Merge branch 'v3.3' into v3.4

Conflicts:
	lib/DotNetOpenAuth.BuildTasks.dll
	lib/DotNetOpenAuth.BuildTasks.pdb

build.proj

@@ -97,7 +97,11 @@
 		         />
 	</Target>
 
-	<Target Name="ReSignDelaySignedAssemblies">
+	<Target Name="ReSignDelaySignedAssemblies" DependsOnTargets="BuildProduct">
+		<ItemGroup>
+			<!-- Add the resource assemblies that only just now are known to exist. -->
+			<DelaySignedAssemblies Include="$(OutputPath)**\$(ProductName).resources.dll" />
+		</ItemGroup>
 		<Message Text="Signing delay-signed assemblies using key pair container $(KeyPairContainer)." />
 		<ReSignDelaySignedAssemblies
 			KeyContainer="$(KeyPairContainer)"

projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs

@@ -31,34 +31,38 @@ public class OAuthAuthorizationManager : ServiceAuthorizationManager {
 			HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
 			Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
 			ServiceProvider sp = OAuthServiceProvider.ServiceProvider;
-			var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
-			if (auth != null) {
-				var accessToken = Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>().First(token => token.Token == auth.AccessToken);
+			try {
+				var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
+				if (auth != null) {
+					var accessToken = Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>().First(token => token.Token == auth.AccessToken);
 
-				var principal = sp.CreatePrincipal(auth);
-				var policy = new OAuthPrincipalAuthorizationPolicy(principal);
-				var policies = new List<IAuthorizationPolicy> {
-					policy,
-				};
-
-				var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
-				if (operationContext.IncomingMessageProperties.Security != null) {
-					operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
-				} else {
-					operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
-						ServiceSecurityContext = securityContext,
+					var principal = sp.CreatePrincipal(auth);
+					var policy = new OAuthPrincipalAuthorizationPolicy(principal);
+					var policies = new List<IAuthorizationPolicy> {
+						policy,
 					};
-				}
 
-				securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
-				principal.Identity,
-			};
+					var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
+					if (operationContext.IncomingMessageProperties.Security != null) {
+						operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
+					} else {
+						operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
+							ServiceSecurityContext = securityContext,
+						};
+					}
+
+					securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
+						principal.Identity,
+					};
 
-				// Only allow this method call if the access token scope permits it.
-				string[] scopes = accessToken.Scope.Split('|');
-				if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
-					return true;
+					// Only allow this method call if the access token scope permits it.
+					string[] scopes = accessToken.Scope.Split('|');
+					if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
+						return true;
+					}
 				}
+			} catch (ProtocolException /*ex*/) {
+				////Logger.Error("Error processing OAuth messages.", ex);
 			}
 
 			return false;

samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs

@@ -24,34 +24,38 @@ public class OAuthAuthorizationManager : ServiceAuthorizationManager {
 		HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
 		Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
 		ServiceProvider sp = Constants.CreateServiceProvider();
-		var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
-		if (auth != null) {
-			var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
-
-			var principal = sp.CreatePrincipal(auth);
-			var policy = new OAuthPrincipalAuthorizationPolicy(principal);
-			var policies = new List<IAuthorizationPolicy> {
-				policy,
-			};
-
-			var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
-			if (operationContext.IncomingMessageProperties.Security != null) {
-				operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
-			} else {
-				operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
-					ServiceSecurityContext = securityContext,
+		try {
+			var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
+			if (auth != null) {
+				var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
+
+				var principal = sp.CreatePrincipal(auth);
+				var policy = new OAuthPrincipalAuthorizationPolicy(principal);
+				var policies = new List<IAuthorizationPolicy> {
+					policy,
 				};
-			}
 
-			securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
-				principal.Identity,
-			};
+				var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
+				if (operationContext.IncomingMessageProperties.Security != null) {
+					operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
+				} else {
+					operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
+						ServiceSecurityContext = securityContext,
+					};
+				}
+
+				securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
+					principal.Identity,
+				};
 
-			// Only allow this method call if the access token scope permits it.
-			string[] scopes = accessToken.Scope.Split('|');
-			if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
-				return true;
+				// Only allow this method call if the access token scope permits it.
+				string[] scopes = accessToken.Scope.Split('|');
+				if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
+					return true;
+				}
 			}
+		} catch (ProtocolException ex) {
+			Global.Logger.Error("Error processing OAuth messages.", ex);
 		}
 
 		return false;

samples/OpenIdRelyingPartyWebForms/loginProgrammatic.aspx

@@ -12,5 +12,4 @@
 		Visible="False" />
 	<asp:Label ID="loginCanceledLabel" runat="server" EnableViewState="False" Text="Login canceled"
 		Visible="False" />
-	<asp:CheckBox ID="noLoginCheckBox" runat="server" Text="Extensions only (no login) -- most OPs don't yet support this" />
 </asp:Content>

src/DotNetOpenAuth.Test/Messaging/MessagingUtilitiesTests.cs

@@ -153,6 +153,7 @@ public class MessagingUtilitiesTests : TestBase {
 				Match m = Regex.Match(req.ContentType, "multipart/form-data; boundary=(.+)");
 				Assert.IsTrue(m.Success, "Content-Type HTTP header not set correctly.");
 				string boundary = m.Groups[1].Value;
+				boundary = boundary.Substring(0, boundary.IndexOf(';')); // trim off charset
 				string expectedEntity = "--{0}\r\nContent-Disposition: form-data; name=\"a\"\r\n\r\nb\r\n--{0}--\r\n";
 				expectedEntity = string.Format(expectedEntity, boundary);
 				string actualEntity = httpHandler.RequestEntityAsString;

src/DotNetOpenAuth.Test/Messaging/OutgoingWebResponseTests.cs

@@ -6,6 +6,7 @@
 
 namespace DotNetOpenAuth.Test.Messaging {
 	using System.Net;
+	using System.Net.Mime;
 	using System.Text;
 	using DotNetOpenAuth.Messaging;
 	using NUnit.Framework;
@@ -30,7 +31,8 @@ public class OutgoingWebResponseTests {
 			CollectionAssert.AreEqual(expectedBuffer, actualBuffer);
 
 			// Verify that the header was set correctly.
-			Assert.AreEqual(encoding.HeaderName, response.Headers[HttpResponseHeader.ContentEncoding]);
+			Assert.IsNull(response.Headers[HttpResponseHeader.ContentEncoding]);
+			Assert.AreEqual(encoding.HeaderName, new ContentType(response.Headers[HttpResponseHeader.ContentType]).CharSet);
 		}
 	}
 }

src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd

@@ -658,6 +658,14 @@
 								</xs:documentation>
 							</xs:annotation>
 						</xs:attribute>
+						<xs:attribute name="cacheDiscovery" type="xs:boolean">
+							<xs:annotation>
+								<xs:documentation>
+									Whether the results of identifier discovery should be cached for a short time to improve performance
+									on subsequent requests, at the potential risk of reading stale data.
+								</xs:documentation>
+							</xs:annotation>
+						</xs:attribute>
 					</xs:complexType>
 				</xs:element>
 				<xs:element name="oauth">

src/DotNetOpenAuth/Configuration/DotNetOpenAuthSection.cs

@@ -51,43 +51,70 @@ public class DotNetOpenAuthSection : ConfigurationSection {
 		/// Gets the configuration section from the .config file.
 		/// </summary>
 		public static DotNetOpenAuthSection Configuration {
-			get { return (DotNetOpenAuthSection)ConfigurationManager.GetSection(SectionName) ?? new DotNetOpenAuthSection(); }
+			get {
+				Contract.Ensures(Contract.Result<DotNetOpenAuthSection>() != null);
+				return (DotNetOpenAuthSection)ConfigurationManager.GetSection(SectionName) ?? new DotNetOpenAuthSection();
+			}
 		}
 
 		/// <summary>
 		/// Gets or sets the configuration for the messaging framework.
 		/// </summary>
 		[ConfigurationProperty(MessagingElementName)]
 		public MessagingElement Messaging {
-			get { return (MessagingElement)this[MessagingElementName] ?? new MessagingElement(); }
-			set { this[MessagingElementName] = value; }
+			get {
+				Contract.Ensures(Contract.Result<MessagingElement>() != null);
+				return (MessagingElement)this[MessagingElementName] ?? new MessagingElement();
+			}
+
+			set {
+				this[MessagingElementName] = value;
+			}
 		}
 
 		/// <summary>
 		/// Gets or sets the configuration for OpenID.
 		/// </summary>
 		[ConfigurationProperty(OpenIdElementName)]
 		internal OpenIdElement OpenId {
-			get { return (OpenIdElement)this[OpenIdElementName] ?? new OpenIdElement(); }
-			set { this[OpenIdElementName] = value; }
+			get {
+				Contract.Ensures(Contract.Result<OpenIdElement>() != null);
+				return (OpenIdElement)this[OpenIdElementName] ?? new OpenIdElement();
+			}
+
+			set {
+				this[OpenIdElementName] = value;
+			}
 		}
 
 		/// <summary>
 		/// Gets or sets the configuration for OAuth.
 		/// </summary>
 		[ConfigurationProperty(OAuthElementName)]
 		internal OAuthElement OAuth {
-			get { return (OAuthElement)this[OAuthElementName] ?? new OAuthElement(); }
-			set { this[OAuthElementName] = value; }
+			get {
+				Contract.Ensures(Contract.Result<OAuthElement>() != null);
+				return (OAuthElement)this[OAuthElementName] ?? new OAuthElement();
+			}
+
+			set {
+				this[OAuthElementName] = value;
+			}
 		}
 
 		/// <summary>
 		/// Gets or sets the configuration for reporting.
 		/// </summary>
 		[ConfigurationProperty(ReportingElementName)]
 		internal ReportingElement Reporting {
-			get { return (ReportingElement)this[ReportingElementName] ?? new ReportingElement(); }
-			set { this[ReportingElementName] = value; }
+			get {
+				Contract.Ensures(Contract.Result<ReportingElement>() != null);
+				return (ReportingElement)this[ReportingElementName] ?? new ReportingElement();
+			}
+
+			set {
+				this[ReportingElementName] = value;
+			}
 		}
 	}
 }

src/DotNetOpenAuth/Messaging/Channel.cs

@@ -16,6 +16,7 @@ namespace DotNetOpenAuth.Messaging {
 	using System.Linq;
 	using System.Net;
 	using System.Net.Cache;
+	using System.Net.Mime;
 	using System.Text;
 	using System.Threading;
 	using System.Web;
@@ -38,6 +39,13 @@ public abstract class Channel : IDisposable {
 		/// </summary>
 		protected internal const string HttpFormUrlEncoded = "application/x-www-form-urlencoded";
 
+		/// <summary>
+		/// The content-type used on HTTP POST requests where the POST entity is a
+		/// URL-encoded series of key=value pairs.
+		/// This includes the <see cref="PostEntityEncoding"/> character encoding.
+		/// </summary>
+		protected internal static readonly ContentType HttpFormUrlEncodedContentType = new ContentType(HttpFormUrlEncoded) { CharSet = PostEntityEncoding.WebName };
+
 		/// <summary>
 		/// The maximum allowable size for a 301 Redirect response before we send
 		/// a 200 OK response with a scripted form POST with the parameters instead
@@ -927,15 +935,9 @@ public TResponse Request<TResponse>(IDirectedProtocolMessage requestMessage)
 			Contract.Requires<ArgumentNullException>(httpRequest != null);
 			Contract.Requires<ArgumentNullException>(fields != null);
 
-			httpRequest.ContentType = HttpFormUrlEncoded;
-
-			// Setting the content-encoding to "utf-8" causes Google to reply
-			// with a 415 UnsupportedMediaType. But adding it doesn't buy us
-			// anything specific, so we disable it until we know how to get it right.
-			////httpRequest.Headers[HttpRequestHeader.ContentEncoding] = PostEntityEncoding.WebName;
-
 			string requestBody = MessagingUtilities.CreateQueryString(fields);
 			byte[] requestBytes = PostEntityEncoding.GetBytes(requestBody);
+			httpRequest.ContentType = HttpFormUrlEncodedContentType.ToString();
 			httpRequest.ContentLength = requestBytes.Length;
 			Stream requestStream = this.WebRequestHandler.GetRequestStream(httpRequest);
 			try {

src/DotNetOpenAuth/Messaging/HttpRequestInfo.cs

@@ -13,6 +13,7 @@ namespace DotNetOpenAuth.Messaging {
 	using System.Globalization;
 	using System.IO;
 	using System.Net;
+	using System.Net.Mime;
 	using System.ServiceModel.Channels;
 	using System.Web;
 
@@ -233,7 +234,8 @@ public class HttpRequestInfo {
 			get {
 				Contract.Ensures(Contract.Result<NameValueCollection>() != null);
 				if (this.form == null) {
-					if (this.HttpMethod == "POST" && this.Headers[HttpRequestHeader.ContentType] == Channel.HttpFormUrlEncoded) {
+					ContentType contentType = string.IsNullOrEmpty(this.Headers[HttpRequestHeader.ContentType]) ? null : new ContentType(this.Headers[HttpRequestHeader.ContentType]);
+					if (this.HttpMethod == "POST" && contentType != null && string.Equals(contentType.MediaType, Channel.HttpFormUrlEncoded, StringComparison.Ordinal)) {
 						StreamReader reader = new StreamReader(this.InputStream);
 						long originalPosition = 0;
 						if (this.InputStream.CanSeek) {

src/DotNetOpenAuth/Messaging/MessagingUtilities.cs

@@ -14,6 +14,7 @@ namespace DotNetOpenAuth.Messaging {
 	using System.IO;
 	using System.Linq;
 	using System.Net;
+	using System.Net.Mime;
 	using System.Security;
 	using System.Security.Cryptography;
 	using System.Text;
@@ -191,20 +192,19 @@ public static class MessagingUtilities {
 			string initialPartLeadingBoundary = string.Format(CultureInfo.InvariantCulture, "--{0}\r\n", boundary);
 			string partLeadingBoundary = string.Format(CultureInfo.InvariantCulture, "\r\n--{0}\r\n", boundary);
 			string finalTrailingBoundary = string.Format(CultureInfo.InvariantCulture, "\r\n--{0}--\r\n", boundary);
+			var contentType = new ContentType("multipart/form-data") {
+				Boundary = boundary,
+				CharSet = Channel.PostEntityEncoding.WebName,
+			};
 
 			request.Method = "POST";
-			request.ContentType = "multipart/form-data; boundary=" + boundary;
+			request.ContentType = contentType.ToString();
 			long contentLength = parts.Sum(p => partLeadingBoundary.Length + p.Length) + finalTrailingBoundary.Length;
 			if (parts.Any()) {
 				contentLength -= 2; // the initial part leading boundary has no leading \r\n
 			}
 			request.ContentLength = contentLength;
 
-			// Setting the content-encoding to "utf-8" causes Google to reply
-			// with a 415 UnsupportedMediaType. But adding it doesn't buy us
-			// anything specific, so we disable it until we know how to get it right.
-			////request.Headers[HttpRequestHeader.ContentEncoding] = Channel.PostEntityEncoding.WebName;
-
 			var requestStream = requestHandler.GetRequestStream(request);
 			try {
 				StreamWriter writer = new StreamWriter(requestStream, Channel.PostEntityEncoding);