1 files changed, 37 insertions, 0 deletions

diff --git a/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs b/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs
new file mode 100644
index 0000000..fce1ad4
--- /dev/null
+++ b/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs
@@ -0,0 +1,37 @@
+using System;
+using System.Linq;
+using System.ServiceModel;
+using System.ServiceModel.Channels;
+using DotNetOpenAuth;
+using DotNetOpenAuth.OAuth;
+
+/// <summary>
+/// A WCF extension to authenticate incoming messages using OAuth.
+/// </summary>
+public class OAuthAuthorizationManager : ServiceAuthorizationManager {
+	public OAuthAuthorizationManager() {
+	}
+
+	protected override bool CheckAccessCore(OperationContext operationContext) {
+		if (!base.CheckAccessCore(operationContext)) {
+			return false;
+		}
+
+		HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
+		Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
+		ServiceProvider sp = Constants.CreateServiceProvider();
+		var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
+		if (auth != null) {
+			var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
+
+			// Only allow this method call if the access token scope permits it.
+			string[] scopes = accessToken.Scope.Split('|');
+			if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
+				operationContext.IncomingMessageProperties["OAuthAccessToken"] = accessToken;
+				return true;
+			}
+		}
+
+		return false;
+	}
+}