* minor changes (like an [em] BBcode)

* Trying to use OAuth2 Google Login

web/Web.config

@@ -25,15 +25,39 @@ http://msdn2.microsoft.com/en-us/library/b5ysx397.aspx
       <section name="catalog" type="SalesCatalog.Configuration.CatalogProvidersConfigurationSection, SalesCatalog" allowLocation="true" requirePermission="false" allowDefinition="Everywhere" />
       <section name="workflow" type="Yavsc.Model.WorkFlow.Configuration.WorkflowConfiguration, YavscModel" allowLocation="true" requirePermission="false" allowDefinition="Everywhere" />
     </sectionGroup>
+    <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
+      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
+      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
+      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
+    </sectionGroup>
+    <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">
+      <section name="messaging" type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
+      <section name="reporting" type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core" requirePermission="false" allowLocation="true" />
+      <section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement, DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
+      <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
+    </sectionGroup>
   </configSections>
-  <!-- <runtime>
+  <runtime>
+    <!-- 
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
         <assemblyIdentity name="System.Web.Extensions" culture="neutral" publicKeyToken="31bf3856ad364e35" />
         <bindingRedirect oldVersion="3.5.0.0" newVersion="4.0.0.0" />
       </dependentAssembly>
     </assemblyBinding>
-  </runtime> -->
+   -->
+    <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->
+    <legacyHMACWarning enabled="0" />
+    <!-- When targeting ASP.NET MVC 3, this assemblyBinding makes MVC 1 and 2 references relink
+		     to MVC 3 so libraries such as DotNetOpenAuth that compile against MVC 1 will work with it.
+  -->
+    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
+      <dependentAssembly>
+        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
+        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
+      </dependentAssembly>
+    </assemblyBinding>
+  </runtime>
   <system.web>
     <!-- 
 		    Set compilation debug="true" to insert debugging 
@@ -108,7 +132,7 @@ http://msdn2.microsoft.com/en-us/library/b5ysx397.aspx
     </httpModules>
     <httpRuntime maxRequestLength="52428800" />
     <trace enabled="false" localOnly="true" pageOutput="false" requestLimit="10" traceMode="SortByTime" />
-    <globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="auto" uiCulture="auto" enableClientBasedCulture="true"/>
+    <globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="auto" uiCulture="auto" enableClientBasedCulture="true" />
     <membership defaultProvider="NpgsqlMembershipProvider" userIsOnlineTimeWindow="1">
       <providers>
         <clear />
@@ -207,12 +231,55 @@ http://msdn2.microsoft.com/en-us/library/b5ysx397.aspx
     </providers>
   </catalog>
   <system.net>
+    <!-- not supported:  <defaultProxy enabled="true" /> -->
+    <settings>
+      <!-- This setting causes .NET to check certificate revocation lists (CRL) 
+			     before trusting HTTPS certificates.  But this setting tends to not 
+			     be allowed in shared hosting environments. -->
+      <!--<servicePointManager checkCertificateRevocationList="true"/>-->
+    </settings>
     <mailSettings>
       <smtp deliveryMethod="network" from="paulschneider@free.fr">
         <network host="smtp.free.fr" port="25" defaultCredentials="false" />
       </smtp>
     </mailSettings>
   </system.net>
+  <dotNetOpenAuth>
+    <messaging>
+      <untrustedWebRequest>
+        <whitelistHosts>
+          <!-- Uncomment to enable communication with localhost (should generally not activate in production!) -->
+          <!--<add name="localhost" />-->
+        </whitelistHosts>
+      </untrustedWebRequest>
+    </messaging>
+    <!-- Allow DotNetOpenAuth to publish usage statistics to library authors to improve the library. -->
+    <reporting enabled="true" />
+    <!-- This is an optional configuration section where aspects of dotnetopenauth can be customized. -->
+    <!-- For a complete set of configuration options see http://www.dotnetopenauth.net/developers/code-snippets/configuration-options/ -->
+    <openid>
+      <relyingParty>
+        <security requireSsl="false">
+          <!-- Uncomment the trustedProviders tag if your relying party should only accept positive assertions from a closed set of OpenID Providers. -->
+          <!--<trustedProviders rejectAssertionsFromUntrustedProviders="true">
+						<add endpoint="https://www.google.com/accounts/o8/ud" />
+					</trustedProviders>-->
+        </security>
+        <behaviors>
+          <!-- The following OPTIONAL behavior allows RPs to use SREG only, but be compatible
+					     with OPs that use Attribute Exchange (in various formats). -->
+          <add type="DotNetOpenAuth.OpenId.RelyingParty.Behaviors.AXFetchAsSregTransform, DotNetOpenAuth.OpenId.RelyingParty" />
+        </behaviors>
+      </relyingParty>
+    </openid>
+  </dotNetOpenAuth>
+  <uri>
+    <!-- The uri section is necessary to turn on .NET 3.5 support for IDN (international domain names),
+		     which is necessary for OpenID urls with unicode characters in the domain/host name.
+		     It is also required to put the Uri class into RFC 3986 escaping mode, which OpenID and OAuth require. -->
+    <idn enabled="All" />
+    <iriParsing enabled="true" />
+  </uri>
   <authentication mode="Forms">
     <forms loginUrl="~/Account/Login" timeout="30" name=".ASPXFORM$" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="Index.aspx" enableCrossAppRedirects="false" />
   </authentication>
@@ -227,7 +294,7 @@ http://msdn2.microsoft.com/en-us/library/b5ysx397.aspx
     <add key="Name" value="Psc" />
     <add key="DefaultAvatar" value="/images/noavatar.png;image/png" />
     <add key="RegistrationMessage" value="/RegistrationMail.txt" />
-    <add key="ClientValidationEnabled" value="true"/> 
-    <add key="UnobtrusiveJavaScriptEnabled" value="true"/> 
+    <add key="ClientValidationEnabled" value="true" />
+    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
   </appSettings>
 </configuration>