2 files changed, 32 insertions, 10 deletions

diff --git a/src/DotNetOpenAuth/Messaging/Channel.cs b/src/DotNetOpenAuth/Messaging/Channel.cs
index f9bdb55..876c562 100644
--- a/src/DotNetOpenAuth/Messaging/Channel.cs
+++ b/src/DotNetOpenAuth/Messaging/Channel.cs
@@ -476,16 +476,7 @@ namespace DotNetOpenAuth.Messaging {
 					return null;
 				}
 
-				// Verify that the expected HTTP status code was used for the message,
-				// per OpenID 2.0 section 5.1.2.2.
-				var httpDirectResponse = responseMessage as IHttpDirectResponse;
-				if (httpDirectResponse != null) {
-					ErrorUtilities.VerifyProtocol(
-						httpDirectResponse.HttpStatusCode == response.Status,
-						MessagingStrings.UnexpectedHttpStatusCode,
-						(int)httpDirectResponse.HttpStatusCode,
-						(int)response.Status);
-				}
+				this.OnReceivingDirectResponse(response, responseMessage);
 			}
 
 			var responseSerializer = MessageSerializer.Get(responseMessage.GetType());
@@ -495,6 +486,14 @@ namespace DotNetOpenAuth.Messaging {
 		}
 
 		/// <summary>
+		/// Called when receiving a direct response message, before deserialization begins.
+		/// </summary>
+		/// <param name="response">The HTTP direct response.</param>
+		/// <param name="message">The newly instantiated message, prior to deserialization.</param>
+		protected virtual void OnReceivingDirectResponse(DirectWebResponse response, IDirectResponseProtocolMessage message) {
+		}
+
+		/// <summary>
 		/// Gets the protocol message that may be embedded in the given HTTP request.
 		/// </summary>
 		/// <param name="request">The request to search for an embedded message.</param>
diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs
index e146898..e05fa6d 100644
--- a/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs
+++ b/src/DotNetOpenAuth/OpenId/ChannelElements/OpenIdChannel.cs
@@ -199,6 +199,29 @@ namespace DotNetOpenAuth.OpenId.ChannelElements {
 		}
 
 		/// <summary>
+		/// Called when receiving a direct response message, before deserialization begins.
+		/// </summary>
+		/// <param name="response">The HTTP direct response.</param>
+		/// <param name="message">The newly instantiated message, prior to deserialization.</param>
+		protected override void OnReceivingDirectResponse(DirectWebResponse response, IDirectResponseProtocolMessage message) {
+			base.OnReceivingDirectResponse(response, message);
+
+			// Verify that the expected HTTP status code was used for the message,
+			// per OpenID 2.0 section 5.1.2.2.
+			// Note: The v1.1 spec doesn't require 400 responses for some error messages
+			if (message.Version.Major >= 2) {
+				var httpDirectResponse = message as IHttpDirectResponse;
+				if (httpDirectResponse != null) {
+					ErrorUtilities.VerifyProtocol(
+						httpDirectResponse.HttpStatusCode == response.Status,
+						MessagingStrings.UnexpectedHttpStatusCode,
+						(int)httpDirectResponse.HttpStatusCode,
+						(int)response.Status);
+				}
+			}
+		}
+
+		/// <summary>
 		/// Queues a message for sending in the response stream where the fields
 		/// are sent in the response stream in querystring style.
 		/// </summary>