diff options
| author | David Christiansen <coding@davedoes.net> | 2012-06-30 16:06:46 -0700 |
|---|---|---|
| committer | David Christiansen <coding@davedoes.net> | 2012-06-30 16:06:46 -0700 |
| commit | 06401bb049dc29cf4446eb61a4a72317a644ce54 (patch) | |
| tree | 7c475929350b31b4b848a1faa57bd0d7cbbf512c /src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs | |
| parent | 02ce959db12fec57e846e5ebfa662cd0327ce69c (diff) | |
| parent | 3286c37f3a967e7d142534df84604a66be9d176c (diff) | |
| download | DotNetOpenAuth.Samples-06401bb049dc29cf4446eb61a4a72317a644ce54.zip DotNetOpenAuth.Samples-06401bb049dc29cf4446eb61a4a72317a644ce54.tar.gz DotNetOpenAuth.Samples-06401bb049dc29cf4446eb61a4a72317a644ce54.tar.bz2 | |
Merge pull request #1 from DavidChristiansen/master
Kachow!
Diffstat (limited to 'src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs')
| -rw-r--r-- | src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs b/src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs new file mode 100644 index 0000000..917a252 --- /dev/null +++ b/src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs @@ -0,0 +1,65 @@ +namespace OAuthServiceProvider.Code { + using System; + using System.Collections.Generic; + using System.IdentityModel.Policy; + using System.Linq; + using System.Security.Principal; + using System.ServiceModel; + using System.ServiceModel.Channels; + using System.ServiceModel.Security; + using DotNetOpenAuth; + using DotNetOpenAuth.OAuth; + + /// <summary> + /// A WCF extension to authenticate incoming messages using OAuth. + /// </summary> + public class OAuthAuthorizationManager : ServiceAuthorizationManager { + public OAuthAuthorizationManager() { + } + + protected override bool CheckAccessCore(OperationContext operationContext) { + if (!base.CheckAccessCore(operationContext)) { + return false; + } + + HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; + Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via; + ServiceProvider sp = Constants.CreateServiceProvider(); + try { + var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri); + if (auth != null) { + var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken); + + var principal = sp.CreatePrincipal(auth); + var policy = new OAuthPrincipalAuthorizationPolicy(principal); + var policies = new List<IAuthorizationPolicy> { + policy, + }; + + var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); + if (operationContext.IncomingMessageProperties.Security != null) { + operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; + } else { + operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { + ServiceSecurityContext = securityContext, + }; + } + + securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { + principal.Identity, + }; + + // Only allow this method call if the access token scope permits it. + string[] scopes = accessToken.Scope.Split('|'); + if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) { + return true; + } + } + } catch (ProtocolException ex) { + Global.Logger.Error("Error processing OAuth messages.", ex); + } + + return false; + } + } +}
\ No newline at end of file |