16 files changed, 92 insertions, 66 deletions
diff --git a/samples/ProviderCustomStore/Global.asax.cs b/samples/ProviderCustomStore/Global.asax.cs
index 7b52c6a..ad31f4f 100644
--- a/samples/ProviderCustomStore/Global.asax.cs
+++ b/samples/ProviderCustomStore/Global.asax.cs
@@ -3,6 +3,11 @@ using ProviderPortal;
 
 namespace ProviderCustomStore {
 	public class Global : System.Web.HttpApplication {
+		public Global() {
+			// since this is a sample, and will often be used with localhost
+			DotNetOpenId.UntrustedWebRequest.WhitelistHosts.Add("localhost");
+		}
+
 		protected void Application_BeginRequest(object sender, EventArgs e) {
 			URLRewriter.Process();
 		}
diff --git a/samples/ProviderCustomStore/op_xrds.aspx b/samples/ProviderCustomStore/op_xrds.aspx
index 7d0ca2c..b906bfe 100644
--- a/samples/ProviderCustomStore/op_xrds.aspx
+++ b/samples/ProviderCustomStore/op_xrds.aspx
@@ -12,7 +12,7 @@ This XRDS doc is discovered via the user.aspx page.
 	<XRD>
 		<Service priority="10">
 			<Type>http://specs.openid.net/auth/2.0/server</Type>
-			<Type>http://openid.net/sreg/1.0</Type>
+			<Type>http://openid.net/extensions/sreg/1.1</Type>
 			<URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/server.aspx"))%></URI>
 		</Service>
 	</XRD>
diff --git a/samples/ProviderCustomStore/user_xrds.aspx b/samples/ProviderCustomStore/user_xrds.aspx
index 4f3e446..56b1244 100644
--- a/samples/ProviderCustomStore/user_xrds.aspx
+++ b/samples/ProviderCustomStore/user_xrds.aspx
@@ -12,12 +12,12 @@ This XRDS doc is discovered via the user.aspx page.
 	<XRD>
 		<Service priority="10">
 			<Type>http://specs.openid.net/auth/2.0/signon</Type>
-			<Type>http://openid.net/sreg/1.0</Type>
+			<Type>http://openid.net/extensions/sreg/1.1</Type>
 			<URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/server.aspx"))%></URI>
 		</Service>
 		<Service priority="20">
 			<Type>http://openid.net/signon/1.0</Type>
-			<Type>http://openid.net/sreg/1.0</Type>
+			<Type>http://openid.net/extensions/sreg/1.1</Type>
 			<URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/server.aspx"))%></URI>
 		</Service>
 	</XRD>
diff --git a/samples/ProviderPortal/Global.asax.cs b/samples/ProviderPortal/Global.asax.cs
index 091ea56..599bae2 100644
--- a/samples/ProviderPortal/Global.asax.cs
+++ b/samples/ProviderPortal/Global.asax.cs
@@ -8,6 +8,11 @@ namespace ProviderPortal {
 	public class Global : System.Web.HttpApplication {
 		internal static StringBuilder LogMessages = new StringBuilder();
 
+		public Global() {
+			// since this is a sample, and will often be used with localhost
+			DotNetOpenId.UntrustedWebRequest.WhitelistHosts.Add("localhost");
+		}
+
 		public static log4net.ILog Logger = log4net.LogManager.GetLogger(typeof(Global));
 
 		protected void Application_Start(object sender, EventArgs e) {
diff --git a/samples/ProviderPortal/ProfileFields.ascx.cs b/samples/ProviderPortal/ProfileFields.ascx.cs
index f898227..00f1834 100644
--- a/samples/ProviderPortal/ProfileFields.ascx.cs
+++ b/samples/ProviderPortal/ProfileFields.ascx.cs
@@ -97,31 +97,32 @@ public partial class ProfileFields : System.Web.UI.UserControl {
 		}
 	}
 
-	public ClaimsResponse OpenIdProfileFields {
-		get {
-			ClaimsResponse fields = new ClaimsResponse();
-			fields.BirthDate = DateOfBirth;
-			fields.Country = countryDropdownList.SelectedValue;
-			fields.Email = emailTextBox.Text;
-			fields.FullName = fullnameTextBox.Text;
-			fields.Gender = Gender;
-			fields.Language = languageDropdownList.SelectedValue;
-			fields.Nickname = nicknameTextBox.Text;
-			fields.PostalCode = postcodeTextBox.Text;
-			fields.TimeZone = timezoneDropdownList.SelectedValue;
-			return fields;
-		}
-		set {
-			DateOfBirth = value.BirthDate;
-			countryDropdownList.SelectedValue = value.Country;
-			emailTextBox.Text = value.Email;
-			fullnameTextBox.Text = value.FullName;
-			Gender = value.Gender;
-			languageDropdownList.SelectedValue = value.Language;
-			nicknameTextBox.Text = value.Nickname;
-			postcodeTextBox.Text = value.PostalCode;
-			timezoneDropdownList.SelectedValue = value.TimeZone;
-		}
+	public ClaimsResponse GetOpenIdProfileFields(ClaimsRequest request) {
+		if (request == null) throw new ArgumentNullException("request");
+		ClaimsResponse fields = request.CreateResponse();
+		fields.BirthDate = DateOfBirth;
+		fields.Country = countryDropdownList.SelectedValue;
+		fields.Email = emailTextBox.Text;
+		fields.FullName = fullnameTextBox.Text;
+		fields.Gender = Gender;
+		fields.Language = languageDropdownList.SelectedValue;
+		fields.Nickname = nicknameTextBox.Text;
+		fields.PostalCode = postcodeTextBox.Text;
+		fields.TimeZone = timezoneDropdownList.SelectedValue;
+		return fields;
+	}
+
+	public void SetOpenIdProfileFields(ClaimsResponse value) {
+		if (value == null) throw new ArgumentNullException("value");
+		DateOfBirth = value.BirthDate;
+		countryDropdownList.SelectedValue = value.Country;
+		emailTextBox.Text = value.Email;
+		fullnameTextBox.Text = value.FullName;
+		Gender = value.Gender;
+		languageDropdownList.SelectedValue = value.Language;
+		nicknameTextBox.Text = value.Nickname;
+		postcodeTextBox.Text = value.PostalCode;
+		timezoneDropdownList.SelectedValue = value.TimeZone;
 	}
 
 }
diff --git a/samples/ProviderPortal/decide.aspx.cs b/samples/ProviderPortal/decide.aspx.cs
index 882c320..1e1f95d 100644
--- a/samples/ProviderPortal/decide.aspx.cs
+++ b/samples/ProviderPortal/decide.aspx.cs
@@ -30,9 +30,9 @@ public partial class decide : Page {
 				this.profileFields.Visible = true;
 				this.profileFields.SetRequiredFieldsFromRequest(requestedFields);
 				if (!IsPostBack) {
-					this.profileFields.OpenIdProfileFields = new ClaimsResponse() {
-						Email = Membership.GetUser().Email,
-					};
+					var sregResponse = requestedFields.CreateResponse();
+					sregResponse.Email = Membership.GetUser().Email;
+					this.profileFields.SetOpenIdProfileFields(sregResponse);
 				}
 			}
 		} else {
@@ -42,8 +42,10 @@ public partial class decide : Page {
 	}
 
 	protected void Yes_Click(Object sender, EventArgs e) {
+		var sregRequest = ProviderEndpoint.PendingAuthenticationRequest.GetExtension<ClaimsRequest>();
+		var sregResponse = profileFields.GetOpenIdProfileFields(sregRequest);
 		ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true;
-		ProviderEndpoint.PendingAuthenticationRequest.AddResponseExtension(profileFields.OpenIdProfileFields);
+		ProviderEndpoint.PendingAuthenticationRequest.AddResponseExtension(sregResponse);
 		Debug.Assert(ProviderEndpoint.PendingAuthenticationRequest.IsResponseReady);
 		ProviderEndpoint.PendingAuthenticationRequest.Response.Send();
 		ProviderEndpoint.PendingAuthenticationRequest = null;
diff --git a/samples/ProviderPortal/op_xrds.aspx b/samples/ProviderPortal/op_xrds.aspx
index 7d0ca2c..b906bfe 100644
--- a/samples/ProviderPortal/op_xrds.aspx
+++ b/samples/ProviderPortal/op_xrds.aspx
@@ -12,7 +12,7 @@ This XRDS doc is discovered via the user.aspx page.
 	<XRD>
 		<Service priority="10">
 			<Type>http://specs.openid.net/auth/2.0/server</Type>
-			<Type>http://openid.net/sreg/1.0</Type>
+			<Type>http://openid.net/extensions/sreg/1.1</Type>
 			<URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/server.aspx"))%></URI>
 		</Service>
 	</XRD>
diff --git a/samples/ProviderPortal/user_xrds.aspx b/samples/ProviderPortal/user_xrds.aspx
index 4f3e446..56b1244 100644
--- a/samples/ProviderPortal/user_xrds.aspx
+++ b/samples/ProviderPortal/user_xrds.aspx
@@ -12,12 +12,12 @@ This XRDS doc is discovered via the user.aspx page.
 	<XRD>
 		<Service priority="10">
 			<Type>http://specs.openid.net/auth/2.0/signon</Type>
-			<Type>http://openid.net/sreg/1.0</Type>
+			<Type>http://openid.net/extensions/sreg/1.1</Type>
 			<URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/server.aspx"))%></URI>
 		</Service>
 		<Service priority="20">
 			<Type>http://openid.net/signon/1.0</Type>
-			<Type>http://openid.net/sreg/1.0</Type>
+			<Type>http://openid.net/extensions/sreg/1.1</Type>
 			<URI><%=new Uri(Request.Url, Response.ApplyAppPathModifier("~/server.aspx"))%></URI>
 		</Service>
 	</XRD>
diff --git a/samples/RelyingPartyCustomStore/Global.asax b/samples/RelyingPartyCustomStore/Global.asax
new file mode 100644
index 0000000..a00a077
--- /dev/null
+++ b/samples/RelyingPartyCustomStore/Global.asax
@@ -0,0 +1 @@
+<%@ Application Codebehind="Global.asax.cs" Inherits="RelyingPartyCustomStore.Global" Language="C#" %>
diff --git a/samples/RelyingPartyCustomStore/Global.asax.cs b/samples/RelyingPartyCustomStore/Global.asax.cs
new file mode 100644
index 0000000..b8b7593
--- /dev/null
+++ b/samples/RelyingPartyCustomStore/Global.asax.cs
@@ -0,0 +1,16 @@
+using System;
+using System.Collections;
+using System.Configuration;
+using System.Data;
+using System.Web;
+using System.Web.Security;
+using System.Web.SessionState;
+
+namespace RelyingPartyCustomStore {
+	public class Global : System.Web.HttpApplication {
+		public Global() {
+			// since this is a sample, and will often be used with localhost
+			DotNetOpenId.UntrustedWebRequest.WhitelistHosts.Add("localhost");
+		}
+	}
+}
+\ No newline at end of file
diff --git a/samples/RelyingPartyCustomStore/RelyingPartyCustomStore.csproj b/samples/RelyingPartyCustomStore/RelyingPartyCustomStore.csproj
index 3445f04..2519ec1 100644
--- a/samples/RelyingPartyCustomStore/RelyingPartyCustomStore.csproj
+++ b/samples/RelyingPartyCustomStore/RelyingPartyCustomStore.csproj
@@ -53,6 +53,9 @@
       <DesignTime>True</DesignTime>
       <DependentUpon>CustomStoreDataSet.xsd</DependentUpon>
     </Compile>
+    <Compile Include="Global.asax.cs">
+      <DependentUpon>Global.asax</DependentUpon>
+    </Compile>
     <Compile Include="login.aspx.cs">
       <DependentUpon>login.aspx</DependentUpon>
       <SubType>ASPXCodeBehind</SubType>
@@ -69,6 +72,7 @@
     </ProjectReference>
   </ItemGroup>
   <ItemGroup>
+    <Content Include="Global.asax" />
     <Content Include="MembersOnly\Web.config" />
   </ItemGroup>
   <ItemGroup>
diff --git a/samples/RelyingPartyCustomStore/login.aspx.cs b/samples/RelyingPartyCustomStore/login.aspx.cs
index 23cb7f7..f7b1088 100644
--- a/samples/RelyingPartyCustomStore/login.aspx.cs
+++ b/samples/RelyingPartyCustomStore/login.aspx.cs
@@ -8,7 +8,8 @@ public partial class login : System.Web.UI.Page {
 	protected void Page_Load(object sender, EventArgs e) {
 		openIdBox.Focus();
 
-		OpenIdRelyingParty rp = new OpenIdRelyingParty(CustomStore.Instance, Request.Url);
+		OpenIdRelyingParty rp = new OpenIdRelyingParty(CustomStore.Instance, Request.Url,
+			Request.HttpMethod == "GET" ? Request.QueryString : Request.Form);
 		if (rp.Response != null) {
 			switch (rp.Response.Status) {
 				case AuthenticationStatus.Authenticated:
@@ -25,7 +26,8 @@ public partial class login : System.Web.UI.Page {
 	}
 
 	protected void loginButton_Click(object sender, EventArgs e) {
-		OpenIdRelyingParty rp = new OpenIdRelyingParty(CustomStore.Instance, Request.Url);
+		OpenIdRelyingParty rp = new OpenIdRelyingParty(CustomStore.Instance, Request.Url,
+			Request.HttpMethod == "GET" ? Request.QueryString : Request.Form);
 		rp.CreateRequest(openIdBox.Text).RedirectToProvider();
 	}
 }
diff --git a/samples/RelyingPartyMvc/Global.asax.cs b/samples/RelyingPartyMvc/Global.asax.cs
index 0659169..0f0b4ef 100644
--- a/samples/RelyingPartyMvc/Global.asax.cs
+++ b/samples/RelyingPartyMvc/Global.asax.cs
@@ -7,6 +7,11 @@ using System.Web.Routing;
 
 namespace RelyingPartyMvc {
 	public class GlobalApplication : System.Web.HttpApplication {
+		public GlobalApplication() {
+			// since this is a sample, and will often be used with localhost
+			DotNetOpenId.UntrustedWebRequest.WhitelistHosts.Add("localhost");
+		}
+
 		public static void RegisterRoutes(RouteCollection routes) {
 			// Note: Change the URL to "{controller}.mvc/{action}/{id}" to enable
 			//       automatic support on IIS6 and IIS7 classic mode
diff --git a/samples/RelyingPartyPortal/Code/State.cs b/samples/RelyingPartyPortal/Code/State.cs
index 65e676c..642780c 100644
--- a/samples/RelyingPartyPortal/Code/State.cs
+++ b/samples/RelyingPartyPortal/Code/State.cs
@@ -1,34 +1,12 @@
-using System;
-using System.Data;
-using System.Configuration;
 using System.Web;
-using System.Web.Security;
-using System.Web.UI;
-using System.Web.UI.WebControls;
-using System.Web.UI.WebControls.WebParts;
-using System.Web.UI.HtmlControls;
 using DotNetOpenId.Extensions.SimpleRegistration;
 
 /// <summary>
-/// Summary description for State
+/// Strong-typed bag of session state.
 /// </summary>
-public class State
-{
-    public State()
-    {
-    }
-
-    public static ClaimsResponse ProfileFields
-    {
-        get
-        {
-            if (HttpContext.Current .Session["ProfileFields"] == null)
-            {
-                HttpContext.Current .Session["ProfileFields"] = new ClaimsResponse();
-            }
-            return (ClaimsResponse)HttpContext.Current .Session["ProfileFields"];
-        }
-        set { HttpContext.Current .Session["ProfileFields"] = value; }
-    }
-    
+public class State {
+	public static ClaimsResponse ProfileFields {
+		get { return HttpContext.Current.Session["ProfileFields"] as ClaimsResponse; }
+		set { HttpContext.Current.Session["ProfileFields"] = value; }
+	}
 }
diff --git a/samples/RelyingPartyPortal/Global.asax.cs b/samples/RelyingPartyPortal/Global.asax.cs
index eb61da9..259512f 100644
--- a/samples/RelyingPartyPortal/Global.asax.cs
+++ b/samples/RelyingPartyPortal/Global.asax.cs
@@ -8,6 +8,11 @@ namespace ConsumerPortal {
 	public class Global : System.Web.HttpApplication {
 		internal static StringBuilder LogMessages = new StringBuilder();
 
+		public Global() {
+			// since this is a sample, and will often be used with localhost
+			DotNetOpenId.UntrustedWebRequest.WhitelistHosts.Add("localhost");
+		}
+
 		public static log4net.ILog Logger = log4net.LogManager.GetLogger(typeof(Global));
 
 		protected void Application_Start(object sender, EventArgs e) {
diff --git a/samples/RelyingPartyPortal/MembersOnly/Default.aspx b/samples/RelyingPartyPortal/MembersOnly/Default.aspx
index 494ba71..c9b43e8 100644
--- a/samples/RelyingPartyPortal/MembersOnly/Default.aspx
+++ b/samples/RelyingPartyPortal/MembersOnly/Default.aspx
@@ -10,6 +10,7 @@
 	</p>
 	<asp:LoginStatus ID="LoginStatus1" runat="server" />
 
+<% if (State.ProfileFields != null) { %>
 	<p>
 		In addition to authenticating you, your OpenID Provider may
 		have told us something about you using the 
@@ -89,4 +90,5 @@
 			</td>
 		</tr>
 	</table>
-</asp:Content>
-\ No newline at end of file
+<% } %>
+</asp:Content>