summaryrefslogtreecommitdiffstats
path: root/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
diff options
context:
space:
mode:
authorAndrew Arnott <andrewarnott@gmail.com>2010-04-18 22:29:23 -0400
committerAndrew Arnott <andrewarnott@gmail.com>2010-04-18 22:29:23 -0400
commitfef932af78eac2b775452c4a851e84a813027548 (patch)
tree7df395b2b795987d8ac4a7da231f30208916a88d /samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
parent5b47cd88af9d7b1fc04e69a98a6f912624d275a6 (diff)
downloadDotNetOpenAuth-fef932af78eac2b775452c4a851e84a813027548.zip
DotNetOpenAuth-fef932af78eac2b775452c4a851e84a813027548.tar.gz
DotNetOpenAuth-fef932af78eac2b775452c4a851e84a813027548.tar.bz2
Converted the OAuth consumer and SP sample web site projects to web application projects.
Diffstat (limited to 'samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs')
-rw-r--r--samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs63
1 files changed, 63 insertions, 0 deletions
diff --git a/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs b/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
new file mode 100644
index 0000000..ee90364
--- /dev/null
+++ b/samples/OAuthServiceProvider/Code/OAuthAuthorizationManager.cs
@@ -0,0 +1,63 @@
+using System;
+using System.Collections.Generic;
+using System.IdentityModel.Policy;
+using System.Linq;
+using System.Security.Principal;
+using System.ServiceModel;
+using System.ServiceModel.Channels;
+using System.ServiceModel.Security;
+using DotNetOpenAuth;
+using DotNetOpenAuth.OAuth;
+
+/// <summary>
+/// A WCF extension to authenticate incoming messages using OAuth.
+/// </summary>
+public class OAuthAuthorizationManager : ServiceAuthorizationManager {
+ public OAuthAuthorizationManager() {
+ }
+
+ protected override bool CheckAccessCore(OperationContext operationContext) {
+ if (!base.CheckAccessCore(operationContext)) {
+ return false;
+ }
+
+ HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
+ Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
+ ServiceProvider sp = Constants.CreateServiceProvider();
+ try {
+ var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
+ if (auth != null) {
+ var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
+
+ var principal = sp.CreatePrincipal(auth);
+ var policy = new OAuthPrincipalAuthorizationPolicy(principal);
+ var policies = new List<IAuthorizationPolicy> {
+ policy,
+ };
+
+ var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
+ if (operationContext.IncomingMessageProperties.Security != null) {
+ operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
+ } else {
+ operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
+ ServiceSecurityContext = securityContext,
+ };
+ }
+
+ securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
+ principal.Identity,
+ };
+
+ // Only allow this method call if the access token scope permits it.
+ string[] scopes = accessToken.Scope.Split('|');
+ if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
+ return true;
+ }
+ }
+ } catch (ProtocolException ex) {
+ Global.Logger.Error("Error processing OAuth messages.", ex);
+ }
+
+ return false;
+ }
+}
generated by cgit v1.1 at 2025-05-11 22:59:51 +0000