More work toward a working authorization server.

3 files changed, 36 insertions, 48 deletions

diff --git a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs
index be6f885..15d791e 100644
--- a/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs
+++ b/samples/OAuthServiceProvider/Code/OAuth2AuthorizationServer.cs
@@ -1,4 +1,5 @@
-using DotNetOpenAuth.OAuth.ChannelElements;
+using DotNetOpenAuth.Messaging.Bindings;
+using DotNetOpenAuth.OAuth.ChannelElements;
 
 namespace OAuthServiceProvider.Code {
 	using System;
@@ -8,47 +9,28 @@ namespace OAuthServiceProvider.Code {
 	using DotNetOpenAuth.OAuthWrap;
 
 	internal class OAuth2AuthorizationServer : IAuthorizationServer {
+		private static readonly byte[] secret = new byte[] { 0x33, 0x55 }; // TODO: make this cryptographically strong and unique per app.
+		private readonly INonceStore nonceStore = new DatabaseNonceStore();
 		#region Implementation of IAuthorizationServer
 
-		public IConsumerDescription GetClient(string clientIdentifier)
-		{
-			throw new NotImplementedException();
-		}
-
-		#endregion
-
 		public byte[] Secret {
-			get { throw new NotImplementedException(); }
+			get { return secret; }
 		}
 
 		public DotNetOpenAuth.Messaging.Bindings.INonceStore VerificationCodeNonceStore {
-			get { throw new NotImplementedException(); }
+			get { return this.nonceStore; }
 		}
 
-		private class ConsumerDescription : IConsumerDescription {
-			public string Key {
-				get { throw new NotImplementedException(); }
-			}
-
-			public string Secret {
-				get { throw new NotImplementedException(); }
-			}
-
-			public System.Security.Cryptography.X509Certificates.X509Certificate2 Certificate {
-				get { throw new NotImplementedException(); }
+		public IConsumerDescription GetClient(string clientIdentifier) {
+			var consumerRow = Global.DataContext.OAuthConsumers.SingleOrDefault(
+				consumerCandidate => consumerCandidate.ConsumerKey == clientIdentifier);
+			if (consumerRow == null) {
+				throw new ArgumentOutOfRangeException("clientIdentifier");
 			}
 
-			public Uri Callback {
-				get { throw new NotImplementedException(); }
-			}
-
-			public DotNetOpenAuth.OAuth.VerificationCodeFormat VerificationCodeFormat {
-				get { throw new NotImplementedException(); }
-			}
-
-			public int VerificationCodeLength {
-				get { throw new NotImplementedException(); }
-			}
+			return consumerRow;
 		}
+
+		#endregion
 	}
 }
\ No newline at end of file
diff --git a/samples/OAuthServiceProvider/OAuth2.ashx.cs b/samples/OAuthServiceProvider/OAuth2.ashx.cs
index 17586be..cd76254 100644
--- a/samples/OAuthServiceProvider/OAuth2.ashx.cs
+++ b/samples/OAuthServiceProvider/OAuth2.ashx.cs
@@ -4,6 +4,7 @@
 	using System.Linq;
 	using System.Net;
 	using System.Web;
+	using System.Web.SessionState;
 	using Code;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OAuthWrap;
@@ -11,29 +12,34 @@
 	/// <summary>
 	/// Summary description for OAuth2
 	/// </summary>
-	public class OAuth2 : IHttpHandler {
+	public class OAuth2 : IHttpHandler, IRequiresSessionState {
 		/// <summary>
 		/// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="T:System.Web.IHttpHandler"/> interface.
 		/// </summary>
 		/// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>
 		public void ProcessRequest(HttpContext context) {
 			IDirectResponseProtocolMessage response;
-			if (Global.AuthorizationServer.TryPrepareAccessTokenResponse(out response)) {
-				Global.AuthorizationServer.Channel.Send(response);
-			} else {
-				var request = Global.AuthorizationServer.ReadAuthorizationRequest();
-				if (request == null) {
-					throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
-				}
+			switch (context.Request.PathInfo) {
+				case "/token":
+					if (Global.AuthorizationServer.TryPrepareAccessTokenResponse(out response)) {
+						Global.AuthorizationServer.Channel.Send(response);
+					}
+					break;
+				case "/auth":
+					var request = Global.AuthorizationServer.ReadAuthorizationRequest();
+					if (request == null) {
+						throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
+					}
 
-				// This sample doesn't implement support for immediate mode.
-				if (!request.IsUserInteractionAllowed) {
-					Global.AuthorizationServer.RejectAuthorizationRequest(request);
-				}
+					// This sample doesn't implement support for immediate mode.
+					if (!request.IsUserInteractionAllowed) {
+						Global.AuthorizationServer.RejectAuthorizationRequest(request);
+					}
 
-				// Redirect the user to a page that requires the user to be logged in.
-				Global.PendingOAuth2Authorization = request;
-				context.Response.Redirect("~/Members/Authorize2.aspx");
+					// Redirect the user to a page that requires the user to be logged in.
+					Global.PendingOAuth2Authorization = request;
+					context.Response.Redirect("~/Members/Authorize2.aspx");
+					break;
 			}
 		}
 
diff --git a/samples/OAuthServiceProvider/Web.config b/samples/OAuthServiceProvider/Web.config
index dc440fd..9a53b4a 100644
--- a/samples/OAuthServiceProvider/Web.config
+++ b/samples/OAuthServiceProvider/Web.config
@@ -43,7 +43,7 @@
 
 	<appSettings/>
 	<connectionStrings>
-  <add name="DatabaseConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True"
+  <add name="DatabaseConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database3.mdf;Integrated Security=True;User Instance=True"
    providerName="System.Data.SqlClient" />
  </connectionStrings>