summaryrefslogtreecommitdiffstats
path: root/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs
diff options
context:
space:
mode:
Diffstat (limited to 'projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs')
-rw-r--r--projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs33
1 files changed, 33 insertions, 0 deletions
diff --git a/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs b/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs
new file mode 100644
index 0000000..ee254ac
--- /dev/null
+++ b/projecttemplates/WebFormsRelyingParty/Model.IssuedAccessToken.cs
@@ -0,0 +1,33 @@
+namespace WebFormsRelyingParty {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Web;
+ using DotNetOpenAuth.OAuth.ChannelElements;
+
+ public partial class IssuedAccessToken : IServiceProviderAccessToken {
+ string[] IServiceProviderAccessToken.Roles {
+ get {
+ List<string> roles = new List<string>();
+
+ // Include the roles the user who authorized this OAuth token has.
+ // TODO: code here
+
+ // Always add an extra role to indicate this is an OAuth-authorized request.
+ // This allows us to deny access to account management pages to OAuth requests.
+ roles.Add("OAuthToken");
+
+ return roles.ToArray();
+ }
+ }
+
+ string IServiceProviderAccessToken.Username {
+ get {
+ // We don't really have the concept of a single username, but we
+ // can use any of the authentication tokens instead since that
+ // is what the rest of the web site expects.
+ return this.User.AuthenticationTokens.First().ClaimedIdentifier;
+ }
+ }
+ }
+}
generated by cgit v1.1 at 2025-05-24 17:59:22 +0000