using System; using System.Collections.Generic; using System.Text; namespace DotNetOpenId.RelyingParty { /// /// Security settings that are applicable to relying parties. /// public sealed class RelyingPartySecuritySettings : SecuritySettings { internal RelyingPartySecuritySettings() : base(false) { } private bool requireSsl; /// /// Gets/sets whether the entire pipeline from Identifier discovery to Provider redirect /// is guaranteed to be encrypted using HTTPS for authentication to succeed. /// /// /// Setting this property to true is appropriate for RPs with highly sensitive /// personal information behind the authentication (money management, health records, etc.) /// When set to true, some behavioral changes and additional restrictions are placed: /// /// User-supplied identifiers lacking a scheme are prepended with /// HTTPS:// rather than the standard HTTP:// automatically. /// User-supplied identifiers are not allowed to use HTTP for the scheme. /// All redirects during discovery on the user-supplied identifier must be HTTPS. /// Any XRDS file found by discovery on the User-supplied identifier must be protected using HTTPS. /// Only Provider endpoints found at HTTPS URLs will be considered. /// If the discovered identifier is an OP Identifier (directed identity), the /// Claimed Identifier eventually asserted by the Provider must be an HTTPS identifier. /// In the case of an unsolicited assertion, the asserted Identifier, discovery on it and /// the asserting provider endpoint must all be secured by HTTPS. /// /// Although the first redirect from this relying party to the Provider is required /// to use HTTPS, any additional redirects within the Provider cannot be protected and MAY /// revert the user's connection to HTTP, based on individual Provider implementation. /// There is nothing that the RP can do to detect or prevent this. /// /// An is thrown when a secure pipeline cannot be established. /// /// public bool RequireSsl { get { return requireSsl; } set { if (requireSsl == value) return; requireSsl = value; OnRequireSslChanged(); } } internal event EventHandler RequireSslChanged; /// /// Fires the event. /// void OnRequireSslChanged() { EventHandler requireSslChanged = RequireSslChanged; if (requireSslChanged != null) { requireSslChanged(this, new EventArgs()); } } /// /// Gets/sets the oldest version of OpenID the remote party is allowed to implement. /// /// Defaults to public ProtocolVersion MinimumRequiredOpenIdVersion { get; set; } } }