Removes OAuthPrincipal in favor of ClaimsPrincipal.

11 files changed, 37 insertions, 184 deletions

diff --git a/projecttemplates/RelyingPartyLogic/OAuthAuthenticationModule.cs b/projecttemplates/RelyingPartyLogic/OAuthAuthenticationModule.cs
index 452a898..3d37e1f 100644
--- a/projecttemplates/RelyingPartyLogic/OAuthAuthenticationModule.cs
+++ b/projecttemplates/RelyingPartyLogic/OAuthAuthenticationModule.cs
@@ -8,6 +8,7 @@ namespace RelyingPartyLogic {
 	using System;
 	using System.Collections.Generic;
 	using System.Linq;
+	using System.Security.Claims;
 	using System.Security.Principal;
 	using System.Threading;
 	using System.Threading.Tasks;
@@ -84,7 +85,7 @@ namespace RelyingPartyLogic {
 		/// <param name="sender">The source of the event.</param>
 		/// <param name="e">The <see cref="System.Web.Security.RoleManagerEventArgs"/> instance containing the event data.</param>
 		private void roleManager_GetRoles(object sender, RoleManagerEventArgs e) {
-			if (this.application.User is DotNetOpenAuth.OAuth.ChannelElements.OAuthPrincipal) {
+			if (this.application.User is ClaimsPrincipal) {
 				e.RolesPopulated = true;
 			}
 		}
diff --git a/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj b/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj
index 380e62b..cffbec4 100644
--- a/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj
+++ b/samples/OAuth2ProtectedWebApi/OAuth2ProtectedWebApi.csproj
@@ -283,7 +283,7 @@
         <WebProjectProperties>
           <UseIIS>True</UseIIS>
           <AutoAssignPort>True</AutoAssignPort>
-          <DevelopmentServerPort>0</DevelopmentServerPort>
+          <DevelopmentServerPort>11473</DevelopmentServerPort>
           <DevelopmentServerVPath>/</DevelopmentServerVPath>
           <IISUrl>http://localhost:23603/</IISUrl>
           <NTLMAuthentication>False</NTLMAuthentication>
diff --git a/samples/OAuthServiceProvider/Code/OAuthPrincipalAuthorizationPolicy.cs b/samples/OAuthServiceProvider/Code/OAuthPrincipalAuthorizationPolicy.cs
index a25f4c5..4ce60bb 100644
--- a/samples/OAuthServiceProvider/Code/OAuthPrincipalAuthorizationPolicy.cs
+++ b/samples/OAuthServiceProvider/Code/OAuthPrincipalAuthorizationPolicy.cs
@@ -4,18 +4,19 @@
 	using System.IdentityModel.Claims;
 	using System.IdentityModel.Policy;
 	using System.Linq;
+	using System.Security.Principal;
 	using System.Web;
 	using DotNetOpenAuth.OAuth.ChannelElements;
 
 	public class OAuthPrincipalAuthorizationPolicy : IAuthorizationPolicy {
 		private readonly Guid uniqueId = Guid.NewGuid();
-		private readonly OAuthPrincipal principal;
+		private readonly IPrincipal principal;
 
 		/// <summary>
 		/// Initializes a new instance of the <see cref="OAuthPrincipalAuthorizationPolicy"/> class.
 		/// </summary>
 		/// <param name="principal">The principal.</param>
-		public OAuthPrincipalAuthorizationPolicy(OAuthPrincipal principal) {
+		public OAuthPrincipalAuthorizationPolicy(IPrincipal principal) {
 			this.principal = principal;
 		}
 
diff --git a/src/DotNetOpenAuth.OAuth.Common/DotNetOpenAuth.OAuth.Common.csproj b/src/DotNetOpenAuth.OAuth.Common/DotNetOpenAuth.OAuth.Common.csproj
index 89638d6..95549fe 100644
--- a/src/DotNetOpenAuth.OAuth.Common/DotNetOpenAuth.OAuth.Common.csproj
+++ b/src/DotNetOpenAuth.OAuth.Common/DotNetOpenAuth.OAuth.Common.csproj
@@ -21,7 +21,6 @@
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
   </PropertyGroup>
   <ItemGroup>
-    <Compile Include="OAuth\ChannelElements\OAuthIdentity.cs" />
     <Compile Include="OAuth\ChannelElements\OAuthPrincipal.cs" />
     <Compile Include="OAuth\DefaultOAuthHostFactories.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
diff --git a/src/DotNetOpenAuth.OAuth.Common/OAuth/ChannelElements/OAuthIdentity.cs b/src/DotNetOpenAuth.OAuth.Common/OAuth/ChannelElements/OAuthIdentity.cs
deleted file mode 100644
index 28e0333..0000000
--- a/src/DotNetOpenAuth.OAuth.Common/OAuth/ChannelElements/OAuthIdentity.cs
+++ /dev/null
@@ -1,64 +0,0 @@
-//-----------------------------------------------------------------------
-// <copyright file="OAuthIdentity.cs" company="Outercurve Foundation">
-//     Copyright (c) Outercurve Foundation. All rights reserved.
-// </copyright>
-//-----------------------------------------------------------------------
-
-namespace DotNetOpenAuth.OAuth.ChannelElements {
-	using System;
-	using System.Diagnostics.CodeAnalysis;
-	using System.Runtime.InteropServices;
-	using System.Security.Principal;
-	using DotNetOpenAuth.Messaging;
-	using Validation;
-
-	/// <summary>
-	/// Represents an OAuth consumer that is impersonating a known user on the system.
-	/// </summary>
-	[SuppressMessage("Microsoft.Interoperability", "CA1409:ComVisibleTypesShouldBeCreatable", Justification = "Not cocreatable.")]
-	[Serializable]
-	[ComVisible(true)]
-	public class OAuthIdentity : IIdentity {
-		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuthIdentity"/> class.
-		/// </summary>
-		/// <param name="username">The username.</param>
-		internal OAuthIdentity(string username) {
-			Requires.NotNullOrEmpty(username, "username");
-			this.Name = username;
-		}
-
-		#region IIdentity Members
-
-		/// <summary>
-		/// Gets the type of authentication used.
-		/// </summary>
-		/// <value>The constant "OAuth"</value>
-		/// <returns>
-		/// The type of authentication used to identify the user.
-		/// </returns>
-		public string AuthenticationType {
-			get { return "OAuth"; }
-		}
-
-		/// <summary>
-		/// Gets a value indicating whether the user has been authenticated.
-		/// </summary>
-		/// <value>The value <c>true</c></value>
-		/// <returns>true if the user was authenticated; otherwise, false.
-		/// </returns>
-		public bool IsAuthenticated {
-			get { return true; }
-		}
-
-		/// <summary>
-		/// Gets the name of the user who authorized the OAuth token the consumer is using for authorization.
-		/// </summary>
-		/// <returns>
-		/// The name of the user on whose behalf the code is running.
-		/// </returns>
-		public string Name { get; private set; }
-
-		#endregion
-	}
-}
diff --git a/src/DotNetOpenAuth.OAuth.Common/OAuth/ChannelElements/OAuthPrincipal.cs b/src/DotNetOpenAuth.OAuth.Common/OAuth/ChannelElements/OAuthPrincipal.cs
index 65d7042..988d727 100644
--- a/src/DotNetOpenAuth.OAuth.Common/OAuth/ChannelElements/OAuthPrincipal.cs
+++ b/src/DotNetOpenAuth.OAuth.Common/OAuth/ChannelElements/OAuthPrincipal.cs
@@ -1,6 +1,6 @@
 //-----------------------------------------------------------------------
-// <copyright file="OAuthPrincipal.cs" company="Outercurve Foundation">
-//     Copyright (c) Outercurve Foundation. All rights reserved.
+// <copyright file="OAuthPrincipal.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
 // </copyright>
 //-----------------------------------------------------------------------
 
@@ -11,87 +11,35 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 	using System.Diagnostics.CodeAnalysis;
 	using System.Linq;
 	using System.Runtime.InteropServices;
+	using System.Security.Claims;
 	using System.Security.Principal;
 
+	using Validation;
+
 	/// <summary>
-	/// Represents an OAuth consumer that is impersonating a known user on the system.
+	/// Utilities for dealing with OAuth claims and principals.
 	/// </summary>
-	[SuppressMessage("Microsoft.Interoperability", "CA1409:ComVisibleTypesShouldBeCreatable", Justification = "Not cocreatable.")]
-	[Serializable]
-	[ComVisible(true)]
-	public class OAuthPrincipal : IPrincipal {
-		/// <summary>
-		/// The roles this user belongs to.
-		/// </summary>
-		private ICollection<string> roles;
-
-		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuthPrincipal"/> class.
-		/// </summary>
-		/// <param name="userName">The username.</param>
-		/// <param name="roles">The roles this user belongs to.</param>
-		public OAuthPrincipal(string userName, string[] roles)
-			: this(new OAuthIdentity(userName), roles) {
-		}
-
-		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuthPrincipal"/> class.
-		/// </summary>
-		/// <param name="identity">The identity.</param>
-		/// <param name="roles">The roles this user belongs to.</param>
-		internal OAuthPrincipal(OAuthIdentity identity, string[] roles) {
-			this.Identity = identity;
-			this.roles = roles;
-		}
-
-		/// <summary>
-		/// Gets or sets the access token used to create this principal.
-		/// </summary>
-		/// <value>A non-empty string.</value>
-		public string AccessToken { get; protected set; }
-
+	internal static class OAuthPrincipal {
 		/// <summary>
-		/// Gets the roles that this principal has as a ReadOnlyCollection.
+		/// Creates a new instance of ClaimsPrincipal.
 		/// </summary>
-		public ReadOnlyCollection<string> Roles
-		{
-			get { return new ReadOnlyCollection<string>(this.roles.ToList()); }
-		}
-
-		#region IPrincipal Members
-
-		/// <summary>
-		/// Gets the identity of the current principal.
-		/// </summary>
-		/// <value></value>
+		/// <param name="userName">Name of the user.</param>
+		/// <param name="roles">The roles.</param>
 		/// <returns>
-		/// The <see cref="T:System.Security.Principal.IIdentity"/> object associated with the current principal.
+		/// A new instance of GenericPrincipal with a GenericIdentity, having the same username and roles as this OAuthPrincipal and OAuthIdentity
 		/// </returns>
-		public IIdentity Identity { get; private set; }
-
-		/// <summary>
-		/// Determines whether the current principal belongs to the specified role.
-		/// </summary>
-		/// <param name="role">The name of the role for which to check membership.</param>
-		/// <returns>
-		/// true if the current principal is a member of the specified role; otherwise, false.
-		/// </returns>
-		/// <remarks>
-		/// The role membership check uses <see cref="StringComparer.OrdinalIgnoreCase"/>.
-		/// </remarks>
-		public bool IsInRole(string role) {
-			return this.roles.Contains(role, StringComparer.OrdinalIgnoreCase);
-		}
-
-		#endregion
-
-		/// <summary>
-		/// Creates a new instance of GenericPrincipal based on this OAuthPrincipal.
-		/// </summary>
-		/// <returns>A new instance of GenericPrincipal with a GenericIdentity, having the same username and roles as this OAuthPrincipal and OAuthIdentity</returns>
-		public GenericPrincipal CreateGenericPrincipal()
-		{
-			return new GenericPrincipal(new GenericIdentity(this.Identity.Name), this.roles.ToArray());
+		internal static ClaimsPrincipal CreatePrincipal(string userName, IEnumerable<string> roles = null) {
+			Requires.NotNullOrEmpty(userName, "userName");
+
+			var claims = new List<Claim>();
+			claims.Add(new Claim(ClaimsIdentity.DefaultNameClaimType, userName));
+			if (roles != null) {
+				claims.AddRange(roles.Select(scope => new Claim(ClaimsIdentity.DefaultRoleClaimType, scope)));
+			}
+
+			var claimsIdentity = new ClaimsIdentity(claims, "OAuth 2 Bearer");
+			var principal = new ClaimsPrincipal(claimsIdentity);
+			return principal;
 		}
 	}
 }
diff --git a/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs b/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs
index a3afcd7..ee7b802 100644
--- a/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs
+++ b/src/DotNetOpenAuth.OAuth.Common/Properties/AssemblyInfo.cs
@@ -35,9 +35,13 @@ using System.Web.UI;
 // keep this assembly from being useful to shared host (medium trust) web sites.
 [assembly: AllowPartiallyTrustedCallers]
 
+[assembly: InternalsVisibleTo("DotNetOpenAuth.OAuth2.ResourceServer, PublicKey=0024000004800000940000000602000000240000525341310004000001000100AD093C3765257C89A7010E853F2C7C741FF92FA8ACE06D7B8254702CAD5CF99104447F63AB05F8BB6F51CE0D81C8C93D2FCE8C20AAFF7042E721CBA16EAAE98778611DED11C0ABC8900DC5667F99B50A9DADEC24DBD8F2C91E3E8AD300EF64F1B4B9536CEB16FB440AF939F57624A9B486F867807C649AE4830EAB88C6C03998")]
+[assembly: InternalsVisibleTo("DotNetOpenAuth.OAuth.ServiceProvider, PublicKey=0024000004800000940000000602000000240000525341310004000001000100AD093C3765257C89A7010E853F2C7C741FF92FA8ACE06D7B8254702CAD5CF99104447F63AB05F8BB6F51CE0D81C8C93D2FCE8C20AAFF7042E721CBA16EAAE98778611DED11C0ABC8900DC5667F99B50A9DADEC24DBD8F2C91E3E8AD300EF64F1B4B9536CEB16FB440AF939F57624A9B486F867807C649AE4830EAB88C6C03998")]
 [assembly: InternalsVisibleTo("DotNetOpenAuth.Test, PublicKey=0024000004800000940000000602000000240000525341310004000001000100AD093C3765257C89A7010E853F2C7C741FF92FA8ACE06D7B8254702CAD5CF99104447F63AB05F8BB6F51CE0D81C8C93D2FCE8C20AAFF7042E721CBA16EAAE98778611DED11C0ABC8900DC5667F99B50A9DADEC24DBD8F2C91E3E8AD300EF64F1B4B9536CEB16FB440AF939F57624A9B486F867807C649AE4830EAB88C6C03998")]
 [assembly: InternalsVisibleTo("DynamicProxyGenAssembly2, PublicKey=0024000004800000940000000602000000240000525341310004000001000100c547cac37abd99c8db225ef2f6c8a3602f3b3606cc9891605d02baa56104f4cfc0734aa39b93bf7852f7d9266654753cc297e7d2edfe0bac1cdcf9f717241550e0a7b191195b7667bb4f64bcb8e2121380fd1d9d46ad2d92d2d15605093924cceaf74c4861eff62abf69b9291ed0a340e113be11e6a7d3113e92484cf7045cc7")]
 #else
+[assembly: InternalsVisibleTo("DotNetOpenAuth.OAuth2.ResourceServer")]
+[assembly: InternalsVisibleTo("DotNetOpenAuth.OAuth.ServiceProvider")]
 [assembly: InternalsVisibleTo("DotNetOpenAuth.Test")]
 [assembly: InternalsVisibleTo("DynamicProxyGenAssembly2")]
 #endif
diff --git a/src/DotNetOpenAuth.OAuth.ServiceProvider/DotNetOpenAuth.OAuth.ServiceProvider.csproj b/src/DotNetOpenAuth.OAuth.ServiceProvider/DotNetOpenAuth.OAuth.ServiceProvider.csproj
index fd2aa9e..8e87ad4 100644
--- a/src/DotNetOpenAuth.OAuth.ServiceProvider/DotNetOpenAuth.OAuth.ServiceProvider.csproj
+++ b/src/DotNetOpenAuth.OAuth.ServiceProvider/DotNetOpenAuth.OAuth.ServiceProvider.csproj
@@ -25,7 +25,6 @@
     <Compile Include="OAuth\ChannelElements\IServiceProviderRequestToken.cs" />
     <Compile Include="OAuth\ChannelElements\IServiceProviderTokenManager.cs" />
     <Compile Include="OAuth\ChannelElements\ITokenGenerator.cs" />
-    <Compile Include="OAuth\ChannelElements\OAuth1Principal.cs" />
     <Compile Include="OAuth\ChannelElements\OAuthServiceProviderChannel.cs" />
     <Compile Include="OAuth\ChannelElements\OAuthServiceProviderMessageFactory.cs" />
     <Compile Include="OAuth\ChannelElements\RsaSha1ServiceProviderSigningBindingElement.cs" />
diff --git a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/OAuth1Principal.cs b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/OAuth1Principal.cs
deleted file mode 100644
index ff44a45..0000000
--- a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ChannelElements/OAuth1Principal.cs
+++ /dev/null
@@ -1,34 +0,0 @@
-//-----------------------------------------------------------------------
-// <copyright file="OAuth1Principal.cs" company="Outercurve Foundation">
-//     Copyright (c) Outercurve Foundation. All rights reserved.
-// </copyright>
-//-----------------------------------------------------------------------
-
-namespace DotNetOpenAuth.OAuth.ChannelElements {
-	using System;
-	using System.Collections.Generic;
-	using System.Diagnostics.CodeAnalysis;
-	using System.Linq;
-	using System.Runtime.InteropServices;
-	using System.Text;
-	using Validation;
-
-	/// <summary>
-	/// Represents an OAuth consumer that is impersonating a known user on the system.
-	/// </summary>
-	[SuppressMessage("Microsoft.Interoperability", "CA1409:ComVisibleTypesShouldBeCreatable", Justification = "Not cocreatable.")]
-	[Serializable]
-	[ComVisible(true)]
-	internal class OAuth1Principal : OAuthPrincipal {
-		/// <summary>
-		/// Initializes a new instance of the <see cref="OAuth1Principal"/> class.
-		/// </summary>
-		/// <param name="token">The access token.</param>
-		internal OAuth1Principal(IServiceProviderAccessToken token)
-			: base(token.Username, token.Roles) {
-			Requires.NotNull(token, "token");
-
-			this.AccessToken = token.Token;
-		}
-	}
-}
diff --git a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs
index 936bdaa..5e6cfb3 100644
--- a/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs
+++ b/src/DotNetOpenAuth.OAuth.ServiceProvider/OAuth/ServiceProvider.cs
@@ -412,11 +412,11 @@ namespace DotNetOpenAuth.OAuth {
 		/// </summary>
 		/// <param name="request">The request.</param>
 		/// <returns>The <see cref="IPrincipal"/> instance that can be used for access control of resources.</returns>
-		public OAuthPrincipal CreatePrincipal(AccessProtectedResourceRequest request) {
+		public IPrincipal CreatePrincipal(AccessProtectedResourceRequest request) {
 			Requires.NotNull(request, "request");
 
 			IServiceProviderAccessToken accessToken = this.TokenManager.GetAccessToken(request.AccessToken);
-			return new OAuth1Principal(accessToken);
+			return OAuthPrincipal.CreatePrincipal(accessToken.Username, accessToken.Roles);
 		}
 
 		#region IDisposable Members
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
index 7bc7c91..88ce451 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
@@ -11,6 +11,7 @@ namespace DotNetOpenAuth.OAuth2 {
 	using System.Linq;
 	using System.Net;
 	using System.Net.Http;
+	using System.Security.Claims;
 	using System.Security.Principal;
 	using System.ServiceModel.Channels;
 	using System.Text;
@@ -167,10 +168,8 @@ namespace DotNetOpenAuth.OAuth2 {
 			string principalUserName = !string.IsNullOrEmpty(accessToken.User)
 				? this.ResourceOwnerPrincipalPrefix + accessToken.User
 				: this.ClientPrincipalPrefix + accessToken.ClientIdentifier;
-			string[] principalScope = accessToken.Scope != null ? accessToken.Scope.ToArray() : new string[0];
-			var principal = new OAuthPrincipal(principalUserName, principalScope);
 
-			return principal;
+			return OAuthPrincipal.CreatePrincipal(principalUserName, accessToken.Scope);
 		}
 
 		/// <summary>