blob: b2eb132fdce37a84b8a7299ec9983f2b6deea8d5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
//-----------------------------------------------------------------------
// <copyright file="Model.IssuedAccessToken.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace WebFormsRelyingParty {
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using DotNetOpenAuth.OAuth.ChannelElements;
public partial class IssuedAccessToken : IServiceProviderAccessToken {
/// <summary>
/// Gets the roles that the OAuth principal should belong to.
/// </summary>
/// <value>
/// The roles that the user belongs to, or a subset of these according to the rights
/// granted when the user authorized the request token.
/// </value>
string[] IServiceProviderAccessToken.Roles {
get {
List<string> roles = new List<string>();
// Include the roles the user who authorized this OAuth token has.
roles.AddRange(this.User.Roles.Select(r => r.Name));
// Always add an extra role to indicate this is an OAuth-authorized request.
// This allows us to deny access to account management pages to OAuth requests.
roles.Add("delegated");
return roles.ToArray();
}
}
/// <summary>
/// Gets the username of the principal that will be impersonated by this access token.
/// </summary>
/// <value>
/// The name of the user who authorized the OAuth request token originally.
/// </value>
string IServiceProviderAccessToken.Username {
get {
// We don't really have the concept of a single username, but we
// can use any of the authentication tokens instead since that
// is what the rest of the web site expects.
return this.User.AuthenticationTokens.First().ClaimedIdentifier;
}
}
}
}
|
