blob: 452a8986c82cab34dd347e59dde074fb7ba7b521 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
//-----------------------------------------------------------------------
// <copyright file="OAuthAuthenticationModule.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace RelyingPartyLogic {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using System.Web.Security;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OAuth2;
public class OAuthAuthenticationModule : IHttpModule {
private HttpApplication application;
#region IHttpModule Members
/// <summary>
/// Initializes a module and prepares it to handle requests.
/// </summary>
/// <param name="context">An <see cref="T:System.Web.HttpApplication"/> that provides access to the methods, properties, and events common to all application objects within an ASP.NET application</param>
public void Init(HttpApplication context) {
this.application = context;
this.application.AuthenticateRequest += this.context_AuthenticateRequest;
// Register an event that allows us to override roles for OAuth requests.
var roleManager = (RoleManagerModule)this.application.Modules["RoleManager"];
roleManager.GetRoles += this.roleManager_GetRoles;
}
/// <summary>
/// Disposes of the resources (other than memory) used by the module that implements <see cref="T:System.Web.IHttpModule"/>.
/// </summary>
public void Dispose() {
}
/// <summary>
/// Handles the AuthenticateRequest event of the HttpApplication.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
private void context_AuthenticateRequest(object sender, EventArgs e) {
// Don't read OAuth messages directed at the OAuth controller or else we'll fail nonce checks.
if (this.IsOAuthControllerRequest()) {
return;
}
using (var crypto = OAuthResourceServer.CreateRSA()) {
var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto);
var resourceServer = new ResourceServer(tokenAnalyzer);
var context = this.application.Context;
Task.Run(
async delegate {
ProtocolFaultResponseException exception = null;
try {
IPrincipal principal = await resourceServer.GetPrincipalAsync(new HttpRequestWrapper(context.Request));
context.User = principal;
return;
} catch (ProtocolFaultResponseException ex) {
exception = ex;
}
var errorResponse = await exception.CreateErrorResponseAsync(CancellationToken.None);
await errorResponse.SendAsync();
}).Wait();
}
}
#endregion
private bool IsOAuthControllerRequest() {
return string.Equals(this.application.Context.Request.Url.AbsolutePath, "/OAuth.ashx", StringComparison.OrdinalIgnoreCase);
}
/// <summary>
/// Handles the GetRoles event of the roleManager control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.Web.Security.RoleManagerEventArgs"/> instance containing the event data.</param>
private void roleManager_GetRoles(object sender, RoleManagerEventArgs e) {
if (this.application.User is DotNetOpenAuth.OAuth.ChannelElements.OAuthPrincipal) {
e.RolesPopulated = true;
}
}
}
}
|
