summaryrefslogtreecommitdiffstats
path: root/src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs')
-rw-r--r--src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs65
1 files changed, 65 insertions, 0 deletions
diff --git a/src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs b/src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
new file mode 100644
index 0000000..917a252
--- /dev/null
+++ b/src/OAuth/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
@@ -0,0 +1,65 @@
+namespace OAuthServiceProvider.Code {
+ using System;
+ using System.Collections.Generic;
+ using System.IdentityModel.Policy;
+ using System.Linq;
+ using System.Security.Principal;
+ using System.ServiceModel;
+ using System.ServiceModel.Channels;
+ using System.ServiceModel.Security;
+ using DotNetOpenAuth;
+ using DotNetOpenAuth.OAuth;
+
+ /// <summary>
+ /// A WCF extension to authenticate incoming messages using OAuth.
+ /// </summary>
+ public class OAuthAuthorizationManager : ServiceAuthorizationManager {
+ public OAuthAuthorizationManager() {
+ }
+
+ protected override bool CheckAccessCore(OperationContext operationContext) {
+ if (!base.CheckAccessCore(operationContext)) {
+ return false;
+ }
+
+ HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
+ Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
+ ServiceProvider sp = Constants.CreateServiceProvider();
+ try {
+ var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
+ if (auth != null) {
+ var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
+
+ var principal = sp.CreatePrincipal(auth);
+ var policy = new OAuthPrincipalAuthorizationPolicy(principal);
+ var policies = new List<IAuthorizationPolicy> {
+ policy,
+ };
+
+ var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
+ if (operationContext.IncomingMessageProperties.Security != null) {
+ operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
+ } else {
+ operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
+ ServiceSecurityContext = securityContext,
+ };
+ }
+
+ securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
+ principal.Identity,
+ };
+
+ // Only allow this method call if the access token scope permits it.
+ string[] scopes = accessToken.Scope.Split('|');
+ if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
+ return true;
+ }
+ }
+ } catch (ProtocolException ex) {
+ Global.Logger.Error("Error processing OAuth messages.", ex);
+ }
+
+ return false;
+ }
+ }
+} \ No newline at end of file
generated by cgit v1.1 at 2025-05-10 22:30:59 +0000