samples/OpenIdWebRingSsoProvider/Web.config


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

<?xml version="1.0"?>
<configuration>
	<configSections>
		<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false"/>
		<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
			<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
			<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
			<section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
			<section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
		</sectionGroup>
	</configSections>

	<!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
	     which is necessary for OpenID urls with unicode characters in the domain/host name. 
	     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
	<uri>
		<idn enabled="All"/>
		<iriParsing enabled="true"/>
	</uri>

	<system.net>
		<defaultProxy enabled="true" />
		<settings>
			<!-- This setting causes .NET to check certificate revocation lists (CRL) 
			     before trusting HTTPS certificates.  But this setting tends to not 
			     be allowed in shared hosting environments. -->
			<!--<servicePointManager checkCertificateRevocationList="true"/>-->
		</settings>
	</system.net>

	<!-- this is an optional configuration section where aspects of DotNetOpenAuth can be customized -->
	<dotNetOpenAuth>
		<openid>
			<provider>
				<security requireSsl="false" />
				<behaviors>
					<!-- Behaviors activate themselves automatically for individual matching requests. 
					     The first one in this list to match an incoming request "owns" the request.  If no
					     profile matches, the default behavior is assumed. -->
					<!--<add type="DotNetOpenAuth.OpenId.Provider.Behaviors.PpidGeneration, DotNetOpenAuth.OpenId.Provider" />-->
				</behaviors>
			</provider>
		</openid>
		<messaging>
			<untrustedWebRequest>
				<whitelistHosts>
					<!-- since this is a sample, and will often be used with localhost -->
					<add name="localhost"/>
				</whitelistHosts>
			</untrustedWebRequest>
		</messaging>
		<!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
		<reporting enabled="true" />
	</dotNetOpenAuth>

	<appSettings>
		<add key="whitelistedRealms" value="http://localhost:39165/;http://othertrustedrealm/"/>
		<!-- Set ImplicitAuth to true when using Windows auth, or false for FormsAuthentication -->
		<add key="ImplicitAuth" value="true"/>

		<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
	</appSettings>
	<connectionStrings/>

	<system.web>
		<httpRuntime targetFramework="4.5" />
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
		<compilation debug="false" targetFramework="4.0" />
		<!-- this sample-only provider uses the hard-coded list of users in the App_Data\Users.xml file -->
		<membership defaultProvider="AspNetReadOnlyXmlMembershipProvider">
			<providers>
				<clear/>
				<add name="AspNetReadOnlyXmlMembershipProvider" type="OpenIdWebRingSsoProvider.Code.ReadOnlyXmlMembershipProvider" description="Read-only XML membership provider" xmlFileName="~/App_Data/Users.xml"/>
			</providers>
		</membership>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
		<authentication mode="Windows" />
		<!--<authentication mode="Forms">
			--><!-- named cookie prevents conflicts with other samples --><!--
			<forms name="OpenIDWebRingSsoProvider"/>
		</authentication>-->
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
		<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
	</system.web>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<modules runAllManagedModulesForAllRequests="true"/>
	</system.webServer>
</configuration>