blob: d966baf844d9659af0a4d3f544eacd584bab8168 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
//-----------------------------------------------------------------------
// <copyright file="Model.IssuedAccessToken.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace RelyingPartyLogic {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using DotNetOpenAuth.OAuth.ChannelElements;
public partial class IssuedAccessToken : IServiceProviderAccessToken {
/// <summary>
/// Gets the roles that the OAuth principal should belong to.
/// </summary>
/// <value>
/// The roles that the user belongs to, or a subset of these according to the rights
/// granted when the user authorized the request token.
/// </value>
string[] IServiceProviderAccessToken.Roles {
get {
List<string> roles = new List<string>();
// Include the roles the user who authorized this OAuth token has.
roles.AddRange(this.User.Roles.Select(r => r.Name));
// Always add an extra role to indicate this is an OAuth-authorized request.
// This allows us to deny access to account management pages to OAuth requests.
roles.Add("delegated");
return roles.ToArray();
}
}
/// <summary>
/// Gets the username of the principal that will be impersonated by this access token.
/// </summary>
/// <value>
/// The name of the user who authorized the OAuth request token originally.
/// </value>
string IServiceProviderAccessToken.Username {
get {
// We don't really have the concept of a single username, but we
// can use any of the authentication tokens instead since that
// is what the rest of the web site expects.
if (!this.UserReference.IsLoaded) {
this.UserReference.Load();
}
if (!this.User.AuthenticationTokens.IsLoaded) {
this.User.AuthenticationTokens.Load();
}
return this.User.AuthenticationTokens.First().ClaimedIdentifier;
}
}
/// <summary>
/// Gets the expiration date (local time) for the access token.
/// </summary>
/// <value>
/// The expiration date, or <c>null</c> if there is no expiration date.
/// </value>
DateTime? IServiceProviderAccessToken.ExpirationDate {
get { return this.ExpirationDateUtc.HasValue ? (DateTime?)this.ExpirationDateUtc.Value.ToLocalTime() : null; }
}
partial void OnExpirationDateUtcChanging(DateTime? value) {
if (value.HasValue && value.Value.Kind != DateTimeKind.Utc) {
throw new ArgumentException("DateTime must be given in UTC time.");
}
}
}
}
|
