Adds overloads of ResourceServer for HttpRequestMessage.

The GetPrincipal and GetAccessToken now better support
resource servers that are written in ASP.NET WebAPI.

Fixes #206

2 files changed, 90 insertions, 5 deletions

diff --git a/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs b/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs
index f613dc5..3ec590a 100644
--- a/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/HttpRequestInfo.cs
@@ -13,6 +13,10 @@ namespace DotNetOpenAuth.Messaging {
 	using System.Globalization;
 	using System.IO;
 	using System.Net;
+#if CLR4
+	using System.Net.Http;
+	using System.Net.Http.Headers;
+#endif
 	using System.Net.Mime;
 	using System.ServiceModel.Channels;
 	using System.Web;
@@ -105,12 +109,33 @@ namespace DotNetOpenAuth.Messaging {
 			this.requestUri = listenerRequest.Url;
 			this.queryString = listenerRequest.QueryString;
 			this.headers = listenerRequest.Headers;
-			this.form = ParseFormData(listenerRequest.HttpMethod, listenerRequest.Headers, listenerRequest.InputStream);
+			this.form = ParseFormData(listenerRequest.HttpMethod, listenerRequest.Headers, () => listenerRequest.InputStream);
 			this.serverVariables = new NameValueCollection();
 
 			Reporting.RecordRequestStatistics(this);
 		}
 
+#if CLR4
+		/// <summary>
+		/// Initializes a new instance of the <see cref="HttpRequestInfo" /> class.
+		/// </summary>
+		/// <param name="request">The request.</param>
+		internal HttpRequestInfo(HttpRequestMessage request) {
+			Requires.NotNull(request, "request");
+
+			this.httpMethod = request.Method.ToString();
+			this.requestUri = request.RequestUri;
+			this.queryString = HttpUtility.ParseQueryString(request.RequestUri.Query);
+			this.headers = new NameValueCollection();
+			AddHeaders(this.headers, request.Headers);
+			AddHeaders(this.headers, request.Content.Headers);
+			this.form = ParseFormData(this.httpMethod, this.headers, () => request.Content.ReadAsStreamAsync().Result);
+			this.serverVariables = new NameValueCollection();
+
+			Reporting.RecordRequestStatistics(this);
+		}
+#endif
+
 		/// <summary>
 		/// Initializes a new instance of the <see cref="HttpRequestInfo"/> class.
 		/// </summary>
@@ -126,7 +151,7 @@ namespace DotNetOpenAuth.Messaging {
 			this.requestUri = requestUri;
 			this.headers = headers;
 			this.queryString = HttpUtility.ParseQueryString(requestUri.Query);
-			this.form = ParseFormData(httpMethod, headers, inputStream);
+			this.form = ParseFormData(httpMethod, headers, () => inputStream);
 			this.serverVariables = new NameValueCollection();
 
 			Reporting.RecordRequestStatistics(this);
@@ -229,14 +254,15 @@ namespace DotNetOpenAuth.Messaging {
 		/// </summary>
 		/// <param name="httpMethod">The HTTP method.</param>
 		/// <param name="headers">The headers.</param>
-		/// <param name="inputStream">The input stream.</param>
+		/// <param name="inputStreamFunc">A function that returns the input stream.</param>
 		/// <returns>The non-null collection of form variables.</returns>
-		private static NameValueCollection ParseFormData(string httpMethod, NameValueCollection headers, Stream inputStream) {
+		private static NameValueCollection ParseFormData(string httpMethod, NameValueCollection headers, Func<Stream> inputStreamFunc) {
 			Requires.NotNullOrEmpty(httpMethod, "httpMethod");
 			Requires.NotNull(headers, "headers");
 
 			ContentType contentType = string.IsNullOrEmpty(headers[HttpRequestHeaders.ContentType]) ? null : new ContentType(headers[HttpRequestHeaders.ContentType]);
-			if (inputStream != null && httpMethod == "POST" && contentType != null && string.Equals(contentType.MediaType, Channel.HttpFormUrlEncoded, StringComparison.Ordinal)) {
+			if (httpMethod == "POST" && contentType != null && string.Equals(contentType.MediaType, Channel.HttpFormUrlEncoded, StringComparison.Ordinal) && inputStreamFunc != null) {
+				var inputStream = inputStreamFunc();
 				var reader = new StreamReader(inputStream);
 				long originalPosition = 0;
 				if (inputStream.CanSeek) {
@@ -252,5 +278,23 @@ namespace DotNetOpenAuth.Messaging {
 
 			return new NameValueCollection();
 		}
+
+#if CLR4
+		/// <summary>
+		/// Adds HTTP headers to a <see cref="NameValueCollection"/>.
+		/// </summary>
+		/// <param name="collectionToFill">The collection to be modified with added entries.</param>
+		/// <param name="headers">The collection to read from.</param>
+		private static void AddHeaders(NameValueCollection collectionToFill, HttpHeaders headers) {
+			Requires.NotNull(collectionToFill, "collectionToFill");
+			Requires.NotNull(headers, "headers");
+
+			foreach (var header in headers) {
+				foreach (var value in header.Value) {
+					collectionToFill.Add(header.Key, value);
+				}
+			}
+		}
+#endif
 	}
 }
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
index cd0fb55..896588f 100644
--- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
+++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
@@ -11,6 +11,9 @@ namespace DotNetOpenAuth.OAuth2 {
 	using System.Diagnostics.Contracts;
 	using System.Linq;
 	using System.Net;
+#if CLR4
+	using System.Net.Http;
+#endif
 	using System.Security.Principal;
 	using System.ServiceModel.Channels;
 	using System.Text;
@@ -126,6 +129,25 @@ namespace DotNetOpenAuth.OAuth2 {
 			}
 		}
 
+#if CLR4
+		/// <summary>
+		/// Discovers what access the client should have considering the access token in the current request.
+		/// </summary>
+		/// <param name="request">The HTTP request message.</param>
+		/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
+		/// <returns>
+		/// The access token describing the authorization the client has.  Never <c>null</c>.
+		/// </returns>
+		/// <exception cref="ProtocolFaultResponseException">
+		/// Thrown when the client is not authorized.  This exception should be caught and the
+		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
+		/// </exception>
+		public virtual AccessToken GetAccessToken(HttpRequestMessage request, params string[] requiredScopes) {
+			Requires.NotNull(request, "request");
+			return this.GetAccessToken(new HttpRequestInfo(request), requiredScopes);
+		}
+#endif
+
 		/// <summary>
 		/// Discovers what access the client should have considering the access token in the current request.
 		/// </summary>
@@ -174,5 +196,24 @@ namespace DotNetOpenAuth.OAuth2 {
 
 			return this.GetPrincipal(new HttpRequestInfo(request, requestUri), requiredScopes);
 		}
+
+#if CLR4
+		/// <summary>
+		/// Discovers what access the client should have considering the access token in the current request.
+		/// </summary>
+		/// <param name="request">HTTP details from an incoming HTTP request message.</param>
+		/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
+		/// <returns>
+		/// The principal that contains the user and roles that the access token is authorized for.  Never <c>null</c>.
+		/// </returns>
+		/// <exception cref="ProtocolFaultResponseException">
+		/// Thrown when the client is not authorized.  This exception should be caught and the
+		/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
+		/// </exception>
+		public IPrincipal GetPrincipal(HttpRequestMessage request, params string[] requiredScopes) {
+			Requires.NotNull(request, "request");
+			return this.GetPrincipal(new HttpRequestInfo(request), requiredScopes);
+		}
+#endif
 	}
 }