1
//-----------------------------------------------------------------------
2 // <copyright file="ProviderSecuritySettings.cs" company="Andrew Arnott">
3 // Copyright (c) Andrew Arnott. All rights reserved.
5 //-----------------------------------------------------------------------
7 namespace DotNetOpenAuth
.OpenId
.Provider
{
9 using System
.Collections
.Generic
;
10 using DotNetOpenAuth
.Messaging
;
13 /// Security settings that are applicable to providers.
15 public sealed class ProviderSecuritySettings
: SecuritySettings
{
17 /// The subset of association types and their customized lifetimes.
19 private IDictionary
<string, TimeSpan
> associationLifetimes
= new Dictionary
<string, TimeSpan
>();
22 /// Initializes a new instance of the <see cref="ProviderSecuritySettings"/> class.
24 internal ProviderSecuritySettings()
26 this.SignOutgoingExtensions
= true;
30 /// Gets a subset of the available association types and their
31 /// customized maximum lifetimes.
33 public IDictionary
<string, TimeSpan
> AssociationLifetimes
{
34 get { return this.associationLifetimes; }
38 /// Gets or sets a value indicating whether OpenID 1.x relying parties that may not be
39 /// protecting their users from replay attacks are protected from
40 /// replay attacks by this provider.
41 /// *** This property is a placeholder for a feature that has not been written yet. ***
44 /// <para>Nonces for protection against replay attacks were not mandated
45 /// by OpenID 1.x, which leaves users open to replay attacks.</para>
46 /// <para>This feature works by preventing associations from being formed
47 /// with OpenID 1.x relying parties, thereby forcing them into
48 /// "dumb" mode and verifying every claim with this provider.
49 /// This gives the provider an opportunity to verify its own nonce
50 /// to protect against replay attacks.</para>
52 internal bool ProtectDownlevelReplayAttacks { get; set; }
55 /// Gets or sets a value indicating whether outgoing extensions are always signed.
58 /// <c>true</c> if outgoing extensions should be signed; otherwise, <c>false</c>.
59 /// The default is <c>true</c>.
62 /// This property is internal because Providers should never turn it off, but it is
63 /// needed for testing the RP's rejection of unsigned extensions.
65 internal bool SignOutgoingExtensions { get; set; }