1 <?xml version="1.0" encoding="utf-8" ?>
4 <section name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth"/>
7 <!-- The values here are carefully chosen to be somewhat weird so that tests can be
8 reasonably confident that if the values are the weird ones here that they did
9 indeed come from the config file and not from a programmatic default. -->
11 <untrustedWebRequest timeout="01:23:45" readWriteTimeout="01:23:56" maximumBytesToRead="500001" maximumRedirections="9">
13 <add name="evilButTrusted"/>
16 <add name=".+trusted.+"/>
17 </whitelistHostsRegex>
19 <add name="positivelyevil"/>
22 <add name=".+veryevil.+"/>
23 </blacklistHostsRegex>
24 </untrustedWebRequest>
26 <openid maxAuthenticationTime="8:17">
28 <!--<store type=""/>-->
29 <security minimumRequiredOpenIdVersion="V10" minimumHashBitLength="6" maximumHashBitLength="301" requireSsl="false"/>
32 <!--<store type=""/>-->
33 <security protectDownlevelReplayAttacks="false" minimumHashBitLength="7" maximumHashBitLength="302">
35 <add type="HMAC-SHA1" lifetime="2.00:00:02" />
36 <add type="HMAC-SHA256" lifetime="14.00:00:14" />