summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs')
-rw-r--r--src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs33
1 files changed, 19 insertions, 14 deletions
diff --git a/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs b/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs
index 3d2836e..befc138 100644
--- a/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs
+++ b/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs
@@ -20,7 +20,7 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
/// the <see cref="AuthenticationPolicies.PrivatePersonalIdentifier"/> authentication policy.</para>
/// <para>The static member <see cref="PpidGeneration.PpidIdentifierProvider"/> MUST
/// be set prior to any PPID requests come in. Typically this should be set in the
- /// <see cref="HttpApplication.Start"/> event handler in the global.asax.cs file.</para>
+ /// <c>Application_Start</c> method in the global.asax.cs file.</para>
/// </remarks>
[Serializable]
public sealed class PpidGeneration : IProviderBehavior {
@@ -57,13 +57,11 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
/// from handling it; <c>false</c> to allow other behaviors to process this request.
/// </returns>
bool IProviderBehavior.OnOutgoingResponse(IAuthenticationRequest request) {
- ErrorUtilities.VerifyArgumentNotNull(request, "request");
-
- bool result = false;
+ ErrorUtilities.VerifyArgumentNotNull(request, "request");
// Nothing to do for negative assertions.
if (!request.IsAuthenticated.Value) {
- return result;
+ return false;
}
var requestInternal = (Provider.AuthenticationRequest)request;
@@ -72,26 +70,33 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
// Only apply our special policies if the RP requested it.
var papeRequest = request.GetExtension<PolicyRequest>();
if (papeRequest != null) {
- var papeResponse = responseMessage.Extensions.OfType<PolicyResponse>().SingleOrDefault();
- if (papeResponse == null) {
- request.AddResponseExtension(papeResponse = new PolicyResponse());
- }
-
if (papeRequest.PreferredPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) {
ErrorUtilities.VerifyProtocol(request.ClaimedIdentifier == request.LocalIdentifier, OpenIdStrings.DelegatingIdentifiersNotAllowed);
+ if (PpidIdentifierProvider == null) {
+ Logger.OpenId.Error(BehaviorStrings.PpidProviderNotGiven);
+ return false;
+ }
+
// Mask the user's identity with a PPID.
- ErrorUtilities.VerifyHost(PpidIdentifierProvider != null, BehaviorStrings.PpidProviderNotGiven);
- Identifier ppidIdentifier = PpidIdentifierProvider.GetIdentifier(request.LocalIdentifier, request.Realm);
- requestInternal.ResetClaimedAndLocalIdentifiers(ppidIdentifier);
+ if (PpidIdentifierProvider.IsUserLocalIdentifier(request.LocalIdentifier)) {
+ Identifier ppidIdentifier = PpidIdentifierProvider.GetIdentifier(request.LocalIdentifier, request.Realm);
+ requestInternal.ResetClaimedAndLocalIdentifiers(ppidIdentifier);
+ }
// Indicate that the RP is receiving a PPID claimed_id
+ var papeResponse = responseMessage.Extensions.OfType<PolicyResponse>().SingleOrDefault();
+ if (papeResponse == null) {
+ request.AddResponseExtension(papeResponse = new PolicyResponse());
+ }
+
if (!papeResponse.ActualPolicies.Contains(AuthenticationPolicies.PrivatePersonalIdentifier)) {
papeResponse.ActualPolicies.Add(AuthenticationPolicies.PrivatePersonalIdentifier);
}
}
}
- return result;
+
+ return false;
}
#endregion