diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-11-15 15:30:38 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-11-15 15:30:38 -0800 |
| commit | 588bc035f93607b4179df9f7f42175c08e6cf7b5 (patch) | |
| tree | 965802693892616db01cf6997f060dda44518697 /projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs | |
| parent | 888abd61a54576ff244533693df77f174f03c2bb (diff) | |
| parent | 2ff3e125a7db35ce459b89add580aedf7d2bd7d4 (diff) | |
| download | DotNetOpenAuth-588bc035f93607b4179df9f7f42175c08e6cf7b5.zip DotNetOpenAuth-588bc035f93607b4179df9f7f42175c08e6cf7b5.tar.gz DotNetOpenAuth-588bc035f93607b4179df9f7f42175c08e6cf7b5.tar.bz2 | |
Merged working branch that splits the RP project template into two projects: a web project and a class library.
Merge branch 'projecttemplateLib'
Diffstat (limited to 'projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs')
| -rw-r--r-- | projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs new file mode 100644 index 0000000..752e2eb --- /dev/null +++ b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs @@ -0,0 +1,67 @@ +//----------------------------------------------------------------------- +// <copyright file="OAuthAuthorizationManager.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace RelyingPartyLogic { + using System; + using System.Collections.Generic; + using System.IdentityModel.Policy; + using System.Linq; + using System.Security.Principal; + using System.ServiceModel; + using System.ServiceModel.Channels; + using System.ServiceModel.Security; + using DotNetOpenAuth; + using DotNetOpenAuth.OAuth; + + /// <summary> + /// A WCF extension to authenticate incoming messages using OAuth. + /// </summary> + public class OAuthAuthorizationManager : ServiceAuthorizationManager { + public OAuthAuthorizationManager() { + } + + protected override bool CheckAccessCore(OperationContext operationContext) { + if (!base.CheckAccessCore(operationContext)) { + return false; + } + + HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; + Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri; + ServiceProvider sp = OAuthServiceProvider.ServiceProvider; + var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri); + if (auth != null) { + var accessToken = Database.DataContext.IssuedToken.OfType<IssuedAccessToken>().First(token => token.Token == auth.AccessToken); + + var principal = sp.CreatePrincipal(auth); + var policy = new OAuthPrincipalAuthorizationPolicy(principal); + var policies = new List<IAuthorizationPolicy> { + policy, + }; + + var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); + if (operationContext.IncomingMessageProperties.Security != null) { + operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; + } else { + operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { + ServiceSecurityContext = securityContext, + }; + } + + securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { + principal.Identity, + }; + + // Only allow this method call if the access token scope permits it. + string[] scopes = accessToken.Scope.Split('|'); + if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) { + return true; + } + } + + return false; + } + } +}
\ No newline at end of file |