W.I.P.

* Initial migration and reference to DNOA Nuget packages (From teamcity.dotnetopenauth.net)
* Awaiting fix to DotNetOpenAuth.OpenIdOAuth.nuspec in order to complete migration.

5 files changed, 267 insertions, 0 deletions

diff --git a/src/OAuth/OAuthResourceServer/Code/Global.cs b/src/OAuth/OAuthResourceServer/Code/Global.cs
new file mode 100644
index 0000000..a48baff
--- /dev/null
+++ b/src/OAuth/OAuthResourceServer/Code/Global.cs
@@ -0,0 +1,106 @@
+namespace OAuthResourceServer.Code {
+	using System;
+	using System.Linq;
+	using System.Security.Cryptography;
+	using System.ServiceModel;
+	using System.Text;
+	using System.Web;
+	using DotNetOpenAuth.OAuth2;
+	using DotNetOpenAuth.OAuth2.Messages;
+
+	/// <summary>
+	/// The web application global events and properties.
+	/// </summary>
+	public class Global : HttpApplication {
+#if SAMPLESONLY
+		/// <summary>
+		/// The FOR SAMPLE ONLY hard-coded public key of the authorization server that is used to verify the signature on access tokens.
+		/// </summary>
+		/// <remarks>
+		/// In a real app, the authorization server public key would likely come from the server's HTTPS certificate,
+		/// but in any case would be determined by the authorization server and its policies.
+		/// The hard-coded value used here is so this sample works well with the OAuthAuthorizationServer sample,
+		/// which has the corresponding sample private key. 
+		/// </remarks>
+		public static readonly RSAParameters AuthorizationServerSigningPublicKey = new RSAParameters {
+			Exponent = new byte[] { 1, 0, 1 },
+			Modulus = new byte[] { 210, 95, 53, 12, 203, 114, 150, 23, 23, 88, 4, 200, 47, 219, 73, 54, 146, 253, 126, 121, 105, 91, 118, 217, 182, 167, 140, 6, 67, 112, 97, 183, 66, 112, 245, 103, 136, 222, 205, 28, 196, 45, 6, 223, 192, 76, 56, 180, 90, 120, 144, 19, 31, 193, 37, 129, 186, 214, 36, 53, 204, 53, 108, 133, 112, 17, 133, 244, 3, 12, 230, 29, 243, 51, 79, 253, 10, 111, 185, 23, 74, 230, 99, 94, 78, 49, 209, 39, 95, 213, 248, 212, 22, 4, 222, 145, 77, 190, 136, 230, 134, 70, 228, 241, 194, 216, 163, 234, 52, 1, 64, 181, 139, 128, 90, 255, 214, 60, 168, 233, 254, 110, 31, 102, 58, 67, 201, 33 },
+		};
+#else
+		[Obsolete("You must use a real key for a real app.", true)]
+		public static readonly RSAParameters AuthorizationServerSigningPublicKey = new RSAParameters();
+#endif
+
+		/// <summary>
+		/// An application memory cache of recent log messages.
+		/// </summary>
+		public static StringBuilder LogMessages = new StringBuilder();
+
+		/// <summary>
+		/// The logger for this sample to use.
+		/// </summary>
+		public static log4net.ILog Logger = log4net.LogManager.GetLogger("DotNetOpenAuth.OAuthResourceServer");
+
+#if SAMPLESONLY
+		/// <summary>
+		/// The FOR SAMPLE ONLY hard-coded private key used to decrypt access tokens intended for this resource server.
+		/// </summary>
+		/// <remarks>
+		/// In a real app, the resource server would likely use its own HTTPS certificate or some other certificate stored securely
+		/// on the server rather than hard-coded in compiled code for security and ease of changing the certificate in case it was compromised.
+		/// </remarks>
+		internal static readonly RSAParameters ResourceServerEncryptionPrivateKey = new RSAParameters {
+			Exponent = new byte[] { 1, 0, 1 },
+			Modulus = new byte[] { 166, 175, 117, 169, 211, 251, 45, 215, 55, 53, 202, 65, 153, 155, 92, 219, 235, 243, 61, 170, 101, 250, 221, 214, 239, 175, 238, 175, 239, 20, 144, 72, 227, 221, 4, 219, 32, 225, 101, 96, 18, 33, 117, 176, 110, 123, 109, 23, 29, 85, 93, 50, 129, 163, 113, 57, 122, 212, 141, 145, 17, 31, 67, 165, 181, 91, 117, 23, 138, 251, 198, 132, 188, 213, 10, 157, 116, 229, 48, 168, 8, 127, 28, 156, 239, 124, 117, 36, 232, 100, 222, 23, 52, 186, 239, 5, 63, 207, 185, 16, 137, 73, 137, 147, 252, 71, 9, 239, 113, 27, 88, 255, 91, 56, 192, 142, 210, 21, 34, 81, 204, 239, 57, 60, 140, 249, 15, 101 },
+			P = new byte[] { 227, 25, 96, 71, 220, 99, 11, 55, 15, 241, 153, 20, 32, 213, 68, 127, 246, 162, 153, 204, 98, 26, 10, 99, 46, 189, 35, 18, 162, 180, 184, 134, 230, 198, 156, 87, 52, 174, 74, 155, 163, 204, 252, 51, 232, 189, 135, 172, 88, 24, 52, 174, 72, 157, 81, 90, 118, 59, 142, 154, 152, 201, 62, 177 },
+			Q = new byte[] { 187, 229, 223, 233, 118, 20, 5, 251, 85, 8, 196, 3, 220, 232, 38, 159, 15, 95, 174, 162, 36, 13, 138, 239, 16, 85, 220, 104, 4, 162, 174, 160, 234, 133, 156, 33, 117, 139, 22, 112, 108, 214, 97, 178, 100, 191, 13, 177, 164, 30, 124, 48, 33, 118, 21, 137, 38, 59, 191, 13, 183, 5, 16, 245 },
+			DP = new byte[] { 225, 112, 117, 117, 160, 191, 233, 136, 53, 153, 158, 94, 174, 225, 71, 104, 200, 75, 77, 229, 232, 148, 245, 46, 212, 93, 9, 142, 28, 90, 206, 187, 140, 40, 41, 87, 32, 130, 204, 169, 136, 135, 154, 237, 100, 227, 144, 229, 115, 102, 68, 21, 167, 28, 20, 128, 122, 210, 80, 148, 3, 139, 243, 97 },
+			DQ = new byte[] { 133, 252, 100, 207, 232, 184, 92, 143, 157, 82, 115, 220, 65, 81, 118, 0, 228, 136, 153, 81, 219, 157, 160, 157, 218, 171, 47, 81, 41, 69, 12, 123, 136, 224, 159, 182, 40, 72, 119, 70, 210, 5, 137, 131, 25, 94, 55, 152, 157, 236, 115, 40, 43, 36, 54, 53, 39, 131, 97, 56, 153, 114, 206, 101 },
+			InverseQ = new byte[] { 129, 119, 84, 118, 29, 35, 194, 186, 96, 169, 7, 7, 200, 22, 187, 34, 72, 131, 200, 246, 79, 120, 49, 242, 8, 220, 74, 114, 195, 95, 90, 108, 80, 2, 212, 71, 125, 100, 184, 77, 203, 236, 64, 122, 108, 212, 150, 129, 66, 248, 218, 3, 186, 71, 213, 236, 142, 66, 33, 196, 150, 216, 138, 114 },
+			D = new byte[] { 94, 20, 94, 119, 18, 92, 141, 13, 17, 238, 92, 80, 22, 96, 232, 82, 128, 164, 115, 195, 191, 119, 142, 202, 135, 210, 103, 8, 10, 11, 51, 60, 208, 207, 168, 179, 253, 164, 250, 80, 245, 42, 201, 128, 97, 123, 108, 161, 69, 63, 47, 49, 24, 150, 165, 139, 105, 214, 154, 104, 172, 159, 86, 208, 64, 134, 158, 156, 234, 125, 140, 210, 3, 32, 60, 28, 62, 154, 198, 21, 132, 191, 236, 10, 158, 12, 247, 159, 177, 77, 178, 53, 238, 95, 165, 9, 200, 28, 148, 242, 35, 70, 189, 121, 169, 248, 97, 91, 111, 45, 103, 1, 167, 220, 67, 250, 175, 89, 122, 238, 192, 144, 142, 248, 198, 101, 96, 129 },
+		};
+#else
+		[Obsolete("You must use a real key for a real app.", true)]
+		internal static readonly RSAParameters ResourceServerEncryptionPrivateKey = new RSAParameters();
+#endif
+
+		/// <summary>
+		/// Creates the crypto service provider for this resource server that contains the private key used to decrypt an access token.
+		/// </summary>
+		/// <returns>An RSA crypto service provider.</returns>
+		internal static RSACryptoServiceProvider CreateResourceServerEncryptionServiceProvider() {
+			var resourceServerEncryptionServiceProvider = new RSACryptoServiceProvider();
+			resourceServerEncryptionServiceProvider.ImportParameters(ResourceServerEncryptionPrivateKey);
+			return resourceServerEncryptionServiceProvider;
+		}
+
+		/// <summary>
+		/// Creates the crypto service provider for the authorization server that contains the public key used to verify an access token signature.
+		/// </summary>
+		/// <returns>An RSA crypto service provider.</returns>
+		internal static RSACryptoServiceProvider CreateAuthorizationServerSigningServiceProvider() {
+			var authorizationServerSigningServiceProvider = new RSACryptoServiceProvider();
+			authorizationServerSigningServiceProvider.ImportParameters(AuthorizationServerSigningPublicKey);
+			return authorizationServerSigningServiceProvider;
+		}
+
+		private void Application_Start(object sender, EventArgs e) {
+			log4net.Config.XmlConfigurator.Configure();
+			Logger.Info("Sample starting...");
+		}
+
+		private void Application_End(object sender, EventArgs e) {
+			Logger.Info("Sample shutting down...");
+
+			// this would be automatic, but in partial trust scenarios it is not.
+			log4net.LogManager.Shutdown();
+		}
+
+		private void Application_Error(object sender, EventArgs e) {
+			Logger.Error("An unhandled exception occurred in ASP.NET processing: " + Server.GetLastError(), Server.GetLastError());
+		}
+
+		private void Application_EndRequest(object sender, EventArgs e) {
+		}
+	}
+}
\ No newline at end of file
diff --git a/src/OAuth/OAuthResourceServer/Code/IDataApi.cs b/src/OAuth/OAuthResourceServer/Code/IDataApi.cs
new file mode 100644
index 0000000..7ba189d
--- /dev/null
+++ b/src/OAuth/OAuthResourceServer/Code/IDataApi.cs
@@ -0,0 +1,21 @@
+namespace OAuthResourceServer.Code {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Runtime.Serialization;
+	using System.ServiceModel;
+	using System.ServiceModel.Web;
+	using System.Text;
+
+	[ServiceContract]
+	public interface IDataApi {
+		[OperationContract, WebGet(UriTemplate = "/age", ResponseFormat = WebMessageFormat.Json)]
+		int? GetAge();
+
+		[OperationContract, WebGet(UriTemplate = "/name", ResponseFormat = WebMessageFormat.Json)]
+		string GetName();
+
+		[OperationContract, WebGet(UriTemplate = "/favoritesites", ResponseFormat = WebMessageFormat.Json)]
+		string[] GetFavoriteSites();
+	}
+}
\ No newline at end of file
diff --git a/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs b/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
new file mode 100644
index 0000000..8d0c13d
--- /dev/null
+++ b/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
@@ -0,0 +1,80 @@
+namespace OAuthResourceServer.Code {
+	using System;
+	using System.Collections.Generic;
+	using System.IdentityModel.Policy;
+	using System.Linq;
+	using System.Security.Principal;
+	using System.ServiceModel;
+	using System.ServiceModel.Channels;
+	using System.ServiceModel.Security;
+
+	using DotNetOpenAuth.Messaging;
+	using DotNetOpenAuth.OAuth2;
+
+	using ProtocolException = System.ServiceModel.ProtocolException;
+
+	/// <summary>
+	/// A WCF extension to authenticate incoming messages using OAuth.
+	/// </summary>
+	public class OAuthAuthorizationManager : ServiceAuthorizationManager {
+		public OAuthAuthorizationManager() {
+		}
+
+		protected override bool CheckAccessCore(OperationContext operationContext) {
+			if (!base.CheckAccessCore(operationContext)) {
+				return false;
+			}
+
+			var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
+			var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
+
+			try {
+				var principal = VerifyOAuth2(httpDetails, requestUri);
+				if (principal != null) {
+					var policy = new OAuthPrincipalAuthorizationPolicy(principal);
+					var policies = new List<IAuthorizationPolicy> {
+						policy,
+					};
+
+					var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
+					if (operationContext.IncomingMessageProperties.Security != null) {
+						operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
+					} else {
+						operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
+							ServiceSecurityContext = securityContext,
+						};
+					}
+
+					securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
+						principal.Identity,
+					};
+
+					// Only allow this method call if the access token scope permits it.
+					return principal.IsInRole(operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath);
+				} else {
+					return false;
+				}
+			} catch (ProtocolException ex) {
+				Global.Logger.Error("Error processing OAuth messages.", ex);
+			}
+
+			return false;
+		}
+
+		private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) {
+			// for this sample where the auth server and resource server are the same site,
+			// we use the same public/private key.
+			using (var signing = Global.CreateAuthorizationServerSigningServiceProvider()) {
+				using (var encrypting = Global.CreateResourceServerEncryptionServiceProvider()) {
+					var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
+
+					IPrincipal result;
+					var error = resourceServer.VerifyAccess(HttpRequestInfo.Create(httpDetails, requestUri), out result);
+
+					// TODO: return the prepared error code.
+					return error != null ? null : result;
+				}
+			}
+		}
+	}
+}
diff --git a/src/OAuth/OAuthResourceServer/Code/OAuthPrincipalAuthorizationPolicy.cs b/src/OAuth/OAuthResourceServer/Code/OAuthPrincipalAuthorizationPolicy.cs
new file mode 100644
index 0000000..ac01c4d
--- /dev/null
+++ b/src/OAuth/OAuthResourceServer/Code/OAuthPrincipalAuthorizationPolicy.cs
@@ -0,0 +1,47 @@
+namespace OAuthResourceServer.Code {
+	using System;
+	using System.Collections.Generic;
+	using System.IdentityModel.Claims;
+	using System.IdentityModel.Policy;
+	using System.Linq;
+	using System.Security.Principal;
+	using System.Web;
+
+	public class OAuthPrincipalAuthorizationPolicy : IAuthorizationPolicy {
+		private readonly Guid uniqueId = Guid.NewGuid();
+		private readonly IPrincipal principal;
+
+		/// <summary>
+		/// Initializes a new instance of the <see cref="OAuthPrincipalAuthorizationPolicy"/> class.
+		/// </summary>
+		/// <param name="principal">The principal.</param>
+		public OAuthPrincipalAuthorizationPolicy(IPrincipal principal) {
+			this.principal = principal;
+		}
+
+		#region IAuthorizationComponent Members
+
+		/// <summary>
+		/// Gets a unique ID for this instance.
+		/// </summary>
+		public string Id {
+			get { return this.uniqueId.ToString(); }
+		}
+
+		#endregion
+
+		#region IAuthorizationPolicy Members
+
+		public ClaimSet Issuer {
+			get { return ClaimSet.System; }
+		}
+
+		public bool Evaluate(EvaluationContext evaluationContext, ref object state) {
+			evaluationContext.AddClaimSet(this, new DefaultClaimSet(Claim.CreateNameClaim(this.principal.Identity.Name)));
+			evaluationContext.Properties["Principal"] = this.principal;
+			return true;
+		}
+
+		#endregion
+	}
+}
\ No newline at end of file
diff --git a/src/OAuth/OAuthResourceServer/Code/TracePageAppender.cs b/src/OAuth/OAuthResourceServer/Code/TracePageAppender.cs
new file mode 100644
index 0000000..4dc543f
--- /dev/null
+++ b/src/OAuth/OAuthResourceServer/Code/TracePageAppender.cs
@@ -0,0 +1,13 @@
+namespace OAuthResourceServer.Code {
+	using System;
+	using System.Collections.Generic;
+	using System.IO;
+	using System.Web;
+
+	public class TracePageAppender : log4net.Appender.AppenderSkeleton {
+		protected override void Append(log4net.Core.LoggingEvent loggingEvent) {
+			StringWriter sw = new StringWriter(Global.LogMessages);
+			Layout.Format(sw, loggingEvent);
+		}
+	}
+}
\ No newline at end of file