diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs | 5 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs | 9 |
2 files changed, 12 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs index bdf6c5b..b00ee65 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs @@ -406,7 +406,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { Contract.Requires<ArgumentNullException>(userSuppliedIdentifier != null); Contract.Requires<ArgumentNullException>(realm != null); Contract.Ensures(Contract.Result<IEnumerable<IAuthenticationRequest>>() != null); - Contract.Ensures(Contract.ForAll(Contract.Result<IEnumerable<IAuthenticationRequest>>(), el => el != null)); + + // This next code contract is a BAD idea, because it causes each authentication request to be generated + // at least an extra time. + ////Contract.Ensures(Contract.ForAll(Contract.Result<IEnumerable<IAuthenticationRequest>>(), el => el != null)); // Build the return_to URL UriBuilder returnTo = new UriBuilder(this.Channel.GetRequestFromContext().UrlBeforeRewriting); diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs index 4cf2648..09fcbcb 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs @@ -943,7 +943,14 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { req.SetUntrustedCallbackArgument(ReturnToReceivingControlId, this.ClientID); } - ((AuthenticationRequest)req).AssociationPreference = this.AssociationPreference; + // Apply the control's association preference to this auth request, but only if + // it is less demanding (greater ordinal value) than the existing one. + // That way, we protect against retrying an association that was already attempted. + var authReq = ((AuthenticationRequest)req); + if (authReq.AssociationPreference < this.AssociationPreference) { + authReq.AssociationPreference = this.AssociationPreference; + } + if (this.OnLoggingIn(req)) { yield return req; } |