protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return false;
}
HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
Uri httpUriBeforeRewrite = HttpContext.Current.Request.Url;
if (requestUri.AbsoluteUri!=httpUriBeforeRewrite.AbsoluteUri && httpDetails.Headers["Host"] != null)
{
string urlBeforeOverwrite = httpUriBeforeRewrite.AbsoluteUri.Replace(httpUriBeforeRewrite.Authority, httpDetails.Headers["Host"]);
requestUri = new Uri(urlBeforeOverwrite);
}
ServiceProvider sp = Constants.CreateServiceProvider();
try
{
var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null)
{
var accessToken = OAuthServices.GetAccessToken(auth.AccessToken);// Global.AuthTokens.Single(token => token.Token == auth.AccessToken);
var principal = sp.CreatePrincipal(auth);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List<IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty
{
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
principal.Identity,
};
// Only allow this method call if the access token scope permits it.
string[] scopes = accessToken.Scope.Split('|');
//originally this was ment to be used: operationContext.IncomingMessageHeaders.Action
//var action = operationContext.Host.BaseAddresses + operationContext.IncomingMessageProperties.Via.AbsolutePath;
//var action = "http://" + operationContext.IncomingMessageProperties.Via.Authority + operationContext.IncomingMessageProperties.Via.AbsolutePath;
//cut the url to the first "?", after the "?" there is bunch of OAuth stuff
//this way we can see whether the scope connected with this token is equal to the demanded service
var action = requestUri.AbsoluteUri.Substring(0, requestUri.AbsoluteUri.IndexOf("?"));
if (scopes.Contains(action))
{
return true;
}
}
}
catch (ProtocolException ex)
{
log.Error(String.Format("Error in the communication protocol. {0}",ex.Message));
}
catch (Exception ex)
{
log.Error(String.Format("Unexpected error: {0}\n Accesing the url: {1}, which was before server rewrite: {2}",ex.Message,requestUri,httpUriBeforeRewrite));
}
return false;
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
if (!base.CheckAccessCore(operationContext))
{
return(false);
}
HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
Uri httpUriBeforeRewrite = HttpContext.Current.Request.Url;
if (requestUri.AbsoluteUri != httpUriBeforeRewrite.AbsoluteUri && httpDetails.Headers["Host"] != null)
{
string urlBeforeOverwrite = httpUriBeforeRewrite.AbsoluteUri.Replace(httpUriBeforeRewrite.Authority, httpDetails.Headers["Host"]);
requestUri = new Uri(urlBeforeOverwrite);
}
ServiceProvider sp = Constants.CreateServiceProvider();
try
{
var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
if (auth != null)
{
var accessToken = OAuthServices.GetAccessToken(auth.AccessToken);// Global.AuthTokens.Single(token => token.Token == auth.AccessToken);
var principal = sp.CreatePrincipal(auth);
var policy = new OAuthPrincipalAuthorizationPolicy(principal);
var policies = new List <IAuthorizationPolicy> {
policy,
};
var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
if (operationContext.IncomingMessageProperties.Security != null)
{
operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
}
else
{
operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty
{
ServiceSecurityContext = securityContext,
};
}
securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
principal.Identity,
};
// Only allow this method call if the access token scope permits it.
string[] scopes = accessToken.Scope.Split('|');
//originally this was ment to be used: operationContext.IncomingMessageHeaders.Action
//var action = operationContext.Host.BaseAddresses + operationContext.IncomingMessageProperties.Via.AbsolutePath;
//var action = "http://" + operationContext.IncomingMessageProperties.Via.Authority + operationContext.IncomingMessageProperties.Via.AbsolutePath;
//cut the url to the first "?", after the "?" there is bunch of OAuth stuff
//this way we can see whether the scope connected with this token is equal to the demanded service
var action = requestUri.AbsoluteUri.Substring(0, requestUri.AbsoluteUri.IndexOf("?"));
if (scopes.Contains(action))
{
return(true);
}
}
}
catch (ProtocolException ex)
{
log.Error(String.Format("Error in the communication protocol. {0}", ex.Message));
}
catch (Exception ex)
{
log.Error(String.Format("Unexpected error: {0}\n Accesing the url: {1}, which was before server rewrite: {2}", ex.Message, requestUri, httpUriBeforeRewrite));
}
return(false);
}
