/// <summary>
/// Discovers what access the client should have considering the access token in the current request.
/// </summary>
/// <param name="httpRequestInfo">The HTTP request info.</param>
/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
/// <returns>
/// The access token describing the authorization the client has. Never <c>null</c>.
/// </returns>
/// <exception cref="ProtocolFaultResponseException">
/// Thrown when the client is not authorized. This exception should be caught and the
/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
/// </exception>
public virtual AccessToken GetAccessToken(HttpRequestBase httpRequestInfo = null, params string[] requiredScopes) {
Requires.NotNull(requiredScopes, "requiredScopes");
Requires.ValidState(this.ScopeSatisfiedCheck != null, Strings.RequiredPropertyNotYetPreset);
if (httpRequestInfo == null) {
httpRequestInfo = this.Channel.GetRequestFromContext();
}
AccessToken accessToken;
AccessProtectedResourceRequest request = null;
try {
if (this.Channel.TryReadFromRequest<AccessProtectedResourceRequest>(httpRequestInfo, out request)) {
accessToken = this.AccessTokenAnalyzer.DeserializeAccessToken(request, request.AccessToken);
ErrorUtilities.VerifyHost(accessToken != null, "IAccessTokenAnalyzer.DeserializeAccessToken returned a null reslut.");
if (string.IsNullOrEmpty(accessToken.User) && string.IsNullOrEmpty(accessToken.ClientIdentifier)) {
Logger.OAuth.Error("Access token rejected because both the username and client id properties were null or empty.");
ErrorUtilities.ThrowProtocol(ResourceServerStrings.InvalidAccessToken);
}
var requiredScopesSet = OAuthUtilities.ParseScopeSet(requiredScopes);
if (!this.ScopeSatisfiedCheck.IsScopeSatisfied(requiredScope: requiredScopesSet, grantedScope: accessToken.Scope)) {
var response = UnauthorizedResponse.InsufficientScope(request, requiredScopesSet);
throw new ProtocolFaultResponseException(this.Channel, response);
}
return accessToken;
} else {
var ex = new ProtocolException(ResourceServerStrings.MissingAccessToken);
var response = UnauthorizedResponse.InvalidRequest(ex);
throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex);
}
} catch (ProtocolException ex) {
if (ex is ProtocolFaultResponseException) {
// This doesn't need to be wrapped again.
throw;
}
var response = request != null ? UnauthorizedResponse.InvalidToken(request, ex) : UnauthorizedResponse.InvalidRequest(ex);
throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex);
}
}
internal static Exception ConvertAndTraceException(Exception ex, TimeSpan timeout, string operation)
{
ObjectDisposedException objectDisposedException = ex as ObjectDisposedException;
if (objectDisposedException != null)
{
CommunicationObjectAbortedException communicationObjectAbortedException = new CommunicationObjectAbortedException(ex.Message, ex);
FxTrace.Exception.AsWarning(communicationObjectAbortedException);
return communicationObjectAbortedException;
}
AggregateException aggregationException = ex as AggregateException;
if (aggregationException != null)
{
Exception exception = FxTrace.Exception.AsError<OperationCanceledException>(aggregationException);
OperationCanceledException operationCanceledException = exception as OperationCanceledException;
if (operationCanceledException != null)
{
TimeoutException timeoutException = GetTimeoutException(exception, timeout, operation);
FxTrace.Exception.AsWarning(timeoutException);
return timeoutException;
}
else
{
Exception communicationException = ConvertAggregateExceptionToCommunicationException(aggregationException);
if (communicationException is CommunicationObjectAbortedException)
{
FxTrace.Exception.AsWarning(communicationException);
return communicationException;
}
else
{
return FxTrace.Exception.AsError(communicationException);
}
}
}
WebSocketException webSocketException = ex as WebSocketException;
if (webSocketException != null)
{
switch (webSocketException.WebSocketErrorCode)
{
case WebSocketError.InvalidMessageType:
case WebSocketError.UnsupportedProtocol:
case WebSocketError.UnsupportedVersion:
ex = new ProtocolException(ex.Message, ex);
break;
default:
ex = new CommunicationException(ex.Message, ex);
break;
}
}
return FxTrace.Exception.AsError(ex);
}
protected override bool OnTryCreateException(Message message, MessageFault fault, out Exception exception)
{
exception = null;
// SOAP MustUnderstand
if (string.Compare(fault.Code.Namespace, version.Envelope.Namespace, StringComparison.Ordinal) == 0
&& string.Compare(fault.Code.Name, MessageStrings.MustUnderstandFault, StringComparison.Ordinal) == 0)
{
exception = new ProtocolException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
bool checkSender;
bool checkReceiver;
FaultCode code;
if (version.Envelope == EnvelopeVersion.Soap11)
{
checkSender = true;
checkReceiver = true;
code = fault.Code;
}
else
{
checkSender = fault.Code.IsSenderFault;
checkReceiver = fault.Code.IsReceiverFault;
code = fault.Code.SubCode;
}
if (code == null)
{
return false;
}
if (code.Namespace == null)
{
return false;
}
if (checkSender)
{
// WS-Addressing
if (string.Compare(code.Namespace, version.Addressing.Namespace, StringComparison.Ordinal) == 0)
{
if (string.Compare(code.Name, AddressingStrings.ActionNotSupported, StringComparison.Ordinal) == 0)
{
exception = new ActionNotSupportedException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
else if (string.Compare(code.Name, AddressingStrings.DestinationUnreachable, StringComparison.Ordinal) == 0)
{
exception = new EndpointNotFoundException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
else if (string.Compare(code.Name, Addressing10Strings.InvalidAddressingHeader, StringComparison.Ordinal) == 0)
{
if (code.SubCode != null && string.Compare(code.SubCode.Namespace, version.Addressing.Namespace, StringComparison.Ordinal) == 0 &&
string.Compare(code.SubCode.Name, Addressing10Strings.InvalidCardinality, StringComparison.Ordinal) == 0)
{
exception = new MessageHeaderException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text, true);
return true;
}
}
else if (version.Addressing == AddressingVersion.WSAddressing10)
{
if (string.Compare(code.Name, Addressing10Strings.MessageAddressingHeaderRequired, StringComparison.Ordinal) == 0)
{
exception = new MessageHeaderException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
else if (string.Compare(code.Name, Addressing10Strings.InvalidAddressingHeader, StringComparison.Ordinal) == 0)
{
exception = new ProtocolException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
}
else
{
if (string.Compare(code.Name, Addressing200408Strings.MessageInformationHeaderRequired, StringComparison.Ordinal) == 0)
{
exception = new ProtocolException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
else if (string.Compare(code.Name, Addressing200408Strings.InvalidMessageInformationHeader, StringComparison.Ordinal) == 0)
{
exception = new ProtocolException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
}
}
}
if (checkReceiver)
{
// WS-Addressing
if (string.Compare(code.Namespace, version.Addressing.Namespace, StringComparison.Ordinal) == 0)
{
if (string.Compare(code.Name, AddressingStrings.EndpointUnavailable, StringComparison.Ordinal) == 0)
{
exception = new ServerTooBusyException(fault.Reason.GetMatchingTranslation(CultureInfo.CurrentCulture).Text);
return true;
}
}
}
return false;
}