Removes the memory crypto key store from the sample.

We now have a 'hard-coded' secret key store that trivial apps/samples may use to keep things simple until they create a database table.

1 files changed, 5 insertions, 2 deletions

diff --git a/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs
index 04296b4..23ec087 100644
--- a/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs
+++ b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs
@@ -9,12 +9,15 @@
 
 	using DotNetOpenAuth.OAuth2;
 
+	/// <summary>
+	/// An HTTP server message handler that detects OAuth 2 bearer tokens in the authorization header
+	/// and applies the appropriate principal to the request when found.
+	/// </summary>
 	public class BearerTokenHandler : DelegatingHandler {
 		protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
 			if (request.Headers.Authorization != null) {
 				if (request.Headers.Authorization.Scheme == "Bearer") {
-					string bearer = request.Headers.Authorization.Parameter;
-					var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(MemoryCryptoKeyStore.Instance));
+					var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AuthorizationServerHost.HardCodedCryptoKeyStore));
 					var principal = await resourceServer.GetPrincipalAsync(request, cancellationToken);
 					HttpContext.Current.User = principal;
 					Thread.CurrentPrincipal = principal;