diff options
Diffstat (limited to 'src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs')
| -rw-r--r-- | src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs b/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs index 8d0c13d..62b1c59 100644 --- a/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs +++ b/src/OAuth/OAuthResourceServer/Code/OAuthAuthorizationManager.cs @@ -7,7 +7,7 @@ using System.ServiceModel; using System.ServiceModel.Channels; using System.ServiceModel.Security; - + using System.ServiceModel.Web; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2; @@ -29,7 +29,7 @@ var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via; try { - var principal = VerifyOAuth2(httpDetails, requestUri); + var principal = VerifyOAuth2(httpDetails, requestUri, operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath); if (principal != null) { var policy = new OAuthPrincipalAuthorizationPolicy(principal); var policies = new List<IAuthorizationPolicy> { @@ -49,11 +49,16 @@ principal.Identity, }; - // Only allow this method call if the access token scope permits it. - return principal.IsInRole(operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath); + return true; } else { return false; } + } catch (ProtocolFaultResponseException ex) { + Global.Logger.Error("Error processing OAuth messages.", ex); + + // Return the appropriate unauthorized response to the client. + var outgoingResponse = ex.CreateErrorResponse(); + outgoingResponse.Respond(WebOperationContext.Current.OutgoingResponse); } catch (ProtocolException ex) { Global.Logger.Error("Error processing OAuth messages.", ex); } @@ -61,18 +66,13 @@ return false; } - private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) { + private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri, params string[] requiredScopes) { // for this sample where the auth server and resource server are the same site, // we use the same public/private key. using (var signing = Global.CreateAuthorizationServerSigningServiceProvider()) { using (var encrypting = Global.CreateResourceServerEncryptionServiceProvider()) { var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting)); - - IPrincipal result; - var error = resourceServer.VerifyAccess(HttpRequestInfo.Create(httpDetails, requestUri), out result); - - // TODO: return the prepared error code. - return error != null ? null : result; + return resourceServer.GetPrincipal(httpDetails, requestUri, requiredScopes); } } } |