Adds a WebAPI sample that is its own authorization server and resource server.

1 files changed, 27 insertions, 0 deletions

diff --git a/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs
new file mode 100644
index 0000000..04296b4
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs
@@ -0,0 +1,27 @@
+namespace OAuth2ProtectedWebApi.Code {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Net.Http;
+	using System.Threading;
+	using System.Threading.Tasks;
+	using System.Web;
+
+	using DotNetOpenAuth.OAuth2;
+
+	public class BearerTokenHandler : DelegatingHandler {
+		protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
+			if (request.Headers.Authorization != null) {
+				if (request.Headers.Authorization.Scheme == "Bearer") {
+					string bearer = request.Headers.Authorization.Parameter;
+					var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(MemoryCryptoKeyStore.Instance));
+					var principal = await resourceServer.GetPrincipalAsync(request, cancellationToken);
+					HttpContext.Current.User = principal;
+					Thread.CurrentPrincipal = principal;
+				}
+			}
+
+			return await base.SendAsync(request, cancellationToken);
+		}
+	}
+}
\ No newline at end of file