diff options
Diffstat (limited to 'samples/OAuthServiceProvider/App_Code')
5 files changed, 45 insertions, 7 deletions
diff --git a/samples/OAuthServiceProvider/App_Code/DataApi.cs b/samples/OAuthServiceProvider/App_Code/DataApi.cs index 00876f6..d5adb10 100644 --- a/samples/OAuthServiceProvider/App_Code/DataApi.cs +++ b/samples/OAuthServiceProvider/App_Code/DataApi.cs @@ -7,20 +7,25 @@ using System.ServiceModel; /// <remarks> /// Note how there is no code here that is bound to OAuth or any other /// credential/authorization scheme. That's all part of the channel/binding elsewhere. -/// And the reference to Global.LoggedInUser is the user being impersonated by the WCF client. +/// And the reference to OperationContext.Current.ServiceSecurityContext.PrimaryIdentity +/// is the user being impersonated by the WCF client. /// In the OAuth case, it is the user who authorized the OAuth access token that was used /// to gain access to the service. /// </remarks> public class DataApi : IDataApi { + private User User { + get { return OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.GetUser(); } + } + public int? GetAge() { - return Global.LoggedInUser.Age; + return User.Age; } public string GetName() { - return Global.LoggedInUser.FullName; + return User.FullName; } public string[] GetFavoriteSites() { - return Global.LoggedInUser.FavoriteSites.Select(site => site.SiteUrl).ToArray(); + return User.FavoriteSites.Select(site => site.SiteUrl).ToArray(); } } diff --git a/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs b/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs index 1ec2cb5..8589932 100644 --- a/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs +++ b/samples/OAuthServiceProvider/App_Code/OAuthAuthorizationManager.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.IdentityModel.Policy; using System.Linq; +using System.Security.Principal; using System.ServiceModel; using System.ServiceModel.Channels; using System.ServiceModel.Security; @@ -27,10 +28,12 @@ public class OAuthAuthorizationManager : ServiceAuthorizationManager { if (auth != null) { var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken); - var policy = new OAuthPrincipalAuthorizationPolicy(sp.CreatePrincipal(auth)); + var principal = sp.CreatePrincipal(auth); + var policy = new OAuthPrincipalAuthorizationPolicy(principal); var policies = new List<IAuthorizationPolicy> { policy, }; + var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); if (operationContext.IncomingMessageProperties.Security != null) { operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; @@ -40,6 +43,10 @@ public class OAuthAuthorizationManager : ServiceAuthorizationManager { }; } + securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { + principal.Identity, + }; + // Only allow this method call if the access token scope permits it. string[] scopes = accessToken.Scope.Split('|'); if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) { diff --git a/samples/OAuthServiceProvider/App_Code/OAuthConsumer.cs b/samples/OAuthServiceProvider/App_Code/OAuthConsumer.cs index 1255717..db8f469 100644 --- a/samples/OAuthServiceProvider/App_Code/OAuthConsumer.cs +++ b/samples/OAuthServiceProvider/App_Code/OAuthConsumer.cs @@ -26,7 +26,7 @@ public partial class OAuthConsumer : IConsumerDescription { } Uri IConsumerDescription.Callback { - get { return this.Callback != null ? new Uri(this.Callback) : null; } + get { return string.IsNullOrEmpty(this.Callback) ? null : new Uri(this.Callback); } } DotNetOpenAuth.OAuth.VerificationCodeFormat IConsumerDescription.VerificationCodeFormat { diff --git a/samples/OAuthServiceProvider/App_Code/OAuthToken.cs b/samples/OAuthServiceProvider/App_Code/OAuthToken.cs index fc1d6c5..ea18b2b 100644 --- a/samples/OAuthServiceProvider/App_Code/OAuthToken.cs +++ b/samples/OAuthServiceProvider/App_Code/OAuthToken.cs @@ -26,7 +26,7 @@ public partial class OAuthToken : IServiceProviderRequestToken, IServiceProvider } Uri IServiceProviderRequestToken.Callback { - get { return new Uri(this.RequestTokenCallback); } + get { return string.IsNullOrEmpty(this.RequestTokenCallback) ? null : new Uri(this.RequestTokenCallback); } set { this.RequestTokenCallback = value.AbsoluteUri; } } diff --git a/samples/OAuthServiceProvider/App_Code/Utilities.cs b/samples/OAuthServiceProvider/App_Code/Utilities.cs new file mode 100644 index 0000000..2c25fe8 --- /dev/null +++ b/samples/OAuthServiceProvider/App_Code/Utilities.cs @@ -0,0 +1,26 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Security.Principal; +using System.Web; + +/// <summary> +/// Extension methods and other helpful utility methods. +/// </summary> +public static class Utilities { + /// <summary> + /// Gets the database entity representing the user identified by a given <see cref="IIdentity"/> instance. + /// </summary> + /// <param name="identity">The identity of the user.</param> + /// <returns> + /// The database object for that user; or <c>null</c> if the user could not + /// be found or if <paramref name="identity"/> is <c>null</c> or represents an anonymous identity. + /// </returns> + public static User GetUser(this IIdentity identity) { + if (identity == null || !identity.IsAuthenticated) { + return null; + } + + return Global.DataContext.Users.SingleOrDefault(user => user.OpenIDClaimedIdentifier == identity.Name); + } +} |