summaryrefslogtreecommitdiffstats
path: root/samples/OAuth2ProtectedWebApi/Code
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OAuth2ProtectedWebApi/Code')
-rw-r--r--samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs49
-rw-r--r--samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs27
-rw-r--r--samples/OAuth2ProtectedWebApi/Code/HttpHeaderAttribute.cs41
-rw-r--r--samples/OAuth2ProtectedWebApi/Code/MemoryCryptoKeyStore.cs54
-rw-r--r--samples/OAuth2ProtectedWebApi/Code/MemoryNonceStore.cs14
5 files changed, 185 insertions, 0 deletions
diff --git a/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs b/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
new file mode 100644
index 0000000..73c5864
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Code/AuthorizationServerHost.cs
@@ -0,0 +1,49 @@
+namespace OAuth2ProtectedWebApi {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Web;
+ using DotNetOpenAuth.Messaging.Bindings;
+ using DotNetOpenAuth.OAuth2;
+ using DotNetOpenAuth.OAuth2.ChannelElements;
+ using DotNetOpenAuth.OAuth2.Messages;
+ using OAuth2ProtectedWebApi.Code;
+
+ public class AuthorizationServerHost : IAuthorizationServerHost {
+ private static ICryptoKeyStore cryptoKeyStore = MemoryCryptoKeyStore.Instance;
+
+ private static INonceStore nonceStore = new MemoryNonceStore();
+
+ public ICryptoKeyStore CryptoKeyStore {
+ get { return cryptoKeyStore; }
+ }
+
+ public INonceStore NonceStore {
+ get { return nonceStore; }
+ }
+
+ public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) {
+ var accessToken = new AuthorizationServerAccessToken();
+ accessToken.Lifetime = TimeSpan.FromHours(1);
+ accessToken.SymmetricKeyStore = this.CryptoKeyStore;
+ var result = new AccessTokenResult(accessToken);
+ return result;
+ }
+
+ public IClientDescription GetClient(string clientIdentifier) {
+ return new ClientDescription("zzz", new Uri("http://www.microsoft.com/en-us/default.aspx"), ClientType.Confidential);
+ }
+
+ public bool IsAuthorizationValid(IAuthorizationDescription authorization) {
+ return true;
+ }
+
+ public AutomatedUserAuthorizationCheckResponse CheckAuthorizeResourceOwnerCredentialGrant(string userName, string password, IAccessTokenRequest accessRequest) {
+ throw new NotSupportedException();
+ }
+
+ public AutomatedAuthorizationCheckResponse CheckAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest) {
+ throw new NotSupportedException();
+ }
+ }
+} \ No newline at end of file
diff --git a/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs
new file mode 100644
index 0000000..04296b4
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Code/BearerTokenHandler.cs
@@ -0,0 +1,27 @@
+namespace OAuth2ProtectedWebApi.Code {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Net.Http;
+ using System.Threading;
+ using System.Threading.Tasks;
+ using System.Web;
+
+ using DotNetOpenAuth.OAuth2;
+
+ public class BearerTokenHandler : DelegatingHandler {
+ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) {
+ if (request.Headers.Authorization != null) {
+ if (request.Headers.Authorization.Scheme == "Bearer") {
+ string bearer = request.Headers.Authorization.Parameter;
+ var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(MemoryCryptoKeyStore.Instance));
+ var principal = await resourceServer.GetPrincipalAsync(request, cancellationToken);
+ HttpContext.Current.User = principal;
+ Thread.CurrentPrincipal = principal;
+ }
+ }
+
+ return await base.SendAsync(request, cancellationToken);
+ }
+ }
+} \ No newline at end of file
diff --git a/samples/OAuth2ProtectedWebApi/Code/HttpHeaderAttribute.cs b/samples/OAuth2ProtectedWebApi/Code/HttpHeaderAttribute.cs
new file mode 100644
index 0000000..3bff848
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Code/HttpHeaderAttribute.cs
@@ -0,0 +1,41 @@
+namespace OAuth2ProtectedWebApi.Code {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Web;
+ using System.Web.Mvc;
+
+ /// <summary>
+ /// Represents an attribute that is used to add HTTP Headers to a Controller Action response.
+ /// </summary>
+ public class HttpHeaderAttribute : ActionFilterAttribute {
+ /// <summary>
+ /// Initializes a new instance of the <see cref="HttpHeaderAttribute"/> class.
+ /// </summary>
+ /// <param name="name">The HTTP header name.</param>
+ /// <param name="value">The HTTP header value.</param>
+ public HttpHeaderAttribute(string name, string value) {
+ this.Name = name;
+ this.Value = value;
+ }
+
+ /// <summary>
+ /// Gets or sets the name of the HTTP Header.
+ /// </summary>
+ public string Name { get; set; }
+
+ /// <summary>
+ /// Gets or sets the value of the HTTP Header.
+ /// </summary>
+ public string Value { get; set; }
+
+ /// <summary>
+ /// Called by the MVC framework after the action result executes.
+ /// </summary>
+ /// <param name="filterContext">The filter context.</param>
+ public override void OnResultExecuted(ResultExecutedContext filterContext) {
+ filterContext.HttpContext.Response.AppendHeader(this.Name, this.Value);
+ base.OnResultExecuted(filterContext);
+ }
+ }
+} \ No newline at end of file
diff --git a/samples/OAuth2ProtectedWebApi/Code/MemoryCryptoKeyStore.cs b/samples/OAuth2ProtectedWebApi/Code/MemoryCryptoKeyStore.cs
new file mode 100644
index 0000000..2bed4fd
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Code/MemoryCryptoKeyStore.cs
@@ -0,0 +1,54 @@
+namespace OAuth2ProtectedWebApi.Code {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Web;
+
+ using DotNetOpenAuth.Messaging.Bindings;
+
+ internal class MemoryCryptoKeyStore : ICryptoKeyStore {
+ private Dictionary<string, Dictionary<string, CryptoKey>> keys = new Dictionary<string, Dictionary<string, CryptoKey>>();
+
+ private MemoryCryptoKeyStore() {
+ }
+
+ internal static ICryptoKeyStore Instance = new MemoryCryptoKeyStore();
+
+ public CryptoKey GetKey(string bucket, string handle) {
+ Dictionary<string, CryptoKey> keyBucket;
+ if (this.keys.TryGetValue(bucket, out keyBucket)) {
+ CryptoKey key;
+ if (keyBucket.TryGetValue(handle, out key)) {
+ return key;
+ }
+ }
+
+ return null;
+ }
+
+ public IEnumerable<KeyValuePair<string, CryptoKey>> GetKeys(string bucket) {
+ Dictionary<string, CryptoKey> keyBucket;
+ if (this.keys.TryGetValue(bucket, out keyBucket)) {
+ foreach (var cryptoKey in keyBucket) {
+ yield return cryptoKey;
+ }
+ }
+ }
+
+ public void StoreKey(string bucket, string handle, CryptoKey key) {
+ Dictionary<string, CryptoKey> keyBucket;
+ if (!this.keys.TryGetValue(bucket, out keyBucket)) {
+ keyBucket = this.keys[bucket] = new Dictionary<string, CryptoKey>();
+ }
+
+ keyBucket[handle] = key;
+ }
+
+ public void RemoveKey(string bucket, string handle) {
+ Dictionary<string, CryptoKey> keyBucket;
+ if (this.keys.TryGetValue(bucket, out keyBucket)) {
+ keyBucket.Remove(handle);
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/samples/OAuth2ProtectedWebApi/Code/MemoryNonceStore.cs b/samples/OAuth2ProtectedWebApi/Code/MemoryNonceStore.cs
new file mode 100644
index 0000000..3bec259
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Code/MemoryNonceStore.cs
@@ -0,0 +1,14 @@
+namespace OAuth2ProtectedWebApi.Code {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Web;
+
+ using DotNetOpenAuth.Messaging.Bindings;
+
+ internal class MemoryNonceStore : INonceStore {
+ public bool StoreNonce(string context, string nonce, DateTime timestampUtc) {
+ return true;
+ }
+ }
+} \ No newline at end of file
generated by cgit v1.1 at 2025-05-12 21:05:39 +0000