogManager.Shutdown();

+	}

+

+	void Application_Error(object sender, EventArgs e) {

+		// Code that runs when an unhandled error occurs

+

+	}

+

+	void Session_Start(object sender, EventArgs e) {

+		// Code that runs when a new session is started

+

+	}

+

+	void Session_End(object sender, EventArgs e) {

+		// Code that runs when a session ends. 

+		// Note: The Session_End event is raised only when the sessionstate mode

+		// is set to InProc in the Web.config file. If session mode is set to StateServer 

+		// or SQLServer, the event is not raised.

+

+	}

+</script>

diff --git a/samples/ServiceProvider/MasterPage.master b/samples/ServiceProvider/MasterPage.master
new file mode 100644
index 0000000..4bc6059
--- /dev/null
+++ b/samples/ServiceProvider/MasterPage.master
@@ -0,0 +1,23 @@
+<%@ Master Language="C#" %>

+

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+

+<script runat="server">

+

+</script>

+

+<html xmlns="http://www.w3.org/1999/xhtml">

+<head runat="server">

+	<title>DotNetOAuth Service Provider sample</title>

+	<asp:ContentPlaceHolder ID="head" runat="server"/>

+</head>

+<body>

+	<form id="form1" runat="server">

+	<h1>DotNetOAuth Service Provider sample</h1>

+	<div>

+		<asp:ContentPlaceHolder ID="Body" runat="server">

+		</asp:ContentPlaceHolder>

+	</div>

+	</form>

+</body>

+</html>

diff --git a/samples/ServiceProvider/OAuth.ashx b/samples/ServiceProvider/OAuth.ashx
new file mode 100644
index 0000000..f6694bc
--- /dev/null
+++ b/samples/ServiceProvider/OAuth.ashx
@@ -0,0 +1,40 @@
+<%@ WebHandler Language="C#" Class="OAuth" %>

+

+using System;

+using System.Web;

+using System.Web.SessionState;

+using DotNetOAuth;

+using DotNetOAuth.ChannelElements;

+using DotNetOAuth.Messages;

+using DotNetOAuth.Messaging;

+

+public class OAuth : IHttpHandler, IRequiresSessionState {

+	ServiceProvider sp;

+

+	public OAuth() {

+		sp = new ServiceProvider(Constants.SelfDescription, Constants.TokenManager);

+	}

+

+	public void ProcessRequest(HttpContext context) {

+		IProtocolMessage request = sp.ReadRequest();

+		RequestTokenMessage requestToken;

+		DirectUserToServiceProviderMessage requestAuth;

+		RequestAccessTokenMessage requestAccessToken;

+		if ((requestToken = request as RequestTokenMessage) != null) {

+			sp.SendUnauthorizedTokenResponse(requestToken, null).Send();

+		} else if ((requestAuth = request as DirectUserToServiceProviderMessage) != null) {

+			HttpContext.Current.Session["authrequest"] = requestAuth;

+			//HttpContext.Current.Response.Redirect("~/authorize.aspx");

+			Constants.TokenManager.AuthorizeRequestToken(requestAuth.RequestToken);

+			sp.SendAuthorizationResponse(requestAuth).Send();

+		} else if ((requestAccessToken = request as RequestAccessTokenMessage) != null) {

+			sp.SendAccessToken(requestAccessToken, null).Send();

+		} else {

+			throw new InvalidOperationException();

+		}

+	}

+

+	public bool IsReusable {

+		get { return true; }

+	}

+}
\ No newline at end of file
diff --git a/samples/ServiceProvider/Settings.StyleCop b/samples/ServiceProvider/Settings.StyleCop
new file mode 100644
index 0000000..7f55ce6
--- /dev/null
+++ b/samples/ServiceProvider/Settings.StyleCop
@@ -0,0 +1 @@
+<StyleCopSettings Version="4.3" />
\ No newline at end of file
diff --git a/samples/ServiceProvider/TracePage.aspx b/samples/ServiceProvider/TracePage.aspx
new file mode 100644
index 0000000..960e6ed
--- /dev/null
+++ b/samples/ServiceProvider/TracePage.aspx
@@ -0,0 +1,18 @@
+<%@ Page Language="C#" AutoEventWireup="true" CodeFile="TracePage.aspx.cs" Inherits="TracePage" %>

+

+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

+<html xmlns="http://www.w3.org/1999/xhtml">

+<head runat="server">

+	<title></title>

+</head>

+<body>

+	<form id="form1" runat="server">

+	<p align="right">

+		<asp:Button runat="server" Text="Clear log" ID="clearLogButton" OnClick="clearLogButton_Click" />

+	</p>

+	<pre>

+		<asp:PlaceHolder runat="server" ID="placeHolder1" />

+	</pre>

+	</form>

+</body>

+</html>

diff --git a/samples/ServiceProvider/TracePage.aspx.cs b/samples/ServiceProvider/TracePage.aspx.cs
new file mode 100644
index 0000000..47e217b
--- /dev/null
+++ b/samples/ServiceProvider/TracePage.aspx.cs
@@ -0,0 +1,21 @@
+using System;

+using System.Collections.Generic;

+using System.Web;

+using System.Web.UI;

+using System.Web.UI.WebControls;

+

+/// <summary>

+/// A page to display recent log messages.

+/// </summary>

+public partial class TracePage : System.Web.UI.Page {

+	protected void Page_Load(object sender, EventArgs e) {

+		placeHolder1.Controls.Add(new Label { Text = Logging.LogMessages.ToString() });

+	}

+

+	protected void clearLogButton_Click(object sender, EventArgs e) {

+		Logging.LogMessages.Length = 0;

+

+		// clear the page immediately, and allow for F5 without a Postback warning.

+		Response.Redirect(Request.Url.AbsoluteUri);

+	}

+}

diff --git a/samples/ServiceProvider/Web.config b/samples/ServiceProvider/Web.config
new file mode 100644
index 0000000..01abfbd
--- /dev/null
+++ b/samples/ServiceProvider/Web.config
@@ -0,0 +1,151 @@
+<?xml version="1.0"?>

+<configuration>

+	<configSections>

+		<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false"/>

+		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

+			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

+				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

+				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

+					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>

+					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

+					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

+					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

+				</sectionGroup>

+			</sectionGroup>

+		</sectionGroup>

+	</configSections>

+	<appSettings/>

+	<connectionStrings/>

+	<system.web>

+		<!-- 

+            Set compilation debug="true" to insert debugging 

+            symbols into the compiled page. Because this 

+            affects performance, set this value to true only 

+            during development.

+        -->

+		<compilation debug="true">

+			<assemblies>

+				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

+				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

+				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

+			</assemblies>

+		</compilation>

+		<!--

+            The <authentication> section enables configuration 

+            of the security authentication mode used by 

+            ASP.NET to identify an incoming user. 

+        -->

+		<authentication mode="Windows"/>

+		<!--

+            The <customErrors> section enables configuration 

+            of what to do if/when an unhandled error occurs 

+            during the execution of a request. Specifically, 

+            it enables developers to configure html error pages 

+            to be displayed in place of a error stack trace.

+

+        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

+            <error statusCode="403" redirect="NoAccess.htm" />

+            <error statusCode="404" redirect="FileNotFound.htm" />

+        </customErrors>

+        -->

+		<pages>

+			<controls>

+				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+			</controls>

+		</pages>

+		<httpHandlers>

+			<remove verb="*" path="*.asmx"/>

+			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>

+		</httpHandlers>

+		<httpModules>

+			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+		</httpModules>

+	</system.web>

+	<system.codedom>

+		<compilers>

+			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">

+				<providerOption name="CompilerVersion" value="v3.5"/>

+				<providerOption name="WarnAsError" value="false"/>

+			</compiler>

+			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">

+				<providerOption name="CompilerVersion" value="v3.5"/>

+				<providerOption name="OptionInfer" value="true"/>

+				<providerOption name="WarnAsError" value="false"/>

+			</compiler>

+		</compilers>

+	</system.codedom>

+	<!-- 

+        The system.webServer section is required for running ASP.NET AJAX under Internet

+        Information Services 7.0.  It is not necessary for previous version of IIS.

+    -->

+	<system.webServer>

+		<validation validateIntegratedModeConfiguration="false"/>

+		<modules>

+			<remove name="ScriptModule"/>

+			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+		</modules>

+		<handlers>

+			<remove name="WebServiceHandlerFactory-Integrated"/>

+			<remove name="ScriptHandlerFactory"/>

+			<remove name="ScriptHandlerFactoryAppServices"/>

+			<remove name="ScriptResource"/>

+			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

+		</handlers>

+	</system.webServer>

+	<runtime>

+		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

+			<dependentAssembly>

+				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>

+				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

+			</dependentAssembly>

+			<dependentAssembly>

+				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>

+				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

+			</dependentAssembly>

+		</assemblyBinding>

+	</runtime>

+	<log4net>

+		<appender name="TracePageAppender" type="TracePageAppender, __code">

+			<layout type="log4net.Layout.PatternLayout">

+				<conversionPattern value="%date (GMT%date{%z}) [%thread] %-5level %logger - %message%newline"/>

+			</layout>

+		</appender>

+		<!-- Setup the root category, add the appenders and set the default level -->

+		<root>

+			<level value="INFO"/>

+			<!--<appender-ref ref="RollingFileAppender" />-->

+			<appender-ref ref="TracePageAppender"/>

+		</root>

+		<!-- Specify the level for some specific categories -->

+		<logger name="DotNetOAuth">

+			<level value="ALL"/>

+		</logger>

+	</log4net>

+	<system.serviceModel>

+		<behaviors>

+			<serviceBehaviors>

+				<behavior name="DataApiBehavior">

+					<serviceMetadata httpGetEnabled="true"/>

+					<serviceDebug includeExceptionDetailInFaults="true"/>

+					<serviceAuthorization serviceAuthorizationManagerType="OAuthAuthorizationManager, __code"/>

+				</behavior>

+			</serviceBehaviors>

+		</behaviors>

+		<services>

+			<service behaviorConfiguration="DataApiBehavior" name="DataApi">

+				<endpoint address="" binding="wsHttpBinding" contract="IDataApi">

+					<identity>

+						<dns value="localhost"/>

+					</identity>

+				</endpoint>

+				<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>

+			</service>

+		</services>

+	</system.serviceModel>

+</configuration>