1 files changed, 23 insertions, 1 deletions

diff --git a/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs b/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs
index fce1ad4..8589932 100644
--- a/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs
+++ b/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs
@@ -1,7 +1,11 @@
 using System;
+using System.Collections.Generic;
+using System.IdentityModel.Policy;
 using System.Linq;
+using System.Security.Principal;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
+using System.ServiceModel.Security;
 using DotNetOpenAuth;
 using DotNetOpenAuth.OAuth;
 
@@ -24,10 +28,28 @@ public class OAuthAuthorizationManager : ServiceAuthorizationManager {
 		if (auth != null) {
 			var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
 
+			var principal = sp.CreatePrincipal(auth);
+			var policy = new OAuthPrincipalAuthorizationPolicy(principal);
+			var policies = new List<IAuthorizationPolicy> {
+				policy,
+			};
+
+			var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
+			if (operationContext.IncomingMessageProperties.Security != null) {
+				operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
+			} else {
+				operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
+					ServiceSecurityContext = securityContext,
+				};
+			}
+
+			securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
+				principal.Identity,
+			};
+
 			// Only allow this method call if the access token scope permits it.
 			string[] scopes = accessToken.Scope.Split('|');
 			if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
-				operationContext.IncomingMessageProperties["OAuthAccessToken"] = accessToken;
 				return true;
 			}
 		}