//----------------------------------------------------------------------- // // Copyright (c) Andrew Arnott. All rights reserved. // //----------------------------------------------------------------------- namespace RelyingPartyLogic { using System; using System.Collections.Generic; using System.Linq; using System.Security.Principal; using System.Web; using System.Web.Security; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2; public class OAuthAuthenticationModule : IHttpModule { private HttpApplication application; #region IHttpModule Members /// /// Initializes a module and prepares it to handle requests. /// /// An that provides access to the methods, properties, and events common to all application objects within an ASP.NET application public void Init(HttpApplication context) { this.application = context; this.application.AuthenticateRequest += this.context_AuthenticateRequest; // Register an event that allows us to override roles for OAuth requests. var roleManager = (RoleManagerModule)this.application.Modules["RoleManager"]; roleManager.GetRoles += this.roleManager_GetRoles; } /// /// Disposes of the resources (other than memory) used by the module that implements . /// public void Dispose() { } /// /// Handles the AuthenticateRequest event of the HttpApplication. /// /// The source of the event. /// The instance containing the event data. private void context_AuthenticateRequest(object sender, EventArgs e) { // Don't read OAuth messages directed at the OAuth controller or else we'll fail nonce checks. if (this.IsOAuthControllerRequest()) { return; } var tokenAnalyzer = new StandardAccessTokenAnalyzer(OAuthAuthorizationServer.AsymmetricKey, OAuthAuthorizationServer.AsymmetricKey); var resourceServer = new ResourceServer(tokenAnalyzer); IPrincipal principal; var errorMessage = resourceServer.VerifyAccess(new HttpRequestInfo(this.application.Context.Request), out principal); if (errorMessage == null) { this.application.Context.User = principal; } } #endregion private bool IsOAuthControllerRequest() { return string.Equals(this.application.Context.Request.Url.AbsolutePath, "/OAuth.ashx", StringComparison.OrdinalIgnoreCase); } /// /// Handles the GetRoles event of the roleManager control. /// /// The source of the event. /// The instance containing the event data. private void roleManager_GetRoles(object sender, RoleManagerEventArgs e) { if (this.application.User is DotNetOpenAuth.OAuth.ChannelElements.OAuthPrincipal) { e.RolesPopulated = true; } } } }