/// <summary>
/// This method authorizes the OAuth request. The token is extracted from the header and the scope is checked.
/// For the demonstration pourposes the scope is the URL of the service. In real world applications the scope would be the functional entity being accessed (eg. the calendar, the fotos etc...).
/// </summary>
/// <param name="operationContext"></param>
/// <returns></returns>
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
ServiceProvider sp = Constants.CreateServiceProvider();
try {
var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null)
{
var accessToken = GlobalApplication.AuthTokens.Single(token => token.Token == auth.AccessToken);
var principal = sp.CreatePrincipal(auth);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
// Only allow this method call if the access token scope permits it.
string[] scopes = accessToken.Scope.Split('|');
//extracting the URL which is demanded
var action = "http://" + operationContext.IncomingMessageProperties.Via.Authority + operationContext.IncomingMessageProperties.Via.AbsolutePath;
//comparing the SCOPE and the demanded URL
if (scopes.Contains(action))
{
return(true);
}
}
} catch (ProtocolException ex) {
Debug.WriteLine(ex.Message);
}
return(false);
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
ServiceProvider sp = Constants.CreateServiceProvider();
((DatabaseTokenManager)sp.TokenManager).OperationContext = operationContext; // artificially preserve this across thread changes.
return(Task.Run(
async delegate {
try {
var auth = await sp.ReadProtectedResourceAuthorizationAsync(httpDetails, requestUri);
if (auth != null)
{
var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
var principal = sp.CreatePrincipal(auth);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
// Only allow this method call if the access token scope permits it.
string[] scopes = accessToken.Scope.Split('|');
if (scopes.Contains(operationContext.IncomingMessageHeaders.Action))
{
return true;
}
}
} catch (ProtocolException ex) {
Global.Logger.ErrorException("Error processing OAuth messages.", ex);
}
return false;
}).GetAwaiter().GetResult());
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
ServiceProvider sp = Constants.CreateServiceProvider();
try {
var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null)
{
var accessToken = Global.DataContext.OAuthTokens.Single(token => token.Token == auth.AccessToken);
var principal = sp.CreatePrincipal(auth);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
// Only allow this method call if the access token scope permits it.
string[] scopes = accessToken.Scope.Split('|');
if (scopes.Contains(operationContext.IncomingMessageHeaders.Action))
{
return(true);
}
}
} catch (ProtocolException ex) {
Global.Logger.Error("Error processing OAuth messages.", ex);
}
return(false);
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
ServiceProvider sp = OAuthServiceProvider.ServiceProvider;
var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null)
{
var accessToken = Database.DataContext.IssuedTokens.OfType <IssuedAccessToken>().First(token => token.Token == auth.AccessToken);
var principal = sp.CreatePrincipal(auth);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty
{
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
// Only allow this method call if the access token scope permits it.
string[] scopes = accessToken.Scope.Split('|');
if (scopes.Contains(operationContext.IncomingMessageHeaders.Action))
{
return(true);
}
}
return(false);
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
Uri httpUriBeforeRewrite = HttpContext.Current.Request.Url;
if (requestUri.AbsoluteUri != httpUriBeforeRewrite.AbsoluteUri && httpDetails.Headers["Host"] != null)
{
string urlBeforeOverwrite = httpUriBeforeRewrite.AbsoluteUri.Replace(httpUriBeforeRewrite.Authority, httpDetails.Headers["Host"]);
requestUri = new Uri(urlBeforeOverwrite);
}
ServiceProvider sp = Constants.CreateServiceProvider();
try
{
var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null)
{
var accessToken = OAuthServices.GetAccessToken(auth.AccessToken);// Global.AuthTokens.Single(token => token.Token == auth.AccessToken);
var principal = sp.CreatePrincipal(auth);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty
{
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
// Only allow this method call if the access token scope permits it.
string[] scopes = accessToken.Scope.Split('|');
//originally this was ment to be used: operationContext.IncomingMessageHeaders.Action
//var action = operationContext.Host.BaseAddresses + operationContext.IncomingMessageProperties.Via.AbsolutePath;
//var action = "http://" + operationContext.IncomingMessageProperties.Via.Authority + operationContext.IncomingMessageProperties.Via.AbsolutePath;
//cut the url to the first "?", after the "?" there is bunch of OAuth stuff
//this way we can see whether the scope connected with this token is equal to the demanded service
var action = requestUri.AbsoluteUri.Substring(0, requestUri.AbsoluteUri.IndexOf("?"));
if (scopes.Contains(action))
{
return(true);
}
}
}
catch (ProtocolException ex)
{
log.Error(String.Format("Error in the communication protocol. {0}", ex.Message));
}
catch (Exception ex)
{
log.Error(String.Format("Unexpected error: {0}\n Accesing the url: {1}, which was before server rewrite: {2}", ex.Message, requestUri, httpUriBeforeRewrite));
}
return(false);
}