diff options
Diffstat (limited to 'samples')
16 files changed, 189 insertions, 14 deletions
diff --git a/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi.wsdl b/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi.wsdl index 940cb1f..8741a0c 100644 --- a/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi.wsdl +++ b/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi.wsdl @@ -182,10 +182,49 @@ </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="WSHttpBinding_IDataApi_GetFavoriteSites_Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="WSHttpBinding_IDataApi_GetFavoriteSites_output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="http://localhost:65169/ServiceProvider/DataApi.svc?xsd=xsd0" namespace="http://tempuri.org/" />
<xsd:import schemaLocation="http://localhost:65169/ServiceProvider/DataApi.svc?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
+ <xsd:import schemaLocation="http://localhost:65169/ServiceProvider/DataApi.svc?xsd=xsd2" namespace="http://schemas.microsoft.com/2003/10/Serialization/Arrays" />
</xsd:schema>
</wsdl:types>
<wsdl:message name="IDataApi_GetAge_InputMessage">
@@ -200,6 +239,12 @@ <wsdl:message name="IDataApi_GetName_OutputMessage">
<wsdl:part name="parameters" element="tns:GetNameResponse" />
</wsdl:message>
+ <wsdl:message name="IDataApi_GetFavoriteSites_InputMessage">
+ <wsdl:part name="parameters" element="tns:GetFavoriteSites" />
+ </wsdl:message>
+ <wsdl:message name="IDataApi_GetFavoriteSites_OutputMessage">
+ <wsdl:part name="parameters" element="tns:GetFavoriteSitesResponse" />
+ </wsdl:message>
<wsdl:portType name="IDataApi">
<wsdl:operation name="GetAge">
<wsdl:input wsaw:Action="http://tempuri.org/IDataApi/GetAge" message="tns:IDataApi_GetAge_InputMessage" />
@@ -209,6 +254,10 @@ <wsdl:input wsaw:Action="http://tempuri.org/IDataApi/GetName" message="tns:IDataApi_GetName_InputMessage" />
<wsdl:output wsaw:Action="http://tempuri.org/IDataApi/GetNameResponse" message="tns:IDataApi_GetName_OutputMessage" />
</wsdl:operation>
+ <wsdl:operation name="GetFavoriteSites">
+ <wsdl:input wsaw:Action="http://tempuri.org/IDataApi/GetFavoriteSites" message="tns:IDataApi_GetFavoriteSites_InputMessage" />
+ <wsdl:output wsaw:Action="http://tempuri.org/IDataApi/GetFavoriteSitesResponse" message="tns:IDataApi_GetFavoriteSites_OutputMessage" />
+ </wsdl:operation>
</wsdl:portType>
<wsdl:binding name="WSHttpBinding_IDataApi" type="tns:IDataApi">
<wsp:PolicyReference URI="#WSHttpBinding_IDataApi_policy" />
@@ -235,6 +284,17 @@ <soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
+ <wsdl:operation name="GetFavoriteSites">
+ <soap12:operation soapAction="http://tempuri.org/IDataApi/GetFavoriteSites" style="document" />
+ <wsdl:input>
+ <wsp:PolicyReference URI="#WSHttpBinding_IDataApi_GetFavoriteSites_Input_policy" />
+ <soap12:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference URI="#WSHttpBinding_IDataApi_GetFavoriteSites_output_policy" />
+ <soap12:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
</wsdl:binding>
<wsdl:service name="DataApi">
<wsdl:port name="WSHttpBinding_IDataApi" binding="tns:WSHttpBinding_IDataApi">
diff --git a/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi1.xsd b/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi1.xsd index 3d653c3..531d96b 100644 --- a/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi1.xsd +++ b/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi1.xsd @@ -1,5 +1,6 @@ <?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:tns="http://tempuri.org/" elementFormDefault="qualified" targetNamespace="http://tempuri.org/" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <xs:import schemaLocation="http://localhost:65169/ServiceProvider/DataApi.svc?xsd=xsd2" namespace="http://schemas.microsoft.com/2003/10/Serialization/Arrays" />
<xs:element name="GetAge">
<xs:complexType>
<xs:sequence />
@@ -24,4 +25,16 @@ </xs:sequence>
</xs:complexType>
</xs:element>
+ <xs:element name="GetFavoriteSites">
+ <xs:complexType>
+ <xs:sequence />
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="GetFavoriteSitesResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element xmlns:q1="http://schemas.microsoft.com/2003/10/Serialization/Arrays" minOccurs="0" name="GetFavoriteSitesResult" nillable="true" type="q1:ArrayOfstring" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
</xs:schema>
\ No newline at end of file diff --git a/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi2.xsd b/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi2.xsd new file mode 100644 index 0000000..467098f --- /dev/null +++ b/samples/Consumer/App_WebReferences/SampleServiceProvider/DataApi2.xsd @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:tns="http://schemas.microsoft.com/2003/10/Serialization/Arrays" elementFormDefault="qualified" targetNamespace="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+ <xs:complexType name="ArrayOfstring">
+ <xs:sequence>
+ <xs:element minOccurs="0" maxOccurs="unbounded" name="string" nillable="true" type="xs:string" />
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="ArrayOfstring" nillable="true" type="tns:ArrayOfstring" />
+</xs:schema>
\ No newline at end of file diff --git a/samples/Consumer/App_WebReferences/SampleServiceProvider/Reference.svcmap b/samples/Consumer/App_WebReferences/SampleServiceProvider/Reference.svcmap index 98b17ca..bf9aa3c 100644 --- a/samples/Consumer/App_WebReferences/SampleServiceProvider/Reference.svcmap +++ b/samples/Consumer/App_WebReferences/SampleServiceProvider/Reference.svcmap @@ -20,6 +20,7 @@ <MetadataSource Address="http://localhost:65169/ServiceProvider/DataApi.svc" Protocol="http" SourceId="1" />
</MetadataSources>
<Metadata>
+ <MetadataFile FileName="DataApi2.xsd" MetadataType="Schema" ID="232b71c0-94e9-43eb-9b23-fe9a229dce94" SourceId="1" SourceUrl="http://localhost:65169/ServiceProvider/DataApi.svc?xsd=xsd2" />
<MetadataFile FileName="DataApi.xsd" MetadataType="Schema" ID="fdc9f289-8c10-4fc6-abeb-052bc1116679" SourceId="1" SourceUrl="http://localhost:65169/ServiceProvider/DataApi.svc?xsd=xsd1" />
<MetadataFile FileName="DataApi.wsdl" MetadataType="Wsdl" ID="182a10fe-d606-4fc0-b64c-3e682dcae89d" SourceId="1" SourceUrl="http://localhost:65169/ServiceProvider/DataApi.svc?wsdl" />
<MetadataFile FileName="DataApi1.xsd" MetadataType="Schema" ID="80d06927-f2e7-4d1d-8c7a-f3dc74f4d3d6" SourceId="1" SourceUrl="http://localhost:65169/ServiceProvider/DataApi.svc?xsd=xsd0" />
diff --git a/samples/Consumer/SampleWcf.aspx b/samples/Consumer/SampleWcf.aspx index aad8a88..6dfd56e 100644 --- a/samples/Consumer/SampleWcf.aspx +++ b/samples/Consumer/SampleWcf.aspx @@ -2,12 +2,23 @@ CodeFile="SampleWcf.aspx.cs" Inherits="SampleWcf" %>
<asp:Content ID="Content2" ContentPlaceHolderID="Body" runat="Server">
- <asp:Button ID="getAuthorizationButton" runat="server" Text="Get Authorization" OnClick="getAuthorizationButton_Click" />
- <asp:Label ID="authorizationLabel" runat="server" />
+ <fieldset title="Authorization">
+ <asp:CheckBoxList runat="server" ID="scopeList">
+ <asp:ListItem Value="http://tempuri.org/IDataApi/GetName">GetName</asp:ListItem>
+ <asp:ListItem Value="http://tempuri.org/IDataApi/GetAge">GetAge</asp:ListItem>
+ <asp:ListItem Value="http://tempuri.org/IDataApi/GetFavoriteSites">GetFavoriteSites</asp:ListItem>
+ </asp:CheckBoxList>
+ <asp:Button ID="getAuthorizationButton" runat="server" Text="Get Authorization" OnClick="getAuthorizationButton_Click" />
+ <asp:Label ID="authorizationLabel" runat="server" />
+ </fieldset>
<br />
<asp:Button ID="getNameButton" runat="server" Text="Get Name" OnClick="getNameButton_Click" />
<asp:Label ID="nameLabel" runat="server" />
<br />
<asp:Button ID="getAgeButton" runat="server" Text="Get Age" OnClick="getAgeButton_Click" />
<asp:Label ID="ageLabel" runat="server" />
+ <br />
+ <asp:Button ID="getFavoriteSites" runat="server" Text="Get Favorite Sites"
+ onclick="getFavoriteSites_Click" />
+ <asp:Label ID="favoriteSitesLabel" runat="server" />
</asp:Content>
diff --git a/samples/Consumer/SampleWcf.aspx.cs b/samples/Consumer/SampleWcf.aspx.cs index c1e0209..b06446f 100644 --- a/samples/Consumer/SampleWcf.aspx.cs +++ b/samples/Consumer/SampleWcf.aspx.cs @@ -1,4 +1,5 @@ using System;
+using System.Linq;
using System.Globalization;
using System.Net;
using System.ServiceModel;
@@ -7,6 +8,9 @@ using DotNetOAuth; using DotNetOAuth.ChannelElements;
using DotNetOAuth.Messaging;
using SampleServiceProvider;
+using System.Collections.Generic;
+using System.Web.UI.WebControls;
+using System.ServiceModel.Security;
/// <summary>
/// Sample consumer of our Service Provider sample's WCF service.
@@ -27,22 +31,50 @@ public partial class SampleWcf : System.Web.UI.Page { protected void getAuthorizationButton_Click(object sender, EventArgs e) {
Consumer consumer = this.CreateConsumer();
- consumer.RequestUserAuthorization().Send();
+ UriBuilder callback = new UriBuilder(Request.Url);
+ callback.Query = null;
+ string scope = string.Join("|", (from item in scopeList.Items.OfType<ListItem>()
+ where item.Selected
+ select item.Value).ToArray());
+ var requestParams = new Dictionary<string, string> {
+ { "scope", scope },
+ };
+ consumer.RequestUserAuthorization(callback.Uri, requestParams, null).Send();
}
protected void getNameButton_Click(object sender, EventArgs e) {
- nameLabel.Text = CallService(client => client.GetName());
+ try {
+ nameLabel.Text = CallService(client => client.GetName());
+ } catch (SecurityAccessDeniedException) {
+ nameLabel.Text = "Access denied!";
+ }
}
protected void getAgeButton_Click(object sender, EventArgs e) {
- int? age = CallService(client => client.GetAge());
- ageLabel.Text = age.HasValue ? age.Value.ToString(CultureInfo.CurrentCulture) : "not available";
+ try {
+ int? age = CallService(client => client.GetAge());
+ ageLabel.Text = age.HasValue ? age.Value.ToString(CultureInfo.CurrentCulture) : "not available";
+ } catch (SecurityAccessDeniedException) {
+ ageLabel.Text = "Access denied!";
+ }
+ }
+
+ protected void getFavoriteSites_Click(object sender, EventArgs e) {
+ try {
+ string[] favoriteSites = CallService(client => client.GetFavoriteSites());
+ favoriteSitesLabel.Text = string.Join(", ", favoriteSites);
+ } catch (SecurityAccessDeniedException) {
+ favoriteSitesLabel.Text = "Access denied!";
+ }
}
private T CallService<T>(Func<DataApiClient, T> predicate) {
DataApiClient client = new DataApiClient();
var serviceEndpoint = new MessageReceivingEndpoint(client.Endpoint.Address.Uri, HttpDeliveryMethod.AuthorizationHeaderRequest | HttpDeliveryMethod.PostRequest);
var accessToken = Session["WcfAccessToken"] as string;
+ if (accessToken == null) {
+ throw new InvalidOperationException("No access token!");
+ }
Consumer consumer = this.CreateConsumer();
WebRequest httpRequest = consumer.CreateAuthorizedRequest(serviceEndpoint, accessToken);
diff --git a/samples/ServiceProvider/App_Code/DataApi.cs b/samples/ServiceProvider/App_Code/DataApi.cs index 43f402a..5c187c3 100644 --- a/samples/ServiceProvider/App_Code/DataApi.cs +++ b/samples/ServiceProvider/App_Code/DataApi.cs @@ -1,6 +1,7 @@ using System.Linq;
using System.Globalization;
using System.ServiceModel;
+using System.Text;
public class DataApi : IDataApi {
public int? GetAge() {
@@ -11,6 +12,10 @@ public class DataApi : IDataApi { return AccessToken.User.FullName;
}
+ public string[] GetFavoriteSites() {
+ return AccessToken.User.FavoriteSites.Select(site => site.SiteUrl).ToArray();
+ }
+
private static OAuthToken AccessToken {
get { return OperationContext.Current.IncomingMessageProperties["OAuthAccessToken"] as OAuthToken; }
}
diff --git a/samples/ServiceProvider/App_Code/DataClasses.dbml b/samples/ServiceProvider/App_Code/DataClasses.dbml index 8fac02c..328d461 100644 --- a/samples/ServiceProvider/App_Code/DataClasses.dbml +++ b/samples/ServiceProvider/App_Code/DataClasses.dbml @@ -37,6 +37,7 @@ <Column Name="IssueDate" Type="System.DateTime" DbType="DateTime NOT NULL" CanBeNull="false" />
<Column Name="ConsumerId" Type="System.Int32" DbType="Int NOT NULL" CanBeNull="false" />
<Column Name="UserId" Type="System.Int32" DbType="Int" CanBeNull="true" />
+ <Column Name="Scope" Type="System.String" DbType="nvarchar(MAX)" CanBeNull="false" />
<Association Name="OAuthConsumer_OAuthToken" Member="OAuthConsumer" ThisKey="ConsumerId" OtherKey="ConsumerId" Type="OAuthConsumer" IsForeignKey="true" DeleteRule="CASCADE" DeleteOnNull="true" />
<Association Name="User_OAuthToken" Member="User" ThisKey="UserId" OtherKey="UserId" Type="User" IsForeignKey="true" DeleteRule="CASCADE" />
</Type>
diff --git a/samples/ServiceProvider/App_Code/DataClasses.dbml.layout b/samples/ServiceProvider/App_Code/DataClasses.dbml.layout index 50eafa2..71f46f3 100644 --- a/samples/ServiceProvider/App_Code/DataClasses.dbml.layout +++ b/samples/ServiceProvider/App_Code/DataClasses.dbml.layout @@ -20,10 +20,10 @@ <elementListCompartment Id="464308c4-d112-4448-b0c9-d9b82fb0ca4e" absoluteBounds="0.64, 3.71, 1.9700000000000002, 0.8262939453125" name="DataPropertiesCompartment" titleTextColor="Black" itemTextColor="Black" />
</nestedChildShapes>
</classShape>
- <classShape Id="895ebbc8-8352-4c04-9e53-b8e6c8302d36" absoluteBounds="3.5, 3.125, 2, 2.1554996744791666">
+ <classShape Id="895ebbc8-8352-4c04-9e53-b8e6c8302d36" absoluteBounds="3.5, 3.125, 2, 2.3478011067708326">
<DataClassMoniker Name="/DataClassesDataContext/OAuthToken" />
<nestedChildShapes>
- <elementListCompartment Id="403126d0-3d2a-4af4-b0b8-c489a830bbd4" absoluteBounds="3.515, 3.585, 1.9700000000000002, 1.5954996744791665" name="DataPropertiesCompartment" titleTextColor="Black" itemTextColor="Black" />
+ <elementListCompartment Id="403126d0-3d2a-4af4-b0b8-c489a830bbd4" absoluteBounds="3.515, 3.585, 1.9700000000000002, 1.7878011067708333" name="DataPropertiesCompartment" titleTextColor="Black" itemTextColor="Black" />
</nestedChildShapes>
</classShape>
<associationConnector edgePoints="[(2.625 : 1.31814697265625); (3.5 : 1.31814697265625)]" fixedFrom="NotFixed" fixedTo="NotFixed">
@@ -33,14 +33,14 @@ <classShapeMoniker Id="8a79b099-7f87-4766-907a-db2c3e1b5716" />
</nodes>
</associationConnector>
- <associationConnector edgePoints="[(2.625 : 3.94314697265625); (3.5 : 3.94314697265625)]" fixedFrom="NotFixed" fixedTo="NotFixed">
+ <associationConnector edgePoints="[(2.625 : 3.94314697265625); (3.5 : 3.94314697265625)]" fixedFrom="Algorithm" fixedTo="Algorithm">
<AssociationMoniker Name="/DataClassesDataContext/OAuthConsumer/OAuthConsumer_OAuthToken" />
<nodes>
<classShapeMoniker Id="f909becb-85b1-4fe6-bb16-3feb3e4fe3ee" />
<classShapeMoniker Id="895ebbc8-8352-4c04-9e53-b8e6c8302d36" />
</nodes>
</associationConnector>
- <associationConnector edgePoints="[(0.53125 : 2.27089680989583); (0.53125 : 4.98964680989583); (3.5 : 4.98964680989583)]" fixedFrom="NotFixed" fixedTo="NotFixed">
+ <associationConnector edgePoints="[(0.53125 : 2.27089680989583); (0.53125 : 5.08579752604167); (3.5 : 5.08579752604167)]" fixedFrom="Algorithm" fixedTo="Algorithm">
<AssociationMoniker Name="/DataClassesDataContext/User/User_OAuthToken" />
<nodes>
<classShapeMoniker Id="696d2c69-040e-411d-9257-bb664b743834" />
diff --git a/samples/ServiceProvider/App_Code/DataClasses.designer.cs b/samples/ServiceProvider/App_Code/DataClasses.designer.cs index b465471..612cd75 100644 --- a/samples/ServiceProvider/App_Code/DataClasses.designer.cs +++ b/samples/ServiceProvider/App_Code/DataClasses.designer.cs @@ -629,6 +629,8 @@ public partial class OAuthToken : INotifyPropertyChanging, INotifyPropertyChange private System.Nullable<int> _UserId;
+ private string _Scope;
+
private EntityRef<OAuthConsumer> _OAuthConsumer;
private EntityRef<User> _User;
@@ -651,6 +653,8 @@ public partial class OAuthToken : INotifyPropertyChanging, INotifyPropertyChange partial void OnConsumerIdChanged();
partial void OnUserIdChanging(System.Nullable<int> value);
partial void OnUserIdChanged();
+ partial void OnScopeChanging(string value);
+ partial void OnScopeChanged();
#endregion
public OAuthToken()
@@ -808,6 +812,26 @@ public partial class OAuthToken : INotifyPropertyChanging, INotifyPropertyChange }
}
+ [Column(Storage="_Scope", DbType="nvarchar(MAX)", CanBeNull=false)]
+ public string Scope
+ {
+ get
+ {
+ return this._Scope;
+ }
+ set
+ {
+ if ((this._Scope != value))
+ {
+ this.OnScopeChanging(value);
+ this.SendPropertyChanging();
+ this._Scope = value;
+ this.SendPropertyChanged("Scope");
+ this.OnScopeChanged();
+ }
+ }
+ }
+
[Association(Name="OAuthConsumer_OAuthToken", Storage="_OAuthConsumer", ThisKey="ConsumerId", OtherKey="ConsumerId", IsForeignKey=true, DeleteOnNull=true, DeleteRule="CASCADE")]
public OAuthConsumer OAuthConsumer
{
diff --git a/samples/ServiceProvider/App_Code/DatabaseTokenManager.cs b/samples/ServiceProvider/App_Code/DatabaseTokenManager.cs index 468687d..ef9ee3f 100644 --- a/samples/ServiceProvider/App_Code/DatabaseTokenManager.cs +++ b/samples/ServiceProvider/App_Code/DatabaseTokenManager.cs @@ -10,6 +10,7 @@ using System.Data.Linq; using System.Collections.Generic;
using System.Diagnostics;
using DotNetOAuth.ChannelElements;
+using DotNetOAuth.Messaging;
public class DatabaseTokenManager : ITokenManager {
#region ITokenManager Members
@@ -36,11 +37,13 @@ public class DatabaseTokenManager : ITokenManager { public void StoreNewRequestToken(string consumerKey, string requestToken, string requestTokenSecret, IDictionary<string, string> parameters) {
var consumer = Global.DataContext.OAuthConsumers.Single(consumerRow => consumerRow.ConsumerKey == consumerKey);
+ string scope = parameters["scope"];
OAuthToken newToken = new OAuthToken {
OAuthConsumer = consumer,
Token = requestToken,
TokenSecret = requestTokenSecret,
IssueDate = DateTime.UtcNow,
+ Scope = scope,
};
Global.DataContext.OAuthTokens.InsertOnSubmit(newToken);
diff --git a/samples/ServiceProvider/App_Code/IDataApi.cs b/samples/ServiceProvider/App_Code/IDataApi.cs index 22acde0..ce9dafe 100644 --- a/samples/ServiceProvider/App_Code/IDataApi.cs +++ b/samples/ServiceProvider/App_Code/IDataApi.cs @@ -12,4 +12,7 @@ public interface IDataApi { [OperationContract]
string GetName();
+
+ [OperationContract]
+ string[] GetFavoriteSites();
}
diff --git a/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs b/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs index 2b4e06b..4c461e8 100644 --- a/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs +++ b/samples/ServiceProvider/App_Code/OAuthAuthorizationManager.cs @@ -22,8 +22,12 @@ public class OAuthAuthorizationManager : ServiceAuthorizationManager { var auth = sp.GetProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null) {
var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
- operationContext.IncomingMessageProperties["OAuthAccessToken"] = accessToken;
- return true;
+ // Only allow this method call if the access token scope permits it.
+ string[] scopes = accessToken.Scope.Split('|');
+ if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
+ operationContext.IncomingMessageProperties["OAuthAccessToken"] = accessToken;
+ return true;
+ }
}
return false;
diff --git a/samples/ServiceProvider/App_Data/Database.mdf b/samples/ServiceProvider/App_Data/Database.mdf Binary files differindex afdba5c..9a170b3 100644 --- a/samples/ServiceProvider/App_Data/Database.mdf +++ b/samples/ServiceProvider/App_Data/Database.mdf diff --git a/samples/ServiceProvider/Login.aspx b/samples/ServiceProvider/Login.aspx index b2d6f6d..34b85e9 100644 --- a/samples/ServiceProvider/Login.aspx +++ b/samples/ServiceProvider/Login.aspx @@ -1,6 +1,14 @@ <%@ Page Title="Login" Language="C#" MasterPageFile="~/MasterPage.master" %>
+
<%@ Register Assembly="DotNetOpenId" Namespace="DotNetOpenId.RelyingParty" TagPrefix="rp" %>
-<asp:Content ID="Content2" ContentPlaceHolderID="Body" Runat="Server">
+<script runat="server">
+ private void Page_Load(object sender, EventArgs e) {
+ // fake out login for offline use of sample.
+ FormsAuthentication.RedirectFromLoginPage("=!9B72.7DD1.50A9.5CCD", false);
+ }
+</script>
+
+<asp:Content ID="Content2" ContentPlaceHolderID="Body" runat="Server">
<rp:OpenIdLogin runat="server" TabIndex='1' />
</asp:Content>
diff --git a/samples/ServiceProvider/Members/Authorize.aspx.cs b/samples/ServiceProvider/Members/Authorize.aspx.cs index 02834cb..32cc697 100644 --- a/samples/ServiceProvider/Members/Authorize.aspx.cs +++ b/samples/ServiceProvider/Members/Authorize.aspx.cs @@ -15,7 +15,8 @@ public partial class Authorize : System.Web.UI.Page { if (Global.PendingOAuthAuthorization == null) {
Response.Redirect("~/Members/AuthorizedConsumers.aspx");
} else {
- desiredAccessLabel.Text = "name and age";
+ var token = Global.DataContext.OAuthTokens.Single(t => t.Token == Global.PendingOAuthAuthorization.RequestToken);
+ desiredAccessLabel.Text = token.Scope;
}
}
}
|