diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-12 22:00:46 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-12 22:00:46 -0700 |
| commit | eea1b39e043cbd64bccda02e9c9da81aeb359ada (patch) | |
| tree | 39f6a1ba996bb6ebf081d5a41b25d5ebebc3f6cd /projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs | |
| parent | 096a53e5a79cac2eecb1311661a255a5f4e6aa6e (diff) | |
| download | DotNetOpenAuth-eea1b39e043cbd64bccda02e9c9da81aeb359ada.zip DotNetOpenAuth-eea1b39e043cbd64bccda02e9c9da81aeb359ada.tar.gz DotNetOpenAuth-eea1b39e043cbd64bccda02e9c9da81aeb359ada.tar.bz2 | |
Work toward the WebFormsRelyingParty project template to use OAuth 2.0 instead of 1.0a.
It compiles now. (and the MVC one doesn't).
Diffstat (limited to 'projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs')
| -rw-r--r-- | projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs index 35af472..f4e27a4 100644 --- a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs +++ b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs @@ -15,6 +15,7 @@ namespace RelyingPartyLogic { using System.ServiceModel.Security; using DotNetOpenAuth; using DotNetOpenAuth.OAuth; + using DotNetOpenAuth.OAuth2; /// <summary> /// A WCF extension to authenticate incoming messages using OAuth. @@ -28,15 +29,16 @@ namespace RelyingPartyLogic { return false; } - HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; - Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri; - ServiceProvider sp = OAuthServiceProvider.ServiceProvider; - try { - var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri); - if (auth != null) { - var accessToken = Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>().First(token => token.Token == auth.AccessToken); + var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; + var requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri; - var principal = sp.CreatePrincipal(auth); + var tokenAnalyzer = new StandardAccessTokenAnalyzer(OAuthAuthorizationServer.AsymmetricKey, OAuthAuthorizationServer.AsymmetricKey); + var resourceServer = new ResourceServer(tokenAnalyzer); + + try { + IPrincipal principal; + var errorResponse = resourceServer.VerifyAccess(httpDetails, requestUri, out principal); + if (errorResponse == null) { var policy = new OAuthPrincipalAuthorizationPolicy(principal); var policies = new List<IAuthorizationPolicy> { policy, @@ -56,8 +58,7 @@ namespace RelyingPartyLogic { }; // Only allow this method call if the access token scope permits it. - string[] scopes = accessToken.Scope.Split('|'); - if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) { + if (principal.IsInRole(operationContext.IncomingMessageHeaders.Action)) { return true; } } |