internal AccessProtectedResourceRequest CreateResourceRequest(MessageReceivingEndpoint endpoint)
{
Contract.Requires(endpoint != null);
var message = new AccessProtectedResourceRequest(endpoint, Protocol.V10.Version);
return(message);
}
/// <summary>
/// Creates a security principal that may be used.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>The <see cref="IPrincipal"/> instance that can be used for access control of resources.</returns>
public OAuthPrincipal CreatePrincipal(AccessProtectedResourceRequest request)
{
Requires.NotNull(request, "request");
IServiceProviderAccessToken accessToken = this.TokenManager.GetAccessToken(request.AccessToken);
return(new OAuth1Principal(accessToken));
}
/// <summary>
/// Creates a security principal that may be used.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>The <see cref="IPrincipal"/> instance that can be used for access control of resources.</returns>
public IPrincipal CreatePrincipal(AccessProtectedResourceRequest request)
{
Requires.NotNull(request, "request");
IServiceProviderAccessToken accessToken = this.TokenManager.GetAccessToken(request.AccessToken);
return(OAuthPrincipal.CreatePrincipal(accessToken.Username, accessToken.Roles));
}
internal AccessProtectedResourceRequest CreateResourceRequest(MessageReceivingEndpoint endpoint)
{
Requires.NotNull(endpoint, "endpoint");
var message = new AccessProtectedResourceRequest(endpoint, Protocol.V10.Version);
return(message);
}
/// <summary>
/// Creates a security principal that may be used.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>The <see cref="IPrincipal"/> instance that can be used for access control of resources.</returns>
public OAuthPrincipal CreatePrincipal(AccessProtectedResourceRequest request)
{
Contract.Requires <ArgumentNullException>(request != null);
IServiceProviderAccessToken accessToken = this.TokenManager.GetAccessToken(request.AccessToken);
return(new OAuthPrincipal(accessToken));
}
internal OutgoingWebResponse RequestProtectedResource(AccessProtectedResourceRequest request)
{
((ITamperResistantOAuthMessage)request).HttpMethod = GetHttpMethod(((ITamperResistantOAuthMessage)request).HttpMethods);
this.ProcessOutgoingMessage(request);
var requestInfo = this.SpoofHttpMethod(request);
TestBase.TestLogger.InfoFormat("Sending protected resource request: {0}", requestInfo.Message);
// Drop the outgoing message in the other channel's in-slot and let them know it's there.
this.RemoteChannel.IncomingMessage = requestInfo.Message;
this.RemoteChannel.IncomingMessageSignal.Set();
return(this.AwaitIncomingRawResponse());
}
/// <summary>
/// Creates a web request prepared with OAuth authorization
/// that may be further tailored by adding parameters by the caller.
/// </summary>
/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
/// <param name="accessToken">The access token that permits access to the protected resource.</param>
/// <returns>The initialized WebRequest object.</returns>
protected internal AccessProtectedResourceRequest CreateAuthorizingMessage(MessageReceivingEndpoint endpoint, string accessToken)
{
Contract.Requires <ArgumentNullException>(endpoint != null);
Contract.Requires <ArgumentNullException>(!String.IsNullOrEmpty(accessToken));
AccessProtectedResourceRequest message = new AccessProtectedResourceRequest(endpoint, this.ServiceProvider.Version)
{
AccessToken = accessToken,
ConsumerKey = this.ConsumerKey,
};
return(message);
}
/// <summary>
/// Creates a web request prepared with OAuth authorization
/// that may be further tailored by adding parameters by the caller.
/// </summary>
/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
/// <param name="accessToken">The access token that permits access to the protected resource.</param>
/// <returns>The initialized WebRequest object.</returns>
protected internal AccessProtectedResourceRequest CreateAuthorizingMessage(MessageReceivingEndpoint endpoint, string accessToken)
{
Requires.NotNull(endpoint, "endpoint");
Requires.NotNullOrEmpty(accessToken, "accessToken");
AccessProtectedResourceRequest message = new AccessProtectedResourceRequest(endpoint, this.ServiceProvider.Version)
{
AccessToken = accessToken,
ConsumerKey = this.ConsumerKey,
};
return(message);
}
/// <summary>
/// Discovers what access the client should have considering the access token in the current request.
/// </summary>
/// <param name="httpRequestInfo">The HTTP request info.</param>
/// <param name="requiredScopes">The set of scopes required to approve this request.</param>
/// <returns>
/// The access token describing the authorization the client has. Never <c>null</c>.
/// </returns>
/// <exception cref="ProtocolFaultResponseException">
/// Thrown when the client is not authorized. This exception should be caught and the
/// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client.
/// </exception>
public virtual AccessToken GetAccessToken(HttpRequestBase httpRequestInfo = null, params string[] requiredScopes)
{
Requires.NotNull(requiredScopes, "requiredScopes");
RequiresEx.ValidState(this.ScopeSatisfiedCheck != null, Strings.RequiredPropertyNotYetPreset);
if (httpRequestInfo == null)
{
httpRequestInfo = this.Channel.GetRequestFromContext();
}
AccessToken accessToken;
AccessProtectedResourceRequest request = null;
try {
if (this.Channel.TryReadFromRequest <AccessProtectedResourceRequest>(httpRequestInfo, out request))
{
accessToken = this.AccessTokenAnalyzer.DeserializeAccessToken(request, request.AccessToken);
ErrorUtilities.VerifyHost(accessToken != null, "IAccessTokenAnalyzer.DeserializeAccessToken returned a null reslut.");
if (string.IsNullOrEmpty(accessToken.User) && string.IsNullOrEmpty(accessToken.ClientIdentifier))
{
Logger.OAuth.Error("Access token rejected because both the username and client id properties were null or empty.");
ErrorUtilities.ThrowProtocol(ResourceServerStrings.InvalidAccessToken);
}
var requiredScopesSet = OAuthUtilities.ParseScopeSet(requiredScopes);
if (!this.ScopeSatisfiedCheck.IsScopeSatisfied(requiredScope: requiredScopesSet, grantedScope: accessToken.Scope))
{
var response = UnauthorizedResponse.InsufficientScope(request, requiredScopesSet);
throw new ProtocolFaultResponseException(this.Channel, response);
}
return(accessToken);
}
else
{
var ex = new ProtocolException(ResourceServerStrings.MissingAccessToken);
var response = UnauthorizedResponse.InvalidRequest(ex);
throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex);
}
} catch (ProtocolException ex) {
if (ex is ProtocolFaultResponseException)
{
// This doesn't need to be wrapped again.
throw;
}
var response = request != null?UnauthorizedResponse.InvalidToken(request, ex) : UnauthorizedResponse.InvalidRequest(ex);
throw new ProtocolFaultResponseException(this.Channel, response, innerException: ex);
}
}
/// <summary>
/// Prepares an authorized request that carries an HTTP multi-part POST, allowing for binary data.
/// </summary>
/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
/// <param name="accessToken">The access token that permits access to the protected resource.</param>
/// <param name="binaryData">Extra parameters to include in the message. Must not be null, but may be empty.</param>
/// <returns>The initialized WebRequest object.</returns>
public HttpWebRequest PrepareAuthorizedRequest(MessageReceivingEndpoint endpoint, string accessToken, IEnumerable <MultipartPostPart> binaryData)
{
Contract.Requires <ArgumentNullException>(endpoint != null);
Contract.Requires <ArgumentException>(!String.IsNullOrEmpty(accessToken));
Contract.Requires <ArgumentNullException>(binaryData != null);
AccessProtectedResourceRequest message = this.CreateAuthorizingMessage(endpoint, accessToken);
foreach (MultipartPostPart part in binaryData)
{
message.BinaryData.Add(part);
}
HttpWebRequest wr = this.OAuthChannel.InitializeRequest(message);
return(wr);
}
/// <summary>
/// Prepares an authorized request that carries an HTTP multi-part POST, allowing for binary data.
/// </summary>
/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
/// <param name="accessToken">The access token that permits access to the protected resource.</param>
/// <param name="binaryData">Extra parameters to include in the message. Must not be null, but may be empty.</param>
/// <returns>The initialized WebRequest object.</returns>
public HttpWebRequest PrepareAuthorizedRequest(MessageReceivingEndpoint endpoint, string accessToken, IEnumerable <MultipartPostPart> binaryData)
{
Requires.NotNull(endpoint, "endpoint");
Requires.NotNullOrEmpty(accessToken, "accessToken");
Requires.NotNull(binaryData, "binaryData");
AccessProtectedResourceRequest message = this.CreateAuthorizingMessage(endpoint, accessToken);
foreach (MultipartPostPart part in binaryData)
{
message.BinaryData.Add(part);
}
HttpWebRequest wr = this.OAuthChannel.InitializeRequest(message);
return(wr);
}
/// <summary>
/// Ensures that access tokens have not yet expired.
/// </summary>
/// <param name="message">The incoming message carrying the access token.</param>
private void VerifyThrowTokenNotExpired(AccessProtectedResourceRequest message)
{
Requires.NotNull(message, "message");
try {
IServiceProviderAccessToken token = this.tokenManager.GetAccessToken(message.AccessToken);
if (token.ExpirationDate.HasValue && DateTime.Now >= token.ExpirationDate.Value.ToLocalTimeSafe())
{
Logger.OAuth.ErrorFormat(
"OAuth access token {0} rejected because it expired at {1}, and it is now {2}.",
token.Token,
token.ExpirationDate.Value,
DateTime.Now);
ErrorUtilities.ThrowProtocol(OAuthStrings.TokenNotFound);
}
} catch (KeyNotFoundException ex) {
throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound);
}
}
/// <summary>
/// Creates a web request prepared with OAuth authorization
/// that may be further tailored by adding parameters by the caller.
/// </summary>
/// <param name="endpoint">The URL and method on the Service Provider to send the request to.</param>
/// <param name="accessToken">The access token that permits access to the protected resource.</param>
/// <returns>The initialized WebRequest object.</returns>
protected internal AccessProtectedResourceRequest CreateAuthorizingMessage(MessageReceivingEndpoint endpoint, string accessToken)
{
if (endpoint == null)
{
throw new ArgumentNullException("endpoint");
}
if (String.IsNullOrEmpty(accessToken))
{
throw new ArgumentNullException("accessToken");
}
AccessProtectedResourceRequest message = new AccessProtectedResourceRequest(endpoint)
{
AccessToken = accessToken,
ConsumerKey = this.ConsumerKey,
};
return(message);
}
public void LinkedInInteropTest()
{
var endpoint = new MessageReceivingEndpoint("https://api.linkedin.com/v1/people/~:(id,first-name,last-name,headline,industry,summary)", HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.GetRequest);
var message = new AccessProtectedResourceRequest(endpoint, Protocol.V10.Version);
message.ConsumerKey = "ub78frzrn0yf";
message.AccessToken = "852863fd-05da-4d80-a93d-50f64f966de4";
((ITamperResistantOAuthMessage)message).ConsumerSecret = "ExJXsYl7Or8OfK98";
((ITamperResistantOAuthMessage)message).TokenSecret = "b197333b-470a-43b3-bcd7-49d6d2229c4c";
var signedMessage = (ITamperResistantOAuthMessage)message;
signedMessage.HttpMethod = HttpMethod.Get;
signedMessage.SignatureMethod = "HMAC-SHA1";
MessageDictionary dictionary = this.MessageDescriptions.GetAccessor(message);
dictionary["oauth_timestamp"] = "1353545248";
dictionary["oauth_nonce"] = "ugEB4bst";
var hmac = new HmacSha1SigningBindingElement();
hmac.Channel = new TestChannel(this.MessageDescriptions);
Assert.That(hmac.GetSignatureTestHook(message), Is.EqualTo("l09yeD9cr4+h1eoUF4WBoGEHrlk="));
}
public HttpWebRequest PrepareAuthorizedRequest(AccessProtectedResourceRequest message)
{
Contract.Requires <ArgumentNullException>(message != null);
return(this.OAuthChannel.InitializeRequest(message));
}
public HttpWebRequest PrepareAuthorizedRequest(AccessProtectedResourceRequest message)
{
Requires.NotNull(message, "message");
return(this.OAuthChannel.InitializeRequest(message));
}