namespace DotNetOpenAuth.ApplicationBlock.Provider { using System; using DotNetOpenAuth.OpenId; using DotNetOpenAuth.OpenId.Provider; public static class AuthenticationRequestExtensions { ///

/// Removes all personally identifiable information from the positive assertion. ///

/// The incoming authentication request. /// The OP local identifier, before the anonymous hash is applied to it. /// The anonymous identifier provider. /// if set to true the anonymous identifier will be unique to the requesting relying party's realm. /// /// The openid.claimed_id and openid.identity values are hashed. /// public static void ScrubPersonallyIdentifiableInformation(this IAuthenticationRequest request, Identifier localIdentifier, AnonymousIdentifierProviderBase anonymousIdentifierProvider, bool pairwiseUnique) { if (request == null) { throw new ArgumentNullException("request"); } if (!request.IsDirectedIdentity) { throw new InvalidOperationException("This operation is supported only under identifier select (directed identity) scenarios."); } if (anonymousIdentifierProvider == null) { throw new ArgumentNullException("anonymousIdentifierProvider"); } if (localIdentifier == null) { throw new ArgumentNullException("localIdentifier"); } // When generating the anonymous identifiers, the openid.identity and openid.claimed_id // will always end up with matching values. var anonymousIdentifier = anonymousIdentifierProvider.GetAnonymousIdentifier(localIdentifier, pairwiseUnique ? request.Realm : null); request.ClaimedIdentifier = anonymousIdentifier; request.LocalIdentifier = anonymousIdentifier; } } }