diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-31 22:01:16 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2010-07-31 22:01:16 -0700 |
| commit | c94c7f8197eda673947a9d1e0c0b3f3c4efca94f (patch) | |
| tree | 0f978cfc2de70c54ac81e11d4339da04dff9f27f /samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs | |
| parent | 7d38eefb65928a1e80036ec006b0e129dc2cface (diff) | |
| download | DotNetOpenAuth-c94c7f8197eda673947a9d1e0c0b3f3c4efca94f.zip DotNetOpenAuth-c94c7f8197eda673947a9d1e0c0b3f3c4efca94f.tar.gz DotNetOpenAuth-c94c7f8197eda673947a9d1e0c0b3f3c4efca94f.tar.bz2 | |
Split the OAuthServiceProvider sample into two samples: OAuthAuthorizationServer and OAuthResourceServer.
Renamed OAuthConsumer to OAuthClient.
Diffstat (limited to 'samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs')
| -rw-r--r-- | samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs new file mode 100644 index 0000000..d2d95fe --- /dev/null +++ b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs @@ -0,0 +1,79 @@ +namespace OAuthResourceServer.Code { + using System; + using System.Collections.Generic; + using System.IdentityModel.Policy; + using System.Linq; + using System.Security.Principal; + using System.ServiceModel; + using System.ServiceModel.Channels; + using System.ServiceModel.Security; + + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OAuth2; + + using ProtocolException = System.ServiceModel.ProtocolException; + + /// <summary> + /// A WCF extension to authenticate incoming messages using OAuth. + /// </summary> + public class OAuthAuthorizationManager : ServiceAuthorizationManager { + public OAuthAuthorizationManager() { + } + + protected override bool CheckAccessCore(OperationContext operationContext) { + if (!base.CheckAccessCore(operationContext)) { + return false; + } + + var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; + var requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri; + + try { + var principal = VerifyOAuth2(httpDetails, requestUri); + if (principal != null) { + var policy = new OAuthPrincipalAuthorizationPolicy(principal); + var policies = new List<IAuthorizationPolicy> { + policy, + }; + + var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); + if (operationContext.IncomingMessageProperties.Security != null) { + operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; + } else { + operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { + ServiceSecurityContext = securityContext, + }; + } + + securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { + principal.Identity, + }; + + // Only allow this method call if the access token scope permits it. + return principal.IsInRole(operationContext.IncomingMessageHeaders.Action); + } else { + return false; + } + } catch (ProtocolException ex) { + Global.Logger.Error("Error processing OAuth messages.", ex); + } + + return false; + } + + private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) { + // for this sample where the auth server and resource server are the same site, + // we use the same public/private key. + var resourceServer = new ResourceServer( + new StandardAccessTokenAnalyzer( + Global.AuthorizationServerSigningPublicKey, + Global.ResourceServerEncryptionPrivateKey)); + + IPrincipal result; + var error = resourceServer.VerifyAccess(new HttpRequestInfo(httpDetails, requestUri), out result); + + // TODO: return the prepared error code. + return error != null ? null : result; + } + } +}
\ No newline at end of file |