blob: b2e5092f44f14857684c7fe5e9e888e121cde6c1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
<sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true"/>
<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true"/>
<section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true"/>
<section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true"/>
</sectionGroup>
</configSections>
<!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
which is necessary for OpenID urls with unicode characters in the domain/host name.
It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
<uri>
<idn enabled="All"/>
<iriParsing enabled="true"/>
</uri>
<dotNetOpenAuth>
<!-- The values here are carefully chosen to be somewhat weird so that tests can be
reasonably confident that if the values are the weird ones here that they did
indeed come from the config file and not from a programmatic default. -->
<messaging>
<untrustedWebRequest timeout="01:23:45" readWriteTimeout="01:23:56" maximumBytesToRead="500001" maximumRedirections="9">
<whitelistHosts>
<add name="evilButTrusted"/>
<add name="localhost"/>
</whitelistHosts>
<whitelistHostsRegex>
<add name=".+trusted.+"/>
</whitelistHostsRegex>
<blacklistHosts>
<add name="positivelyevil"/>
</blacklistHosts>
<blacklistHostsRegex>
<add name=".+veryevil.+"/>
</blacklistHostsRegex>
</untrustedWebRequest>
</messaging>
<openid maxAuthenticationTime="00:08:17">
<relyingParty>
<!--<store type=""/>-->
<security minimumRequiredOpenIdVersion="V10" minimumHashBitLength="6" maximumHashBitLength="301" requireSsl="false"/>
</relyingParty>
<provider>
<!--<store type=""/>-->
<security protectDownlevelReplayAttacks="true" minimumHashBitLength="7" maximumHashBitLength="302">
<associations>
<add type="HMAC-SHA1" lifetime="2.00:00:02"/>
<add type="HMAC-SHA256" lifetime="14.00:00:14"/>
</associations>
</security>
</provider>
</openid>
<!-- We definitely do NOT want to report on events that happen while running tests. -->
<reporting enabled="false"/>
</dotNetOpenAuth>
<system.diagnostics>
<assert assertuienabled="false"/>
</system.diagnostics>
</configuration>
|
