diff options
Diffstat (limited to 'samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs')
| -rw-r--r-- | samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs new file mode 100644 index 0000000..23ec087 --- /dev/null +++ b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs @@ -0,0 +1,30 @@ +namespace OAuth2ProtectedWebApi.Code { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Net.Http; + using System.Threading; + using System.Threading.Tasks; + using System.Web; + + using DotNetOpenAuth.OAuth2; + + /// <summary> + /// An HTTP server message handler that detects OAuth 2 bearer tokens in the authorization header + /// and applies the appropriate principal to the request when found. + /// </summary> + public class BearerTokenHandler : DelegatingHandler { + protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { + if (request.Headers.Authorization != null) { + if (request.Headers.Authorization.Scheme == "Bearer") { + var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AuthorizationServerHost.HardCodedCryptoKeyStore)); + var principal = await resourceServer.GetPrincipalAsync(request, cancellationToken); + HttpContext.Current.User = principal; + Thread.CurrentPrincipal = principal; + } + } + + return await base.SendAsync(request, cancellationToken); + } + } +}
\ No newline at end of file |