/// <summary>
		/// Initializes a new instance of the <see cref="AuthorizationServer"/> class.
		/// </summary>
		/// <param name="authorizationServer">The authorization server.</param>
		public AuthorizationServer(IAuthorizationServerHost authorizationServer) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules);
			this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule);
			this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true));
			this.ScopeSatisfiedCheck = DefaultScopeSatisfiedCheck;
		}
Exemple #2
0
        /// <summary>
        /// Attempts to extract client identification/authentication information from a message.
        /// </summary>
        /// <param name="authorizationServerHost">The authorization server host.</param>
        /// <param name="requestMessage">The incoming message.</param>
        /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
        /// <returns>The level of the extracted client information.</returns>
        public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier)
        {
            Requires.NotNull(authorizationServerHost, "authorizationServerHost");
            Requires.NotNull(requestMessage, "requestMessage");

            ClientAuthenticationModule authenticator = null;
            ClientAuthenticationResult result        = ClientAuthenticationResult.NoAuthenticationRecognized;

            clientIdentifier = null;

            foreach (var candidateAuthenticator in this.authenticators)
            {
                string candidateClientIdentifier;
                var    resultCandidate = candidateAuthenticator.TryAuthenticateClient(authorizationServerHost, requestMessage, out candidateClientIdentifier);

                ErrorUtilities.VerifyProtocol(
                    result == ClientAuthenticationResult.NoAuthenticationRecognized || resultCandidate == ClientAuthenticationResult.NoAuthenticationRecognized,
                    "Message rejected because multiple forms of client authentication ({0} and {1}) were detected, which is forbidden by the OAuth 2 Protocol Framework specification.",
                    authenticator,
                    candidateAuthenticator);

                if (resultCandidate != ClientAuthenticationResult.NoAuthenticationRecognized)
                {
                    authenticator    = candidateAuthenticator;
                    result           = resultCandidate;
                    clientIdentifier = candidateClientIdentifier;
                }
            }

            return(result);
        }
		/// <summary>
		/// Verifies a condition is true or throws an exception describing the problem.
		/// </summary>
		/// <param name="condition">The condition that evaluates to true to avoid an exception.</param>
		/// <param name="requestMessage">The request message.</param>
		/// <param name="error">A single error code from <see cref="Protocol.AccessTokenRequestErrorCodes"/>.</param>
		/// <param name="authenticationModule">The authentication module from which to glean the WWW-Authenticate header when applicable.</param>
		/// <param name="unformattedDescription">A human-readable UTF-8 encoded text providing additional information, used to assist the client developer in understanding the error that occurred.</param>
		/// <param name="args">The formatting arguments to generate the actual description.</param>
		internal static void TokenEndpointVerify(bool condition, AccessTokenRequestBase requestMessage, string error, ClientAuthenticationModule authenticationModule = null, string unformattedDescription = null, params object[] args) {
			if (!condition) {
				string description = unformattedDescription != null ? string.Format(CultureInfo.CurrentCulture, unformattedDescription, args) : null;

				string wwwAuthenticateHeader = null;
				if (authenticationModule != null) {
					wwwAuthenticateHeader = authenticationModule.AuthenticateHeader;
				}

				throw new TokenEndpointProtocolException(requestMessage, error, description, authenticateHeader: wwwAuthenticateHeader);
			}
		}
		/// <summary>
		/// Initializes a new instance of the <see cref="OAuth2AuthorizationServerChannel"/> class.
		/// </summary>
		/// <param name="authorizationServer">The authorization server.</param>
		/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
		protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
			: base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule)) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			this.AuthorizationServer = authorizationServer;
		}
		/// <summary>
		/// Initializes the binding elements for the OAuth channel.
		/// </summary>
		/// <param name="authorizationServer">The authorization server.</param>
		/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
		/// <returns>
		/// An array of binding elements used to initialize the channel.
		/// </returns>
		private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) {
			Requires.NotNull(authorizationServer, "authorizationServer");
			Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");

			var bindingElements = new List<IChannelBindingElement>();

			// The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
			bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule));
			bindingElements.Add(new TokenCodeSerializationBindingElement());

			return bindingElements.ToArray();
		}
Exemple #6
0
 /// <summary>
 /// Initializes a new instance of the <see cref="OAuth2AuthorizationServerChannel"/> class.
 /// </summary>
 /// <param name="authorizationServer">The authorization server.</param>
 /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
 protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
     : base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule))
 {
     Requires.NotNull(authorizationServer, "authorizationServer");
     this.AuthorizationServer = authorizationServer;
 }
Exemple #7
0
        /// <summary>
        /// Initializes the binding elements for the OAuth channel.
        /// </summary>
        /// <param name="authorizationServer">The authorization server.</param>
        /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
        /// <returns>
        /// An array of binding elements used to initialize the channel.
        /// </returns>
        private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule)
        {
            Requires.NotNull(authorizationServer, "authorizationServer");
            Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");

            var bindingElements = new List <IChannelBindingElement>();

            // The order they are provided is used for outgoing messgaes, and reversed for incoming messages.
            bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule));
            bindingElements.Add(new TokenCodeSerializationBindingElement());

            return(bindingElements.ToArray());
        }
Exemple #8
0
 /// <summary>
 /// Initializes a new instance of the <see cref="MessageValidationBindingElement"/> class.
 /// </summary>
 /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
 internal MessageValidationBindingElement(ClientAuthenticationModule clientAuthenticationModule)
 {
     Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");
     this.clientAuthenticationModule = clientAuthenticationModule;
 }
		/// <summary>
		/// Initializes a new instance of the <see cref="MessageValidationBindingElement"/> class.
		/// </summary>
		/// <param name="clientAuthenticationModule">The aggregating client authentication module.</param>
		internal MessageValidationBindingElement(ClientAuthenticationModule clientAuthenticationModule) {
			Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule");
			this.clientAuthenticationModule = clientAuthenticationModule;
		}