diff options
Diffstat (limited to 'src')
11 files changed, 183 insertions, 97 deletions
diff --git a/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj b/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj index 433a8b6..53a1b8e 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj +++ b/src/DotNetOpenAuth.OpenId.Provider/DotNetOpenAuth.OpenId.Provider.csproj @@ -63,10 +63,6 @@ <Project>{60426312-6AE5-4835-8667-37EDEA670222}</Project> <Name>DotNetOpenAuth.Core</Name> </ProjectReference> - <ProjectReference Include="..\DotNetOpenAuth.OpenId.RelyingParty\DotNetOpenAuth.OpenId.RelyingParty.csproj"> - <Project>{F458AB60-BA1C-43D9-8CEF-EC01B50BE87B}</Project> - <Name>DotNetOpenAuth.OpenId.RelyingParty</Name> - </ProjectReference> <ProjectReference Include="..\DotNetOpenAuth.OpenId\DotNetOpenAuth.OpenId.csproj"> <Project>{3896A32A-E876-4C23-B9B8-78E17D134CD3}</Project> <Name>DotNetOpenAuth.OpenId</Name> diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs index 61ad8fd..93d86d2 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/ChannelElements/ProviderSigningBindingElement.cs @@ -189,7 +189,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { // Since this library's RP has a built-in request_nonce parameter for replay // protection, we'll allow for that. var returnToArgs = HttpUtility.ParseQueryString(response.ReturnTo.Query); - if (!string.IsNullOrEmpty(returnToArgs[ReturnToNonceBindingElement.NonceParameter])) { + if (!string.IsNullOrEmpty(returnToArgs[Protocol.ReturnToNonceParameter])) { return false; } diff --git a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs index 3b2f27e..f7e49f2 100644 --- a/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs +++ b/src/DotNetOpenAuth.OpenId.Provider/OpenId/Provider/OpenIdProvider.cs @@ -27,7 +27,7 @@ namespace DotNetOpenAuth.OpenId.Provider { /// </summary> [SuppressMessage("Microsoft.Maintainability", "CA1506:AvoidExcessiveClassCoupling", Justification = "By design")] [ContractVerification(true)] - public sealed class OpenIdProvider : IDisposable { + public sealed class OpenIdProvider : IDisposable, IOpenIdHost { /// <summary> /// The name of the key to use in the HttpApplication cache to store the /// instance of <see cref="StandardProviderApplicationStore"/> to use. @@ -40,6 +40,12 @@ namespace DotNetOpenAuth.OpenId.Provider { private readonly ObservableCollection<IProviderBehavior> behaviors = new ObservableCollection<IProviderBehavior>(); /// <summary> + /// The discovery service used to perform discovery on identifiers being sent in + /// unsolicited positive assertions. + /// </summary> + private readonly IdentifierDiscoveryServices discoveryServices; + + /// <summary> /// A type initializer that ensures that another type initializer runs in order to guarantee that /// types are serializable. /// </summary> @@ -57,12 +63,6 @@ namespace DotNetOpenAuth.OpenId.Provider { private ProviderSecuritySettings securitySettings; /// <summary> - /// The relying party used to perform discovery on identifiers being sent in - /// unsolicited positive assertions. - /// </summary> - private RP.OpenIdRelyingParty relyingParty; - - /// <summary> /// Initializes a new instance of the <see cref="OpenIdProvider"/> class. /// </summary> public OpenIdProvider() @@ -102,6 +102,7 @@ namespace DotNetOpenAuth.OpenId.Provider { this.AssociationStore = new SwitchingAssociationStore(cryptoKeyStore, this.SecuritySettings); this.Channel = new OpenIdProviderChannel(this.AssociationStore, nonceStore, this.SecuritySettings); this.CryptoKeyStore = cryptoKeyStore; + this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, nonceStore); } @@ -154,6 +155,13 @@ namespace DotNetOpenAuth.OpenId.Provider { } /// <summary> + /// Gets the security settings. + /// </summary> + SecuritySettings IOpenIdHost.SecuritySettings { + get { return this.SecuritySettings; } + } + + /// <summary> /// Gets the extension factories. /// </summary> public IList<IOpenIdExtensionFactory> ExtensionFactories { @@ -183,6 +191,14 @@ namespace DotNetOpenAuth.OpenId.Provider { public ICryptoKeyStore CryptoKeyStore { get; private set; } /// <summary> + /// Gets the web request handler to use for discovery and the part of + /// authentication where direct messages are sent to an untrusted remote party. + /// </summary> + IDirectWebRequestHandler IOpenIdHost.WebRequestHandler { + get { return this.Channel.WebRequestHandler; } + } + + /// <summary> /// Gets the association store. /// </summary> internal IProviderAssociationStore AssociationStore { get; private set; } @@ -195,10 +211,10 @@ namespace DotNetOpenAuth.OpenId.Provider { } /// <summary> - /// Gets the list of services that can perform discovery on identifiers given to this relying party. + /// Gets the list of services that can perform discovery on identifiers given. /// </summary> internal IList<IIdentifierDiscoveryService> DiscoveryServices { - get { return this.RelyingParty.DiscoveryServices; } + get { return this.discoveryServices.DiscoveryServices; } } /// <summary> @@ -210,25 +226,6 @@ namespace DotNetOpenAuth.OpenId.Provider { } /// <summary> - /// Gets the relying party used for discovery of identifiers sent in unsolicited assertions. - /// </summary> - private RP.OpenIdRelyingParty RelyingParty { - get { - if (this.relyingParty == null) { - lock (this) { - if (this.relyingParty == null) { - // we just need an RP that's capable of discovery, so stateless mode is fine. - this.relyingParty = new RP.OpenIdRelyingParty(null); - } - } - } - - this.relyingParty.Channel.WebRequestHandler = this.WebRequestHandler; - return this.relyingParty; - } - } - - /// <summary> /// Gets the incoming OpenID request if there is one, or null if none was detected. /// </summary> /// <returns>The request that the hosting Provider should possibly process and then transmit the response for.</returns> @@ -445,7 +442,7 @@ namespace DotNetOpenAuth.OpenId.Provider { // and make sure that it is tied to this OP and OP local identifier. if (this.SecuritySettings.UnsolicitedAssertionVerification != ProviderSecuritySettings.UnsolicitedAssertionVerificationLevel.NeverVerify) { var serviceEndpoint = IdentifierDiscoveryResult.CreateForClaimedIdentifier(claimedIdentifier, localIdentifier, new ProviderEndpointDescription(providerEndpoint, Protocol.Default.Version), null, null); - var discoveredEndpoints = this.RelyingParty.Discover(claimedIdentifier); + var discoveredEndpoints = this.discoveryServices.Discover(claimedIdentifier); if (!discoveredEndpoints.Contains(serviceEndpoint)) { Logger.OpenId.WarnFormat( "Failed to send unsolicited assertion for {0} because its discovered services did not include this endpoint: {1}{2}{1}Discovered endpoints: {1}{3}", @@ -506,10 +503,6 @@ namespace DotNetOpenAuth.OpenId.Provider { if (channel != null) { channel.Dispose(); } - - if (this.relyingParty != null) { - this.relyingParty.Dispose(); - } } } diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs index d1f6e6c..2aa735a 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/ChannelElements/ReturnToNonceBindingElement.cs @@ -47,12 +47,6 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// </remarks> internal class ReturnToNonceBindingElement : IChannelBindingElement { /// <summary> - /// The parameter of the callback parameter we tack onto the return_to URL - /// to store the replay-detection nonce. - /// </summary> - internal const string NonceParameter = OpenIdUtilities.CustomParameterPrefix + "request_nonce"; - - /// <summary> /// The context within which return_to nonces must be unique -- they all go into the same bucket. /// </summary> private const string ReturnToNonceContext = "https://localhost/dnoa/return_to_nonce"; @@ -146,7 +140,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { // We only add a nonce to some auth requests. SignedResponseRequest request = message as SignedResponseRequest; if (this.UseRequestNonce(request)) { - request.AddReturnToArguments(NonceParameter, CustomNonce.NewNonce().Serialize()); + request.AddReturnToArguments(Protocol.ReturnToNonceParameter, CustomNonce.NewNonce().Serialize()); request.SignReturnTo = true; // a nonce without a signature is completely pointless return MessageProtections.ReplayProtection; @@ -179,7 +173,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { Logger.OpenId.Error("Incoming message is expected to have a nonce, but the return_to parameter is not signed."); } - string nonceValue = response.GetReturnToArgument(NonceParameter); + string nonceValue = response.GetReturnToArgument(Protocol.ReturnToNonceParameter); ErrorUtilities.VerifyProtocol( nonceValue != null && response.ReturnToParametersSignatureValidated, this.securitySettings.RejectUnsolicitedAssertions ? OpenIdStrings.UnsolicitedAssertionsNotAllowed : OpenIdStrings.UnsolicitedAssertionsNotAllowedFrom1xOPs); diff --git a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs index af0a47f..aa53277 100644 --- a/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs +++ b/src/DotNetOpenAuth.OpenId.RelyingParty/OpenId/RelyingParty/OpenIdRelyingParty.cs @@ -41,7 +41,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// </summary> [SuppressMessage("Microsoft.Maintainability", "CA1506:AvoidExcessiveClassCoupling", Justification = "Unavoidable")] [ContractVerification(true)] - public class OpenIdRelyingParty : IDisposable { + public class OpenIdRelyingParty : IDisposable, IOpenIdHost { /// <summary> /// The name of the key to use in the HttpApplication cache to store the /// instance of <see cref="StandardRelyingPartyApplicationStore"/> to use. @@ -54,9 +54,9 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { private readonly ObservableCollection<IRelyingPartyBehavior> behaviors = new ObservableCollection<IRelyingPartyBehavior>(); /// <summary> - /// Backing field for the <see cref="DiscoveryServices"/> property. + /// The discovery services to use for identifiers. /// </summary> - private readonly IList<IIdentifierDiscoveryService> discoveryServices = new List<IIdentifierDiscoveryService>(2); + private readonly IdentifierDiscoveryServices discoveryServices; /// <summary> /// A type initializer that ensures that another type initializer runs in order to guarantee that @@ -130,10 +130,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { this.securitySettings = OpenIdElement.Configuration.RelyingParty.SecuritySettings.CreateSecuritySettings(); - foreach (var discoveryService in OpenIdElement.Configuration.RelyingParty.DiscoveryServices.CreateInstances(true)) { - this.discoveryServices.Add(discoveryService); - } - this.behaviors.CollectionChanged += this.OnBehaviorsChanged; foreach (var behavior in OpenIdElement.Configuration.RelyingParty.Behaviors.CreateInstances(false)) { this.behaviors.Add(behavior); @@ -155,6 +151,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { this.channel = new OpenIdRelyingPartyChannel(cryptoKeyStore, nonceStore, this.SecuritySettings); this.AssociationManager = new AssociationManager(this.Channel, new CryptoKeyStoreAsRelyingPartyAssociationStore(cryptoKeyStore), this.SecuritySettings); + this.discoveryServices = new IdentifierDiscoveryServices(this); Reporting.RecordFeatureAndDependencyUse(this, cryptoKeyStore, nonceStore); } @@ -230,6 +227,13 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { } /// <summary> + /// Gets the security settings. + /// </summary> + SecuritySettings IOpenIdHost.SecuritySettings { + get { return this.SecuritySettings; } + } + + /// <summary> /// Gets or sets the optional Provider Endpoint filter to use. /// </summary> /// <remarks> @@ -283,7 +287,15 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// Gets the list of services that can perform discovery on identifiers given to this relying party. /// </summary> public IList<IIdentifierDiscoveryService> DiscoveryServices { - get { return this.discoveryServices; } + get { return this.discoveryServices.DiscoveryServices; } + } + + /// <summary> + /// Gets the web request handler to use for discovery and the part of + /// authentication where direct messages are sent to an untrusted remote party. + /// </summary> + IDirectWebRequestHandler IOpenIdHost.WebRequestHandler { + get { return this.Channel.WebRequestHandler; } } /// <summary> @@ -752,34 +764,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// <param name="identifier">The identifier to discover services for.</param> /// <returns>A non-null sequence of services discovered for the identifier.</returns> internal IEnumerable<IdentifierDiscoveryResult> Discover(Identifier identifier) { - Requires.NotNull(identifier, "identifier"); - Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); - - IEnumerable<IdentifierDiscoveryResult> results = Enumerable.Empty<IdentifierDiscoveryResult>(); - foreach (var discoverer in this.DiscoveryServices) { - bool abortDiscoveryChain; - var discoveryResults = discoverer.Discover(identifier, this.WebRequestHandler, out abortDiscoveryChain).CacheGeneratedResults(); - results = results.Concat(discoveryResults); - if (abortDiscoveryChain) { - Logger.OpenId.InfoFormat("Further discovery on '{0}' was stopped by the {1} discovery service.", identifier, discoverer.GetType().Name); - break; - } - } - - // If any OP Identifier service elements were found, we must not proceed - // to use any Claimed Identifier services, per OpenID 2.0 sections 7.3.2.2 and 11.2. - // For a discussion on this topic, see - // http://groups.google.com/group/dotnetopenid/browse_thread/thread/4b5a8c6b2210f387/5e25910e4d2252c8 - // Sometimes the IIdentifierDiscoveryService will automatically filter this for us, but - // just to be sure, we'll do it here as well. - if (!this.SecuritySettings.AllowDualPurposeIdentifiers) { - results = results.CacheGeneratedResults(); // avoid performing discovery repeatedly - var opIdentifiers = results.Where(result => result.ClaimedIdentifier == result.Protocol.ClaimedIdentifierForOPIdentifier); - var claimedIdentifiers = results.Where(result => result.ClaimedIdentifier != result.Protocol.ClaimedIdentifierForOPIdentifier); - results = opIdentifiers.Any() ? opIdentifiers : claimedIdentifiers; - } - - return results; + return this.discoveryServices.Discover(identifier); } /// <summary> diff --git a/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj b/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj index b45247b..d80b104 100644 --- a/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj +++ b/src/DotNetOpenAuth.OpenId/DotNetOpenAuth.OpenId.csproj @@ -91,6 +91,8 @@ <Compile Include="OpenId\Extensions\OpenIdExtensionsInteropHelper.cs" /> <Compile Include="OpenId\IdentifierDiscoveryResult.cs" /> <Compile Include="OpenId\IIdentifierDiscoveryService.cs" /> + <Compile Include="OpenId\IdentifierDiscoveryServices.cs" /> + <Compile Include="OpenId\IOpenIdHost.cs" /> <Compile Include="OpenId\IProviderEndpoint.cs" /> <Compile Include="OpenId\Provider\IAuthenticationRequest.cs" /> <Compile Include="OpenId\Provider\IHostProcessedRequest.cs" /> diff --git a/src/DotNetOpenAuth.OpenId/OpenId/IOpenIdHost.cs b/src/DotNetOpenAuth.OpenId/OpenId/IOpenIdHost.cs new file mode 100644 index 0000000..419cc84 --- /dev/null +++ b/src/DotNetOpenAuth.OpenId/OpenId/IOpenIdHost.cs @@ -0,0 +1,28 @@ +//----------------------------------------------------------------------- +// <copyright file="IOpenIdHost.cs" company="Outercurve Foundation"> +// Copyright (c) Outercurve Foundation. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.OpenId { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Text; + using DotNetOpenAuth.Messaging; + + /// <summary> + /// An interface implemented by both providers and relying parties. + /// </summary> + internal interface IOpenIdHost { + /// <summary> + /// Gets the security settings. + /// </summary> + SecuritySettings SecuritySettings { get; } + + /// <summary> + /// Gets the web request handler. + /// </summary> + IDirectWebRequestHandler WebRequestHandler { get; } + } +} diff --git a/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs b/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs new file mode 100644 index 0000000..6a3cfaa --- /dev/null +++ b/src/DotNetOpenAuth.OpenId/OpenId/IdentifierDiscoveryServices.cs @@ -0,0 +1,82 @@ +//----------------------------------------------------------------------- +// <copyright file="IdentifierDiscoveryServices.cs" company="Outercurve Foundation"> +// Copyright (c) Outercurve Foundation. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.OpenId { + using System.Collections.Generic; + using System.Diagnostics.Contracts; + using System.Linq; + using DotNetOpenAuth.Configuration; + using DotNetOpenAuth.Messaging; + + /// <summary> + /// A service that can perform discovery on OpenID identifiers. + /// </summary> + internal class IdentifierDiscoveryServices { + /// <summary> + /// The RP or OP that is hosting these services. + /// </summary> + private readonly IOpenIdHost host; + + /// <summary> + /// Backing field for the <see cref="DiscoveryServices"/> property. + /// </summary> + private readonly IList<IIdentifierDiscoveryService> discoveryServices = new List<IIdentifierDiscoveryService>(2); + + /// <summary> + /// Initializes a new instance of the <see cref="IdentifierDiscoveryServices"/> class. + /// </summary> + /// <param name="host">The RP or OP that creates this instance.</param> + internal IdentifierDiscoveryServices(IOpenIdHost host) { + Requires.NotNull(host, "host"); + + this.host = host; + this.discoveryServices.AddRange(OpenIdElement.Configuration.RelyingParty.DiscoveryServices.CreateInstances(true)); + } + + /// <summary> + /// Gets the list of services that can perform discovery on identifiers given. + /// </summary> + public IList<IIdentifierDiscoveryService> DiscoveryServices { + get { return this.discoveryServices; } + } + + /// <summary> + /// Performs discovery on the specified identifier. + /// </summary> + /// <param name="identifier">The identifier to discover services for.</param> + /// <returns>A non-null sequence of services discovered for the identifier.</returns> + public IEnumerable<IdentifierDiscoveryResult> Discover(Identifier identifier) { + Requires.NotNull(identifier, "identifier"); + Contract.Ensures(Contract.Result<IEnumerable<IdentifierDiscoveryResult>>() != null); + + IEnumerable<IdentifierDiscoveryResult> results = Enumerable.Empty<IdentifierDiscoveryResult>(); + foreach (var discoverer in this.DiscoveryServices) { + bool abortDiscoveryChain; + var discoveryResults = discoverer.Discover(identifier, this.host.WebRequestHandler, out abortDiscoveryChain).CacheGeneratedResults(); + results = results.Concat(discoveryResults); + if (abortDiscoveryChain) { + Logger.OpenId.InfoFormat("Further discovery on '{0}' was stopped by the {1} discovery service.", identifier, discoverer.GetType().Name); + break; + } + } + + // If any OP Identifier service elements were found, we must not proceed + // to use any Claimed Identifier services, per OpenID 2.0 sections 7.3.2.2 and 11.2. + // For a discussion on this topic, see + // http://groups.google.com/group/dotnetopenid/browse_thread/thread/4b5a8c6b2210f387/5e25910e4d2252c8 + // Sometimes the IIdentifierDiscoveryService will automatically filter this for us, but + // just to be sure, we'll do it here as well. + if (!this.host.SecuritySettings.AllowDualPurposeIdentifiers) { + results = results.CacheGeneratedResults(); // avoid performing discovery repeatedly + var opIdentifiers = results.Where(result => result.ClaimedIdentifier == result.Protocol.ClaimedIdentifierForOPIdentifier); + var claimedIdentifiers = results.Where(result => result.ClaimedIdentifier != result.Protocol.ClaimedIdentifierForOPIdentifier); + results = opIdentifiers.Any() ? opIdentifiers : claimedIdentifiers; + } + + return results; + } + } +} diff --git a/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs b/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs index c8324bd..22f5b9c 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/Protocol.cs @@ -44,6 +44,12 @@ namespace DotNetOpenAuth.OpenId { internal const string OpenId2Namespace = "http://specs.openid.net/auth/2.0"; /// <summary> + /// The parameter of the callback parameter we tack onto the return_to URL + /// to store the replay-detection nonce. + /// </summary> + internal const string ReturnToNonceParameter = OpenIdUtilities.CustomParameterPrefix + "request_nonce"; + + /// <summary> /// Scans a list for matches with some element of the OpenID protocol, /// searching from newest to oldest protocol for the first and best match. /// </summary> diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs index 7603055..77ccbca 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs @@ -121,21 +121,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { public bool RequireAssociation { get; set; } /// <summary> - /// Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers - /// should ever be recognized as claimed identifiers. - /// </summary> - /// <value> - /// The default value is <c>false</c>, per the OpenID 2.0 spec. - /// </value> - /// <remarks> - /// OpenID 2.0 sections 7.3.2.2 and 11.2 specify that OP Identifiers never be recognized as Claimed Identifiers. - /// However, for some scenarios it may be desirable for an RP to override this behavior and allow this. - /// The security ramifications of setting this property to <c>true</c> have not been fully explored and - /// therefore this setting should only be changed with caution. - /// </remarks> - public bool AllowDualPurposeIdentifiers { get; set; } - - /// <summary> /// Gets or sets a value indicating whether certain Claimed Identifiers that exploit /// features that .NET does not have the ability to send exact HTTP requests for will /// still be allowed by using an approximate HTTP request. diff --git a/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs b/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs index fb08fb6..2035c9f 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/SecuritySettings.cs @@ -68,6 +68,21 @@ namespace DotNetOpenAuth.OpenId { public int MaximumHashBitLength { get; set; } /// <summary> + /// Gets or sets a value indicating whether identifiers that are both OP Identifiers and Claimed Identifiers + /// should ever be recognized as claimed identifiers. + /// </summary> + /// <value> + /// The default value is <c>false</c>, per the OpenID 2.0 spec. + /// </value> + /// <remarks> + /// OpenID 2.0 sections 7.3.2.2 and 11.2 specify that OP Identifiers never be recognized as Claimed Identifiers. + /// However, for some scenarios it may be desirable for an RP to override this behavior and allow this. + /// The security ramifications of setting this property to <c>true</c> have not been fully explored and + /// therefore this setting should only be changed with caution. + /// </remarks> + public bool AllowDualPurposeIdentifiers { get; set; } + + /// <summary> /// Determines whether a named association fits the security requirements. /// </summary> /// <param name="protocol">The protocol carrying the association.</param> |