Touch up on community contribution.

DotNetOpenAuth · Feb 3, 2013 · a1009c6 · a1009c6
1 parent 4ca9d9b
commit a1009c6
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs
@@ -267,12 +267,13 @@ private bool UserControlsIdentifier(IAuthenticationRequest authReq) {
 			}
 
 			Uri userLocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name);
-
-			 return authReq.LocalIdentifier.ToString().ToLowerInvariant() == userLocalIdentifier.ToString().ToLowerInvariant() 
-                            			||
-                   		authReq.LocalIdentifier.ToString().ToLowerInvariant() == PpidGeneration.PpidIdentifierProvider
-                                                                            .GetIdentifier(userLocalIdentifier, authReq.Realm)
-                                                                            .ToString().ToLowerInvariant();
+
+			// Assuming the URLs on the web server are not case sensitive (on Windows servers they almost never are),
+			// and usernames aren't either, compare the identifiers without case sensitivity.
+			// No reason to do this for the PPID identifiers though, since they *can* be case sensitive and are highly
+			// unlikely to be typed in by the user anyway.
+			return string.Equals(authReq.LocalIdentifier.ToString(), userLocalIdentifier.ToString(), StringComparison.OrdinalIgnoreCase) ||
+				authReq.LocalIdentifier == PpidGeneration.PpidIdentifierProvider.GetIdentifier(userLocalIdentifier, authReq.Realm);
 		}
 	}
 }