diff options
Diffstat (limited to 'projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs')
| -rw-r--r-- | projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs index 1a3a0f0..e38d955 100644 --- a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs +++ b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationManager.cs @@ -14,6 +14,7 @@ namespace RelyingPartyLogic { using System.ServiceModel.Channels; using System.ServiceModel.Security; using DotNetOpenAuth; + using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth; using DotNetOpenAuth.OAuth2; @@ -37,33 +38,33 @@ namespace RelyingPartyLogic { var resourceServer = new ResourceServer(tokenAnalyzer); try { - IPrincipal principal; - var errorResponse = resourceServer.VerifyAccess(httpDetails, requestUri, out principal); - if (errorResponse == null) { - var policy = new OAuthPrincipalAuthorizationPolicy(principal); - var policies = new List<IAuthorizationPolicy> { + IPrincipal principal = resourceServer.GetPrincipal(httpDetails, requestUri); + var policy = new OAuthPrincipalAuthorizationPolicy(principal); + var policies = new List<IAuthorizationPolicy> { policy, }; - var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); - if (operationContext.IncomingMessageProperties.Security != null) { - operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; - } else { - operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { - ServiceSecurityContext = securityContext, - }; - } + var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); + if (operationContext.IncomingMessageProperties.Security != null) { + operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; + } else { + operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { + ServiceSecurityContext = securityContext, + }; + } - securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { + securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { principal.Identity, }; - // Only allow this method call if the access token scope permits it. - if (principal.IsInRole(operationContext.IncomingMessageHeaders.Action)) { - return true; - } + // Only allow this method call if the access token scope permits it. + if (principal.IsInRole(operationContext.IncomingMessageHeaders.Action)) { + return true; } - } catch (ProtocolException /*ex*/) { + } catch (ProtocolFaultResponseException ex) { + // Return the appropriate unauthorized response to the client. + ex.ErrorResponse.Send(); + } catch (DotNetOpenAuth.Messaging.ProtocolException/* ex*/) { ////Logger.Error("Error processing OAuth messages.", ex); } } |