diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth/Configuration/MessagingElement.cs | 23 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs | 4 |
2 files changed, 26 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth/Configuration/MessagingElement.cs b/src/DotNetOpenAuth/Configuration/MessagingElement.cs index 9e957fe..b49cecf 100644 --- a/src/DotNetOpenAuth/Configuration/MessagingElement.cs +++ b/src/DotNetOpenAuth/Configuration/MessagingElement.cs @@ -32,6 +32,11 @@ namespace DotNetOpenAuth.Configuration { private const string MaximumClockSkewConfigName = "clockSkew"; /// <summary> + /// The name of the attribute that controls whether messaging rules are strictly followed. + /// </summary> + private const string StrictConfigName = "strict"; + + /// <summary> /// Gets the actual maximum message lifetime that a program should allow. /// </summary> /// <value>The sum of the <see cref="MaximumMessageLifetime"/> and @@ -83,6 +88,24 @@ namespace DotNetOpenAuth.Configuration { } /// <summary> + /// Gets or sets a value indicating whether messaging rules are strictly + /// adhered to. + /// </summary> + /// <value><c>true</c> by default.</value> + /// <remarks> + /// Strict will require that remote parties adhere strictly to the specifications, + /// even when a loose interpretation would not compromise security. + /// <c>true</c> is a good default because it shakes out interoperability bugs in remote services + /// so they can be identified and corrected. But some web sites want things to Just Work + /// more than they want to file bugs against others, so <c>false</c> is the setting for them. + /// </remarks> + [ConfigurationProperty(StrictConfigName, DefaultValue = true)] + internal bool Strict { + get { return (bool) this[StrictConfigName]; } + set { this[StrictConfigName] = value; } + } + + /// <summary> /// Gets or sets the configuration for the <see cref="UntrustedWebRequestHandler"/> class. /// </summary> /// <value>The untrusted web request.</value> diff --git a/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs b/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs index 3524f41..8ccad22 100644 --- a/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs +++ b/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs @@ -15,6 +15,7 @@ namespace DotNetOpenAuth.Messaging.Reflection { using System.Net.Security; using System.Reflection; using System.Xml; + using DotNetOpenAuth.Configuration; using DotNetOpenAuth.OpenId; /// <summary> @@ -189,7 +190,8 @@ namespace DotNetOpenAuth.Messaging.Reflection { try { if (this.IsConstantValue) { string constantValue = this.GetValue(message); - if (!string.Equals(constantValue, value, StringComparison.OrdinalIgnoreCase)) { + var caseSensitivity = DotNetOpenAuthSection.Configuration.Messaging.Strict ? StringComparison.Ordinal : StringComparison.OrdinalIgnoreCase; + if (!string.Equals(constantValue, value, caseSensitivity)) { throw new ArgumentException(string.Format( CultureInfo.CurrentCulture, MessagingStrings.UnexpectedMessagePartValueForConstant, |