Upgrade to latest nuget package

4 files changed, 52 insertions, 42 deletions

diff --git a/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs b/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
index 8d0c13d..62b1c59 100644
--- a/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
+++ b/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
@@ -7,7 +7,7 @@
 	using System.ServiceModel;
 	using System.ServiceModel.Channels;
 	using System.ServiceModel.Security;
-
+	using System.ServiceModel.Web;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OAuth2;
 
@@ -29,7 +29,7 @@
 			var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
 
 			try {
-				var principal = VerifyOAuth2(httpDetails, requestUri);
+				var principal = VerifyOAuth2(httpDetails, requestUri, operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath);
 				if (principal != null) {
 					var policy = new OAuthPrincipalAuthorizationPolicy(principal);
 					var policies = new List<IAuthorizationPolicy> {
@@ -49,11 +49,16 @@
 						principal.Identity,
 					};
 
-					// Only allow this method call if the access token scope permits it.
-					return principal.IsInRole(operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath);
+					return true;
 				} else {
 					return false;
 				}
+			} catch (ProtocolFaultResponseException ex) {
+				Global.Logger.Error("Error processing OAuth messages.", ex);
+
+				// Return the appropriate unauthorized response to the client.
+				var outgoingResponse = ex.CreateErrorResponse();
+				outgoingResponse.Respond(WebOperationContext.Current.OutgoingResponse);
 			} catch (ProtocolException ex) {
 				Global.Logger.Error("Error processing OAuth messages.", ex);
 			}
@@ -61,18 +66,13 @@
 			return false;
 		}
 
-		private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) {
+		private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri, params string[] requiredScopes) {
 			// for this sample where the auth server and resource server are the same site,
 			// we use the same public/private key.
 			using (var signing = Global.CreateAuthorizationServerSigningServiceProvider()) {
 				using (var encrypting = Global.CreateResourceServerEncryptionServiceProvider()) {
 					var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
-
-					IPrincipal result;
-					var error = resourceServer.VerifyAccess(HttpRequestInfo.Create(httpDetails, requestUri), out result);
-
-					// TODO: return the prepared error code.
-					return error != null ? null : result;
+					return resourceServer.GetPrincipal(httpDetails, requestUri, requiredScopes);
 				}
 			}
 		}
diff --git a/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj b/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj
index 9904726..80de421 100644
--- a/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj
+++ b/src/OAuth/OAuthResourceServer/OAuthResourceServer.csproj
@@ -1,6 +1,19 @@
 <?xml version="1.0" encoding="utf-8"?>

 <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.props))\EnlistmentInfo.props" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.props))' != '' " />

+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />

+  <PropertyGroup>

+    <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>

+    <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>

+    <OldToolsVersion>4.0</OldToolsVersion>

+    <IISExpressSSLPort />

+    <IISExpressAnonymousAuthentication />

+    <IISExpressWindowsAuthentication />

+    <IISExpressUseClassicPipelineMode />

+    <TargetFrameworkProfile />

+    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>

+    <RestorePackages>true</RestorePackages>

+  </PropertyGroup>

   <PropertyGroup>

     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>

     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>

@@ -14,10 +27,7 @@
     <RootNamespace>OAuthResourceServer</RootNamespace>

     <AssemblyName>OAuthResourceServer</AssemblyName>

     <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>

-    <UseIISExpress>false</UseIISExpress>

-    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>

-    <RestorePackages>true</RestorePackages>

-    <TargetFrameworkProfile />

+    <UseIISExpress>true</UseIISExpress>

   </PropertyGroup>

   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">

     <DebugSymbols>true</DebugSymbols>

@@ -38,16 +48,16 @@
   </PropertyGroup>

   <ItemGroup>

     <Reference Include="DotNetOpenAuth.Core">

-      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.0.0.12084\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>

+      <HintPath>..\..\..\packages\DotNetOpenAuth.Core.4.1.0.12182\lib\net40-full\DotNetOpenAuth.Core.dll</HintPath>

     </Reference>

     <Reference Include="DotNetOpenAuth.OAuth.Common">

-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.0.0.12084\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>

+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth.Common.4.1.0.12182\lib\net40-full\DotNetOpenAuth.OAuth.Common.dll</HintPath>

     </Reference>

     <Reference Include="DotNetOpenAuth.OAuth2">

-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.0.23.0-draft2\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>

+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.Core.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.dll</HintPath>

     </Reference>

     <Reference Include="DotNetOpenAuth.OAuth2.ResourceServer">

-      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.0.23.0-draft2\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>

+      <HintPath>..\..\..\packages\DotNetOpenAuth.OAuth2.ResourceServer.0.25.0-draft1\lib\net40-full\DotNetOpenAuth.OAuth2.ResourceServer.dll</HintPath>

     </Reference>

     <Reference Include="log4net">

       <HintPath>..\..\..\packages\log4net.2.0.0\lib\net40-full\log4net.dll</HintPath>

@@ -124,17 +134,17 @@
     <Content Include="packages.config" />

   </ItemGroup>

   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />

-  <Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v10.0\WebApplications\Microsoft.WebApplication.targets" />

+  <Import Project="$(VSToolsPath)\WebApplications\Microsoft.WebApplication.targets" Condition="'$(VSToolsPath)' != ''" />

+  <Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v10.0\WebApplications\Microsoft.WebApplication.targets" Condition="false" />

   <ProjectExtensions>

     <VisualStudio>

       <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">

         <WebProjectProperties>

-          <UseIIS>False</UseIIS>

+          <UseIIS>True</UseIIS>

           <AutoAssignPort>False</AutoAssignPort>

-          <DevelopmentServerPort>65169</DevelopmentServerPort>

+          <DevelopmentServerPort>65170</DevelopmentServerPort>

           <DevelopmentServerVPath>/</DevelopmentServerVPath>

-          <IISUrl>

-          </IISUrl>

+          <IISUrl>http://localhost:65170/</IISUrl>

           <NTLMAuthentication>False</NTLMAuthentication>

           <UseCustomServer>False</UseCustomServer>

           <CustomServerUrl>

@@ -144,12 +154,12 @@
       </FlavorProperties>

     </VisualStudio>

   </ProjectExtensions>

-  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
-       Other similar extension points exist, see Microsoft.Common.targets.
-  <Target Name="BeforeBuild">
-  </Target>
-  <Target Name="AfterBuild">
-  </Target>
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 

+       Other similar extension points exist, see Microsoft.Common.targets.

+  <Target Name="BeforeBuild">

+  </Target>

+  <Target Name="AfterBuild">

+  </Target>

   -->

   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))\EnlistmentInfo.targets" Condition=" '$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), EnlistmentInfo.targets))' != '' " />

   <Import Project="$(SolutionDir)\.nuget\nuget.targets" />

diff --git a/src/OAuth/OAuthResourceServer/Web.config b/src/OAuth/OAuthResourceServer/Web.config
index 1ab8dfa..74b01eb 100644
--- a/src/OAuth/OAuthResourceServer/Web.config
+++ b/src/OAuth/OAuthResourceServer/Web.config
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>

 <configuration>

   <configSections>

-    <section name="uri" type="System.Configuration.UriSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />

     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler" requirePermission="false" />

     <sectionGroup name="dotNetOpenAuth" type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection, DotNetOpenAuth.Core">

       <section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement, DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />

@@ -21,8 +20,8 @@
     <defaultProxy enabled="true" />

     <settings>

       <!-- This setting causes .NET to check certificate revocation lists (CRL) 

-           before trusting HTTPS certificates.  But this setting tends to not 

-           be allowed in shared hosting environments. -->

+			     before trusting HTTPS certificates.  But this setting tends to not 

+			     be allowed in shared hosting environments. -->

       <!--<servicePointManager checkCertificateRevocationList="true"/>-->

     </settings>

   </system.net>

@@ -106,10 +105,13 @@
           </identity>

         </endpoint>

         <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

-        <endpoint address="web" binding="webHttpBinding" contract="OAuthResourceServer.Code.IDataApi" behaviorConfiguration="DataApiWebBehavior" />

+        <endpoint address="web" binding="webHttpBinding" contract="OAuthResourceServer.Code.IDataApi" behaviorConfiguration="DataApiWebBehavior"></endpoint>

       </service>

     </services>

   </system.serviceModel>

+  <system.webServer>

+    <modules runAllManagedModulesForAllRequests="true" />

+  </system.webServer>

   <runtime>

     <!-- This prevents the Windows Event Log from frequently logging that HMAC1 is being used (when the other party needs it). -->

     <legacyHMACWarning enabled="0" />

diff --git a/src/OAuth/OAuthResourceServer/packages.config b/src/OAuth/OAuthResourceServer/packages.config
index 0e5b33a..4e51419 100644
--- a/src/OAuth/OAuthResourceServer/packages.config
+++ b/src/OAuth/OAuthResourceServer/packages.config
@@ -1,11 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>

 <packages>

-  <package id="CodeContracts.Unofficial" version="1.0.0.2" />

-  <package id="DotNetOpenAuth.Core" version="4.0.0.12084" />

-  <package id="DotNetOpenAuth.OAuth.Common" version="4.0.0.12084" />

-  <package id="DotNetOpenAuth.OAuth2.Core" version="0.23.0-draft" />

-  <package id="DotNetOpenAuth.OAuth2.Core" version="0.23.0-draft2" />

-  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="0.23.0-draft" />

-  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="0.23.0-draft2" />

-  <package id="log4net" version="2.0.0" />

+  <package id="CodeContracts.Unofficial" version="1.0.0.2" targetFramework="net40" />

+  <package id="DotNetOpenAuth.Core" version="4.1.0.12182" targetFramework="net40" />

+  <package id="DotNetOpenAuth.OAuth.Common" version="4.1.0.12182" targetFramework="net40" />

+  <package id="DotNetOpenAuth.OAuth2.Core" version="0.25.0-draft1" targetFramework="net40" />

+  <package id="DotNetOpenAuth.OAuth2.ResourceServer" version="0.25.0-draft1" targetFramework="net40" />

+  <package id="log4net" version="2.0.0" targetFramework="net40" />

 </packages>
\ No newline at end of file