/// <summary>
/// Handles the AuthenticateRequest event of the HttpApplication.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
private void context_AuthenticateRequest(object sender, EventArgs e)
{
// Don't read OAuth messages directed at the OAuth controller or else we'll fail nonce checks.
if (this.IsOAuthControllerRequest())
{
return;
}
using (var crypto = OAuthResourceServer.CreateRSA()) {
var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto);
var resourceServer = new ResourceServer(tokenAnalyzer);
var context = this.application.Context;
Task.Run(
async delegate {
ProtocolFaultResponseException exception = null;
try {
IPrincipal principal = await resourceServer.GetPrincipalAsync(new HttpRequestWrapper(context.Request));
context.User = principal;
return;
} catch (ProtocolFaultResponseException ex) {
exception = ex;
}
var errorResponse = await exception.CreateErrorResponseAsync(CancellationToken.None);
await errorResponse.SendAsync();
}).Wait();
}
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
return(Task.Run(
async delegate {
using (var crypto = OAuthResourceServer.CreateRSA()) {
var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto);
var resourceServer = new ResourceServer(tokenAnalyzer);
ProtocolFaultResponseException exception = null;
try {
IPrincipal principal =
await resourceServer.GetPrincipalAsync(httpDetails, requestUri, CancellationToken.None, operationContext.IncomingMessageHeaders.Action);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
return true;
} catch (ProtocolFaultResponseException ex) {
// Return the appropriate unauthorized response to the client.
exception = ex;
} catch (DotNetOpenAuth.Messaging.ProtocolException /* ex*/) {
////Logger.Error("Error processing OAuth messages.", ex);
}
var errorResponse = await exception.CreateErrorResponseAsync(CancellationToken.None);
await errorResponse.SendAsync();
}
return false;
}).Result);
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
return(Task.Run(async delegate {
ProtocolFaultResponseException exception = null;
try {
var principal = await VerifyOAuth2Async(
httpDetails,
requestUri,
operationContext.IncomingMessageHeaders.Action ?? operationContext.IncomingMessageHeaders.To.AbsolutePath);
if (principal != null)
{
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
return true;
}
else
{
return false;
}
} catch (ProtocolFaultResponseException ex) {
Global.Logger.Error("Error processing OAuth messages.", ex);
exception = ex;
} catch (ProtocolException ex) {
Global.Logger.Error("Error processing OAuth messages.", ex);
}
if (exception != null)
{
// Return the appropriate unauthorized response to the client.
var outgoingResponse = await exception.CreateErrorResponseAsync(CancellationToken.None);
this.Respond(WebOperationContext.Current.OutgoingResponse, outgoingResponse);
}
return false;
}).GetAwaiter().GetResult());
}
private static void HandleOAuth2Exception(IHttpRequest req, IHttpResponse res, ProtocolFaultResponseException ex)
{
var response = ex.CreateErrorResponse();
if (ex.ErrorResponseMessage is UnauthorizedResponse)
{
var oauth2Error = ex.ErrorResponseMessage as UnauthorizedResponse;
response.Body = JsonSerializer.SerializeToString(oauth2Error.ToOAuth2JsonResponse());
response.Headers[HttpResponseHeader.ContentType] = "application/json";
}
var context = ((HttpRequest)req.OriginalRequest).RequestContext.HttpContext;
response.Respond(context);
res.EndRequest();
}
protected virtual void HandleUnauthorizedRequest(HttpActionContext actionContext, ProtocolFaultResponseException ex)
{
var response = ex.CreateErrorResponse();
UnauthorizedResponse error = ex.ErrorResponseMessage as UnauthorizedResponse;
if (error != null)
{
response.Body = JsonConvert.SerializeObject(error.ToGameApiUnauthorizedErrorResponse());
response.Headers[System.Net.HttpResponseHeader.ContentType] = "application/json";
}
HttpContext context = actionContext.Request.GetHttpContext();
response.Respond(context);
// these two lines to ensure IIS doesn't mess with our response body
context.Response.TrySkipIisCustomErrors = true;
context.Response.Status = context.Response.Status;
context.Response.End();
}
