1 files changed, 47 insertions, 54 deletions

diff --git a/src/DotNetOpenAuth.OpenId.Provider.UI/OpenId/Provider/ProviderEndpoint.cs b/src/DotNetOpenAuth.OpenId.Provider.UI/OpenId/Provider/ProviderEndpoint.cs
index c5c3540..fb1aee3 100644
--- a/src/DotNetOpenAuth.OpenId.Provider.UI/OpenId/Provider/ProviderEndpoint.cs
+++ b/src/DotNetOpenAuth.OpenId.Provider.UI/OpenId/Provider/ProviderEndpoint.cs
@@ -46,12 +46,14 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// <summary>
 		/// Backing field for the <see cref="Provider"/> property.
 		/// </summary>
-		private static OpenIdProvider provider;
+		private Lazy<OpenIdProvider> provider;
 
 		/// <summary>
-		/// The lock that must be obtained when initializing the provider field.
+		/// Initializes a new instance of the <see cref="ProviderEndpoint"/> class.
 		/// </summary>
-		private static object providerInitializerLock = new object();
+		public ProviderEndpoint() {
+			this.provider = new Lazy<OpenIdProvider>(this.CreateProvider);
+		}
 
 		/// <summary>
 		/// Fired when an incoming OpenID request is an authentication challenge
@@ -70,22 +72,14 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Gets or sets the <see cref="OpenIdProvider"/> instance to use for all instances of this control.
 		/// </summary>
 		/// <value>The default value is an <see cref="OpenIdProvider"/> instance initialized according to the web.config file.</value>
-		public static OpenIdProvider Provider {
+		public OpenIdProvider Provider {
 			get {
-				if (provider == null) {
-					lock (providerInitializerLock) {
-						if (provider == null) {
-							provider = CreateProvider();
-						}
-					}
-				}
-
-				return provider;
+				return this.provider.Value;
 			}
 
 			set {
 				Requires.NotNull(value, "value");
-				provider = value;
+				this.provider = new Lazy<OpenIdProvider>(() => value, LazyThreadSafetyMode.PublicationOnly);
 			}
 		}
 
@@ -181,10 +175,10 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// <returns>
 		/// The response message.
 		/// </returns>
-		public static Task<HttpResponseMessage> PrepareResponseAsync(CancellationToken cancellationToken = default(CancellationToken)) {
+		public Task<HttpResponseMessage> PrepareResponseAsync(CancellationToken cancellationToken = default(CancellationToken)) {
 			var pendingRequest = PendingRequest;
 			PendingRequest = null;
-			return Provider.PrepareResponseAsync(pendingRequest, cancellationToken);
+			return this.Provider.PrepareResponseAsync(pendingRequest, cancellationToken);
 		}
 
 		/// <summary>
@@ -196,46 +190,45 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		protected override void OnLoad(EventArgs e) {
 			base.OnLoad(e);
 
-			Task.Run(
-				async delegate {
-					// There is the unusual scenario that this control is hosted by
-					// an ASP.NET web page that has other UI on it to that the user
-					// might see, including controls that cause a postback to occur.
-					// We definitely want to ignore postbacks, since any openid messages
-					// they contain will be old.
-					if (this.Enabled && !this.Page.IsPostBack) {
-						// Use the explicitly given state store on this control if there is one.  
-						// Then try the configuration file specified one.  Finally, use the default
-						// in-memory one that's built into OpenIdProvider.
-						// determine what incoming message was received
-						IRequest request = await Provider.GetRequestAsync(new HttpRequestWrapper(this.Context.Request), CancellationToken.None);
-						if (request != null) {
-							PendingRequest = null;
+			this.Page.RegisterAsyncTask(new PageAsyncTask(async cancellationToken => {
+				// There is the unusual scenario that this control is hosted by
+				// an ASP.NET web page that has other UI on it to that the user
+				// might see, including controls that cause a postback to occur.
+				// We definitely want to ignore postbacks, since any openid messages
+				// they contain will be old.
+				if (this.Enabled && !this.Page.IsPostBack) {
+					// Use the explicitly given state store on this control if there is one.  
+					// Then try the configuration file specified one.  Finally, use the default
+					// in-memory one that's built into OpenIdProvider.
+					// determine what incoming message was received
+					IRequest request = await Provider.GetRequestAsync(new HttpRequestWrapper(this.Context.Request), cancellationToken);
+					if (request != null) {
+						PendingRequest = null;
 
-							// process the incoming message appropriately and send the response
-							IAuthenticationRequest idrequest;
-							IAnonymousRequest anonRequest;
-							if ((idrequest = request as IAuthenticationRequest) != null) {
-								PendingAuthenticationRequest = idrequest;
-								this.OnAuthenticationChallenge(idrequest);
-							} else if ((anonRequest = request as IAnonymousRequest) != null) {
-								PendingAnonymousRequest = anonRequest;
-								if (!this.OnAnonymousRequest(anonRequest)) {
-									// This is a feature not supported by the OP, so
-									// go ahead and set disapproved so we can send a response.
-									Logger.OpenId.Warn(
-										"An incoming anonymous OpenID request message was detected, but the ProviderEndpoint.AnonymousRequest event is not handled, so returning cancellation message to relying party.");
-									anonRequest.IsApproved = false;
-								}
-							}
-							if (request.IsResponseReady) {
-								PendingAuthenticationRequest = null;
-								var response = await Provider.PrepareResponseAsync(request, CancellationToken.None);
-								response.Send(new HttpContextWrapper(this.Context).Response);
+						// process the incoming message appropriately and send the response
+						IAuthenticationRequest idrequest;
+						IAnonymousRequest anonRequest;
+						if ((idrequest = request as IAuthenticationRequest) != null) {
+							PendingAuthenticationRequest = idrequest;
+							this.OnAuthenticationChallenge(idrequest);
+						} else if ((anonRequest = request as IAnonymousRequest) != null) {
+							PendingAnonymousRequest = anonRequest;
+							if (!this.OnAnonymousRequest(anonRequest)) {
+								// This is a feature not supported by the OP, so
+								// go ahead and set disapproved so we can send a response.
+								Logger.OpenId.Warn(
+									"An incoming anonymous OpenID request message was detected, but the ProviderEndpoint.AnonymousRequest event is not handled, so returning cancellation message to relying party.");
+								anonRequest.IsApproved = false;
 							}
 						}
+						if (request.IsResponseReady) {
+							PendingAuthenticationRequest = null;
+							var response = await Provider.PrepareResponseAsync(request, cancellationToken);
+							await response.SendAsync(new HttpContextWrapper(this.Context), cancellationToken);
+						}
 					}
-				});
+				}
+			}));
 		}
 
 		/// <summary>
@@ -268,8 +261,8 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// Creates the default OpenIdProvider to use.
 		/// </summary>
 		/// <returns>The new instance of OpenIdProvider.</returns>
-		private static OpenIdProvider CreateProvider() {
-			return new OpenIdProvider(OpenIdElement.Configuration.Provider.ApplicationStore.CreateInstance(OpenIdProvider.GetHttpApplicationStore(), null));
+		private OpenIdProvider CreateProvider() {
+			return new OpenIdProvider(OpenIdElement.Configuration.Provider.ApplicationStore.CreateInstance(OpenIdProvider.GetHttpApplicationStore(new HttpContextWrapper(this.Context)), null));
 		}
 	}
 }