diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-04-22 08:00:42 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-04-22 08:00:42 -0700 |
| commit | 94d1c68291865dc4557c599ce19cbec3c10541ff (patch) | |
| tree | f4037266b384f92435b8132a80ea917befa92c32 /samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs | |
| parent | 1b6d8c2a40a019b43b252102353170380872da45 (diff) | |
| download | DotNetOpenAuth-94d1c68291865dc4557c599ce19cbec3c10541ff.zip DotNetOpenAuth-94d1c68291865dc4557c599ce19cbec3c10541ff.tar.gz DotNetOpenAuth-94d1c68291865dc4557c599ce19cbec3c10541ff.tar.bz2 | |
Fixes access denial errors from OAuth 2 resource servers so they include the required parameters in their WWW-Authenticate headers.
Fixes #124
Diffstat (limited to 'samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs')
| -rw-r--r-- | samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs index 353e838..31371db 100644 --- a/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs +++ b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs @@ -7,10 +7,9 @@ using System.ServiceModel; using System.ServiceModel.Channels; using System.ServiceModel.Security; - + using System.ServiceModel.Web; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2; - using ProtocolException = System.ServiceModel.ProtocolException; /// <summary> @@ -29,7 +28,7 @@ var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via; try { - var principal = VerifyOAuth2(httpDetails, requestUri); + var principal = VerifyOAuth2(httpDetails, requestUri, operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath); if (principal != null) { var policy = new OAuthPrincipalAuthorizationPolicy(principal); var policies = new List<IAuthorizationPolicy> { @@ -49,8 +48,7 @@ principal.Identity, }; - // Only allow this method call if the access token scope permits it. - return principal.IsInRole(operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath); + return true; } else { return false; } @@ -58,7 +56,8 @@ Global.Logger.Error("Error processing OAuth messages.", ex); // Return the appropriate unauthorized response to the client. - ex.ErrorResponse.Send(); + var outgoingResponse = ex.CreateErrorResponse(); + outgoingResponse.Respond(WebOperationContext.Current.OutgoingResponse); } catch (ProtocolException ex) { Global.Logger.Error("Error processing OAuth messages.", ex); } @@ -66,13 +65,13 @@ return false; } - private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) { + private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri, params string[] requiredScopes) { // for this sample where the auth server and resource server are the same site, // we use the same public/private key. using (var signing = Global.CreateAuthorizationServerSigningServiceProvider()) { using (var encrypting = Global.CreateResourceServerEncryptionServiceProvider()) { var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting)); - return resourceServer.GetPrincipal(httpDetails, requestUri); + return resourceServer.GetPrincipal(httpDetails, requestUri, requiredScopes); } } } |