Avoid a NullReferenceException is an OAuth 2 resource server's direct response message doesn't implement IHttpDirectResponse.

1 files changed, 7 insertions, 3 deletions

diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
index cc61d47..7ea6542 100644
--- a/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
+++ b/src/DotNetOpenAuth.OAuth2/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs
@@ -107,9 +107,13 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements {
 
 			// First initialize based on the specifics within the message.
 			var httpResponse = response as IHttpDirectResponse;
-			webResponse.Status = httpResponse != null ? httpResponse.HttpStatusCode : HttpStatusCode.Unauthorized;
-			foreach (string headerName in httpResponse.Headers) {
-				webResponse.Headers.Add(headerName, httpResponse.Headers[headerName]);
+			if (httpResponse != null) {
+				webResponse.Status = httpResponse.HttpStatusCode;
+				foreach (string headerName in httpResponse.Headers) {
+					webResponse.Headers.Add(headerName, httpResponse.Headers[headerName]);
+				}
+			} else {
+				webResponse.Status = HttpStatusCode.Unauthorized;
 			}
 
 			// Now serialize all the message parts into the WWW-Authenticate header.