summaryrefslogtreecommitdiffstats
path: root/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
diff options
context:
space:
mode:
Diffstat (limited to 'samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs')
-rw-r--r--samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs23
1 files changed, 11 insertions, 12 deletions
diff --git a/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
index 8d0c13d..31371db 100644
--- a/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
+++ b/samples/OAuthResourceServer/Code/OAuthAuthorizationManager.cs
@@ -7,10 +7,9 @@
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Security;
-
+ using System.ServiceModel.Web;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2;
-
using ProtocolException = System.ServiceModel.ProtocolException;
/// <summary>
@@ -29,7 +28,7 @@
var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
try {
- var principal = VerifyOAuth2(httpDetails, requestUri);
+ var principal = VerifyOAuth2(httpDetails, requestUri, operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath);
if (principal != null) {
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List<IAuthorizationPolicy> {
@@ -49,11 +48,16 @@
principal.Identity,
};
- // Only allow this method call if the access token scope permits it.
- return principal.IsInRole(operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath);
+ return true;
} else {
return false;
}
+ } catch (ProtocolFaultResponseException ex) {
+ Global.Logger.Error("Error processing OAuth messages.", ex);
+
+ // Return the appropriate unauthorized response to the client.
+ var outgoingResponse = ex.CreateErrorResponse();
+ outgoingResponse.Respond(WebOperationContext.Current.OutgoingResponse);
} catch (ProtocolException ex) {
Global.Logger.Error("Error processing OAuth messages.", ex);
}
@@ -61,18 +65,13 @@
return false;
}
- private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri) {
+ private static IPrincipal VerifyOAuth2(HttpRequestMessageProperty httpDetails, Uri requestUri, params string[] requiredScopes) {
// for this sample where the auth server and resource server are the same site,
// we use the same public/private key.
using (var signing = Global.CreateAuthorizationServerSigningServiceProvider()) {
using (var encrypting = Global.CreateResourceServerEncryptionServiceProvider()) {
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
-
- IPrincipal result;
- var error = resourceServer.VerifyAccess(HttpRequestInfo.Create(httpDetails, requestUri), out result);
-
- // TODO: return the prepared error code.
- return error != null ? null : result;
+ return resourceServer.GetPrincipal(httpDetails, requestUri, requiredScopes);
}
}
}
generated by cgit v1.1 at 2025-05-29 22:35:46 +0000