/// <summary>
/// Verify that the request is valid.
/// </summary>
/// <param name="httpRequest">The HTTP request base.</param>
/// <param name="rawUri">A System.Uri object containing information regarding the URL of the current request.</param>
/// <param name="queryString">The collection of HTTP query string variables.</param>
/// <param name="form">The collection of form variables.</param>
/// <param name="headers">The collection of HTTP headers.</param>
/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
/// <returns>
/// The principal that contains the user and roles that the access token is authorized for; else null.
/// </returns>
private IPrincipal Verify(HttpRequestBase httpRequest, Uri rawUri, NameValueCollection queryString,
NameValueCollection form, NameValueCollection headers, params string[] requiredScopes)
{
string clientID = null;
string nonce = null;
string accessToken = null;
string tokenNonce = null;
string userID = null;
try
{
// Make sure that all the passed parameters are valid.
if (httpRequest == null)
{
throw new ArgumentNullException("httpRequest");
}
if (rawUri == null)
{
throw new ArgumentNullException("rawUri");
}
if (queryString == null)
{
throw new ArgumentNullException("queryString");
}
if (form == null)
{
throw new ArgumentNullException("form");
}
if (headers == null)
{
throw new ArgumentNullException("headers");
}
// Attempt to find the 'access_token' parameter in the form.
IEnumerable <string> accessTokens = form.AllKeys.Where(u => u.EndsWith("access_token"));
if (accessTokens == null || accessTokens.Count() < 1)
{
// Attempt to find the 'access_token' parameter in the query string.
if (queryString != null || queryString.Keys.Count > 0)
{
if (queryString["access_token"] != null)
{
accessToken = queryString["access_token"];
}
}
// Attempt to find the 'access_token' parameter in the headers.
if (headers != null || headers.Keys.Count > 0)
{
if (headers["access_token"] != null)
{
accessToken = headers["access_token"];
}
}
}
else
{
accessToken = form["access_token"];
}
// Pass a access token
if (!String.IsNullOrEmpty(accessToken))
{
// Get the nonce data for the code value.
nonce = _tokenStore.GetNonceByAccessToken(accessToken);
clientID = _consumerStore.GetConsumerIdentifier(nonce);
// Make sure that the token is still valid.
if (!_consumerStore.IsAuthorizationValid(clientID, nonce))
{
return(null);
}
else
{
// Get the encryption certificate for the client.
// Create a new access token decryption analyser.
X509Certificate2 certificate = _consumerStore.GetConsumerCertificate(clientID);
StandardAccessTokenAnalyzer accessTokenAnalyzer =
new StandardAccessTokenAnalyzer(
(RSACryptoServiceProvider)certificate.PrivateKey,
(RSACryptoServiceProvider)certificate.PublicKey.Key);
// Assign the analyser and get the access token
// data from the http request.
_resourceServer.AccessTokenAnalyzer = accessTokenAnalyzer;
AccessToken token = _resourceServer.GetAccessToken(httpRequest, requiredScopes);
// Get the priciple identity of the access token request.
IPrincipal principal = _resourceServer.GetPrincipal(token, out userID, out tokenNonce, httpRequest, requiredScopes);
return(principal);
}
}
else
{
return(null);
}
}
catch (Exception ex)
{
// Get the current token errors.
_tokenError = ex.Message;
return(null);
}
}
