Removed the dependency of System.Web from Kentor.AuthServices and

Kentor.AuthServices.Owin. Also the HttpModule for ASP.NET has been broken
out in its own .dll.

Kentor.AuthServices.HttpModule/CommandResultHttpExtension.cs

@@ -0,0 +1,70 @@
+using Kentor.AuthServices.WebSso;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Services;
+using System.IdentityModel.Tokens;
+using System.Linq;
+using System.Net;
+using System.Text;
+using System.Threading.Tasks;
+using System.Web;
+
+namespace Kentor.AuthServices.HttpModule
+{
+    public static class CommandResultHttpExtension
+    {
+        /// <summary>
+        /// Apply the command result to a bare HttpResponse.
+        /// </summary>
+        /// <param name="response">Http Response to write the result to.</param>
+        [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "HttpStatusCode")]
+        public static void Apply(this CommandResult commandResult, HttpResponseBase response)
+        {
+            if (response == null)
+            {
+                throw new ArgumentNullException("response");
+            }
+
+            response.Cache.SetCacheability((HttpCacheability)commandResult.Cacheability);
+
+            if (commandResult.HttpStatusCode == HttpStatusCode.SeeOther || commandResult.Location != null)
+            {
+                if (commandResult.Location == null)
+                {
+                    throw new InvalidOperationException("Missing Location on redirect.");
+                }
+                if (commandResult.HttpStatusCode != HttpStatusCode.SeeOther)
+                {
+                    throw new InvalidOperationException("Invalid HttpStatusCode for redirect, but Location is specified");
+                }
+
+                response.Redirect(commandResult.Location.OriginalString);
+            }
+            else
+            {
+                response.StatusCode = (int)commandResult.HttpStatusCode;
+                response.ContentType = commandResult.ContentType;
+                response.Write(commandResult.Content);
+
+                response.End();
+            }
+        }
+
+        /// <summary>
+        /// Establishes an application session by calling the session authentication module.
+        /// </summary>
+        [ExcludeFromCodeCoverage]
+        public static void SignInSessionAuthenticationModule(this CommandResult commandResult)
+        {
+            // Ignore this if we're not running inside IIS, e.g. in unit tests.
+            if (commandResult.Principal != null && HttpContext.Current != null)
+            {
+                var sessionToken = new SessionSecurityToken(commandResult.Principal);
+
+                FederatedAuthentication.SessionAuthenticationModule
+                    .AuthenticateSessionSecurityToken(sessionToken, true);
+            }
+        }
+    }
+}

Kentor.AuthServices.HttpModule/HttpRequestBaseExtensions.cs

@@ -0,0 +1,28 @@
+using Kentor.AuthServices.WebSso;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Web;
+
+namespace Kentor.AuthServices.HttpModule
+{
+    public static class HttpRequestBaseExtensions
+    {
+        public static HttpRequestData ToHttpRequestData(this HttpRequestBase requestBase)
+        {
+            if (requestBase == null)
+            {
+                throw new ArgumentNullException("requestBase");
+            }
+
+            return new HttpRequestData(
+                requestBase.HttpMethod,
+                requestBase.Url,
+                requestBase.ApplicationPath,
+                requestBase.Form.Cast<string>().Select((de, i) =>
+                    new KeyValuePair<string, string[]>(de, ((string)requestBase.Form[i]).Split(','))));
+        }
+    }
+}

Kentor.AuthServices.HttpModule/Kentor.AuthServices.HttpModule.csproj

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{86A588E8-2E2D-4394-9545-24D8EA939CF2}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>Kentor.AuthServices.HttpModule</RootNamespace>
+    <AssemblyName>Kentor.AuthServices.HttpModule</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.IdentityModel" />
+    <Reference Include="System.identitymodel.services" />
+    <Reference Include="System.Web" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="..\VersionInfo.cs">
+      <Link>VersionInfo.cs</Link>
+    </Compile>
+    <Compile Include="CommandResultHttpExtension.cs" />
+    <Compile Include="HttpRequestBaseExtensions.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Saml2AuthenticationModule.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Kentor.AuthServices\Kentor.AuthServices.csproj">
+      <Project>{93ba675e-a159-4701-b68b-c4b81015c556}</Project>
+      <Name>Kentor.AuthServices</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <CodeAnalysisDictionary Include="..\CustomDictionary.xml">
+      <Link>CustomDictionary.xml</Link>
+    </CodeAnalysisDictionary>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>

Kentor.AuthServices/Saml2AuthenticationModule.cs → Kentor.AuthServices.HttpModule/Saml2AuthenticationModule.cs

@@ -8,7 +8,7 @@
 using System.Net;
 using System.Web;
 
-namespace Kentor.AuthServices
+namespace Kentor.AuthServices.HttpModule
 {
     /// <summary>
     /// Http Module for SAML2 authentication. The module hijacks the 
@@ -61,8 +61,8 @@ private static CommandResult RunCommand(HttpApplication application, ICommand co
         {
             try
             {
-                return command.Run(new HttpRequestData(
-                    new HttpRequestWrapper(application.Request)),
+                return command.Run(
+                    new HttpRequestWrapper(application.Request).ToHttpRequestData(),
                     Options.FromConfiguration);
             }
             catch (AuthServicesException)

Kentor.AuthServices.HttpModule/properties/AssemblyInfo.cs

@@ -0,0 +1,23 @@
+using System;
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following 
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Kentor.AuthServices.HttpModule")]
+[assembly: AssemblyDescription("SAML2 Authentication for ASP.NET")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyProduct("Kentor.AuthServices.HttpModule")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible 
+// to COM components.  If you need to access a type in this assembly from 
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("5466be68-ecee-4495-96e9-ee3a8ae14987")]
+
+[assembly: CLSCompliant(true)]

Kentor.AuthServices.Mvc/AuthServicesController.cs

@@ -41,7 +41,7 @@ public static IOptions Options {
         public ActionResult SignIn()
         {
             return CommandFactory.GetCommand(CommandFactory.SignInCommandName).Run(
-                new HttpRequestData(Request),
+                Request.ToHttpRequestData(),
                 Options)
                 .ToActionResult();
         }
@@ -56,7 +56,7 @@ public ActionResult SignIn()
         public ActionResult Acs()
         {
             var result = CommandFactory.GetCommand(CommandFactory.AcsCommandName).Run(
-                new HttpRequestData(Request),
+                Request.ToHttpRequestData(),
                 Options);
 
             result.SignInSessionAuthenticationModule();
@@ -80,7 +80,7 @@ public ActionResult SignOut()
         public ActionResult Index()
         {
             var result = CommandFactory.GetCommand(CommandFactory.MetadataCommand).Run(
-                new HttpRequestData(Request),
+                Request.ToHttpRequestData(),
                 Options);
             return result.ToActionResult();
         }

Kentor.AuthServices.Mvc/CommandResultExtensions.cs

@@ -1,10 +1,14 @@
 using Kentor.AuthServices.WebSso;
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
+using System.IdentityModel.Services;
+using System.IdentityModel.Tokens;
 using System.Linq;
 using System.Net;
 using System.Text;
 using System.Threading.Tasks;
+using System.Web;
 using System.Web.Mvc;
 
 namespace Kentor.AuthServices.Mvc
@@ -50,5 +54,25 @@ public static ActionResult ToActionResult(this CommandResult commandResult)
                     throw new NotImplementedException();
             }
         }
+
+        /// <summary>
+        /// Establishes an application session by calling the session authentication module.
+        /// </summary>
+        [ExcludeFromCodeCoverage]
+        public static void SignInSessionAuthenticationModule(this CommandResult commandResult)
+        {
+            if (commandResult == null)
+            {
+                throw new ArgumentNullException("commandResult");
+            }
+            // Ignore this if we're not running inside IIS, e.g. in unit tests.
+            if (commandResult.Principal != null && HttpContext.Current != null)
+            {
+                var sessionToken = new SessionSecurityToken(commandResult.Principal);
+
+                FederatedAuthentication.SessionAuthenticationModule
+                    .AuthenticateSessionSecurityToken(sessionToken, true);
+            }
+        }
     }
 }

Kentor.AuthServices.Mvc/HttpRequestBaseExtensions.cs

@@ -0,0 +1,36 @@
+using Kentor.AuthServices.WebSso;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Web;
+
+namespace Kentor.AuthServices.Mvc
+{
+    /// <summary>
+    /// Static class that hold extension methods for <see cref="HttpRequestBase"/>.
+    /// </summary>
+    public static class HttpRequestBaseExtensions
+    {
+        /// <summary>
+        /// Extension method to convert a HttpRequestBase to a HttpRequestData.
+        /// </summary>
+        /// <param name="requestBase">The request object used to populate the <c>HttpRequestData</c>.</param>
+        /// <returns>The <c>HttpRequestData</c> object that has been populated by the request.</returns>
+        public static HttpRequestData ToHttpRequestData(this HttpRequestBase requestBase)
+        {
+            if (requestBase == null)
+            {
+                throw new ArgumentNullException("requestBase");
+            }
+
+            return new HttpRequestData(
+                requestBase.HttpMethod,
+                requestBase.Url,
+                requestBase.ApplicationPath,
+                requestBase.Form.Cast<string>().Select((de, i) =>
+                    new KeyValuePair<string, string[]>(de, ((string)requestBase.Form[i]).Split(','))));
+        }
+    }
+}

Kentor.AuthServices.Mvc/Kentor.AuthServices.Mvc.csproj

@@ -79,6 +79,7 @@
     </Compile>
     <Compile Include="AuthServicesController.cs" />
     <Compile Include="CommandResultExtensions.cs" />
+    <Compile Include="HttpRequestBaseExtensions.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
   </ItemGroup>
   <ItemGroup>

Kentor.AuthServices.Owin/Kentor.AuthServices.Owin.csproj

@@ -49,7 +49,7 @@
     <Reference Include="System.Configuration" />
     <Reference Include="System.Core" />
     <Reference Include="System.IdentityModel" />
-    <Reference Include="System.Web" />
+    <Reference Include="System.identitymodel.services" />
     <Reference Include="System.Xml.Linq" />
     <Reference Include="System.Data.DataSetExtensions" />
     <Reference Include="Microsoft.CSharp" />

Kentor.AuthServices.Owin/KentorAuthServicesAuthenticationOptions.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
+using System.IdentityModel.Configuration;
 using System.IdentityModel.Metadata;
 using System.Linq;
 using System.Text;
@@ -33,6 +34,11 @@ public KentorAuthServicesAuthenticationOptions(bool loadConfiguration)
                 SPOptions = KentorAuthServicesSection.Current;
                 KentorAuthServicesSection.Current.IdentityProviders.RegisterIdentityProviders(this);
                 KentorAuthServicesSection.Current.Federations.RegisterFederations(this);
+
+                // Load the federation configuration section from config.
+                FederationIdentityConfiguration federationIdentity = new FederationIdentityConfiguration();
+                federationIdentity.FromConfiguration();
+                FederationIdentityConfiguration(federationIdentity);
             }
         }
 
@@ -75,5 +81,23 @@ public string Caption
                 Description.Caption = value;
             }
         }
+
+        private void FederationIdentityConfiguration(FederationIdentityConfiguration identity)
+        {
+            federationIdentityConfiguration = identity;
+        }
+
+        /// <summary>
+        /// The federation identity configuration. 
+        /// </summary>
+        public IdentityConfiguration IdentityConfiguration
+        {
+            get
+            {
+                return federationIdentityConfiguration.IdentityConfiguration;
+            }
+        }
+
+        private FederationIdentityConfiguration federationIdentityConfiguration;
     }
 }

Kentor.AuthServices.StubIdp/Controllers/HomeController.cs

@@ -23,7 +23,7 @@ public ActionResult Index()
             var model = AssertionModel.CreateFromConfiguration();
 
             var decodedXmlData = Saml2Binding.Get(Saml2BindingType.HttpRedirect)
-                .Unbind(new HttpRequestData(Request));
+                .Unbind(Request.ToHttpRequestData());
 
             var request = Saml2AuthenticationRequest.Read(decodedXmlData);