summaryrefslogtreecommitdiffstats
path: root/samples/OAuth2ProtectedWebApi/Controllers
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OAuth2ProtectedWebApi/Controllers')
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/HomeController.cs13
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/TokenController.cs19
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/UserController.cs46
-rw-r--r--samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs33
4 files changed, 111 insertions, 0 deletions
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/HomeController.cs b/samples/OAuth2ProtectedWebApi/Controllers/HomeController.cs
new file mode 100644
index 0000000..3244000
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Controllers/HomeController.cs
@@ -0,0 +1,13 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+using System.Web.Mvc;
+
+namespace OAuth2ProtectedWebApi.Controllers {
+ public class HomeController : Controller {
+ public ActionResult Index() {
+ return View();
+ }
+ }
+}
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/TokenController.cs b/samples/OAuth2ProtectedWebApi/Controllers/TokenController.cs
new file mode 100644
index 0000000..2e2873a
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Controllers/TokenController.cs
@@ -0,0 +1,19 @@
+namespace OAuth2ProtectedWebApi.Controllers {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Net;
+ using System.Net.Http;
+ using System.Threading.Tasks;
+ using System.Web.Http;
+
+ using DotNetOpenAuth.OAuth2;
+
+ public class TokenController : ApiController {
+ // POST /api/token
+ public Task<HttpResponseMessage> Post(HttpRequestMessage request) {
+ var authServer = new AuthorizationServer(new AuthorizationServerHost());
+ return authServer.HandleTokenRequestAsync(request);
+ }
+ }
+} \ No newline at end of file
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
new file mode 100644
index 0000000..c65258f
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs
@@ -0,0 +1,46 @@
+namespace OAuth2ProtectedWebApi.Controllers {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Net.Http;
+ using System.Security.Principal;
+ using System.Threading.Tasks;
+ using System.Web;
+ using System.Web.Mvc;
+
+ using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.OAuth2;
+ using DotNetOpenAuth.OAuth2.Messages;
+ using OAuth2ProtectedWebApi.Code;
+
+ // [Authorize]
+ public class UserController : Controller {
+ [HttpGet]
+ [HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
+ public async Task<ActionResult> Authorize() {
+ var authServer = new AuthorizationServer(new AuthorizationServerHost());
+ var authRequest = await authServer.ReadAuthorizationRequestAsync(this.Request);
+ this.ViewData["scope"] = authRequest.Scope;
+ this.ViewData["request"] = this.Request.Url;
+ return View();
+ }
+
+ [HttpPost, ValidateAntiForgeryToken]
+ public async Task<ActionResult> Respond(string request, bool approval) {
+ System.Web.HttpContext.Current.User = new GenericPrincipal(new GenericIdentity("Andrew"), new string[0]);
+ var authServer = new AuthorizationServer(new AuthorizationServerHost());
+ var httpInfo = HttpRequestInfo.Create(HttpMethod.Get.Method, new Uri(request));
+ var authRequest = await authServer.ReadAuthorizationRequestAsync(httpInfo);
+ IProtocolMessage responseMessage;
+ if (approval) {
+ responseMessage = authServer.PrepareApproveAuthorizationRequest(
+ authRequest, this.User.Identity.Name, authRequest.Scope);
+ } else {
+ responseMessage = authServer.PrepareRejectAuthorizationRequest(authRequest);
+ }
+
+ var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
+ return response.AsActionResult();
+ }
+ }
+}
diff --git a/samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs b/samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs
new file mode 100644
index 0000000..601d26e
--- /dev/null
+++ b/samples/OAuth2ProtectedWebApi/Controllers/ValuesController.cs
@@ -0,0 +1,33 @@
+namespace OAuth2ProtectedWebApi.Controllers {
+ using System;
+ using System.Collections.Generic;
+ using System.Linq;
+ using System.Net;
+ using System.Net.Http;
+ using System.Web.Http;
+
+ [Authorize]
+ public class ValuesController : ApiController {
+ // GET api/values
+ public IEnumerable<string> Get() {
+ return new string[] { "value1", "value2" };
+ }
+
+ // GET api/values/5
+ public string Get(int id) {
+ return "value";
+ }
+
+ // POST api/values
+ public void Post([FromBody]string value) {
+ }
+
+ // PUT api/values/5
+ public void Put(int id, [FromBody]string value) {
+ }
+
+ // DELETE api/values/5
+ public void Delete(int id) {
+ }
+ }
+} \ No newline at end of file
generated by cgit v1.1 at 2025-05-18 08:10:05 +0000