public UserVisibleOAuthException(OAuthError oauthErrorCode, String msg) : base(Code.INVALID_PARAMETER, msg) { this.oauthErrorCode = oauthErrorCode; }
private bool ValidateRequest(HttpRequest request, out OAuthError error) { error = null; string accessToken = OAuthHelper.ExtractAcessTokenFromAuthenticateHeader(request); if (!string.IsNullOrEmpty(accessToken)) { string xmlToken = string.Format("<stringToken>{0}</stringToken>", HttpUtility.HtmlEncode(accessToken)); SecurityToken token = null; using (var stringReader = new StringReader(xmlToken)) { var reader = XmlReader.Create(stringReader); if (!this.ServiceConfiguration.SecurityTokenHandlers.CanReadToken(reader)) { error = new OAuthError { Error = OAuthErrorCodes.InvalidRequest, ErrorDescription = string.Format( "Cannot read token. If you are using SWT, make sure to configure SimpleWebTokenHandler. Token: {0}", accessToken) }; } token = this.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader); } ClaimsIdentityCollection identities = null; try { identities = this.ServiceConfiguration.SecurityTokenHandlers.ValidateToken(token); } catch (SecurityTokenExpirationException exception) { OAuthHelper.SendUnauthorizedResponse( new OAuthError { Error = OAuthErrorCodes.InvalidGrant, ErrorDescription = exception.Message }, HttpContext.Current); } IClaimsPrincipal principal = ServiceConfiguration.ClaimsAuthenticationManager.Authenticate( HttpContext.Current.Request.Url.AbsoluteUri, new ClaimsPrincipal(identities)); HttpContext.Current.User = principal; Thread.CurrentPrincipal = principal; bool access = ServiceConfiguration.ClaimsAuthorizationManager.CheckAccess(new AuthorizationContext(Thread.CurrentPrincipal as IClaimsPrincipal, request.Url.AbsoluteUri, request.HttpMethod)); if (!access) { error = new OAuthError { Error = OAuthErrorCodes.UnauthorizedClient, ErrorDescription = "Unauthorized" }; } return access; } error = new OAuthError { Error = OAuthErrorCodes.UnauthorizedClient, ErrorDescription = "Unauthorized" }; return false; }
public OAuthRequestException oauthRequestException(OAuthError _error, String _errorText, Exception cause) { return oauthRequestException(_error.ToString(), _errorText, cause); }
public OAuthRequestException oauthRequestException(OAuthError _error, String _errorText, Exception cause) { return(oauthRequestException(_error.ToString(), _errorText, cause)); }