/// <summary>
/// Attempts to extract client identification/authentication information from a message.
/// </summary>
/// <param name="authorizationServerHost">The authorization server host.</param>
/// <param name="requestMessage">The incoming message.</param>
/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
/// <returns>The level of the extracted client information.</returns>
public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) {
Requires.NotNull(authorizationServerHost, "authorizationServerHost");
Requires.NotNull(requestMessage, "requestMessage");
ClientAuthenticationModule authenticator = null;
ClientAuthenticationResult result = ClientAuthenticationResult.NoAuthenticationRecognized;
clientIdentifier = null;
foreach (var candidateAuthenticator in this.authenticators) {
string candidateClientIdentifier;
var resultCandidate = candidateAuthenticator.TryAuthenticateClient(authorizationServerHost, requestMessage, out candidateClientIdentifier);
ErrorUtilities.VerifyProtocol(
result == ClientAuthenticationResult.NoAuthenticationRecognized || resultCandidate == ClientAuthenticationResult.NoAuthenticationRecognized,
"Message rejected because multiple forms of client authentication ({0} and {1}) were detected, which is forbidden by the OAuth 2 Protocol Framework specification.",
authenticator,
candidateAuthenticator);
if (resultCandidate != ClientAuthenticationResult.NoAuthenticationRecognized) {
authenticator = candidateAuthenticator;
result = resultCandidate;
clientIdentifier = candidateClientIdentifier;
}
}
return result;
}
/// <summary>
/// Attempts to extract client identification/authentication information from a message.
/// </summary>
/// <param name="authorizationServerHost">The authorization server host.</param>
/// <param name="requestMessage">The incoming message.</param>
/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
/// <returns>The level of the extracted client information.</returns>
public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) {
Requires.NotNull(authorizationServerHost, "authorizationServerHost");
Requires.NotNull(requestMessage, "requestMessage");
clientIdentifier = requestMessage.ClientIdentifier;
return TryAuthenticateClientBySecret(authorizationServerHost, requestMessage.ClientIdentifier, requestMessage.ClientSecret);
}
/// <summary>
/// Attempts to extract client identification/authentication information from a message.
/// </summary>
/// <param name="authorizationServerHost">The authorization server host.</param>
/// <param name="requestMessage">The incoming message.</param>
/// <param name="clientIdentifier">Receives the client identifier, if one was found.</param>
/// <returns>The level of the extracted client information.</returns>
public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) {
Requires.NotNull(authorizationServerHost, "authorizationServerHost");
Requires.NotNull(requestMessage, "requestMessage");
var credential = OAuthUtilities.ParseHttpBasicAuth(requestMessage.Headers);
if (credential != null) {
clientIdentifier = credential.UserName;
return TryAuthenticateClientBySecret(authorizationServerHost, credential.UserName, credential.Password);
}
clientIdentifier = null;
return ClientAuthenticationResult.NoAuthenticationRecognized;
}
/// <summary>
/// Applies any applicable client credential to an authenticated outbound request to the authorization server.
/// </summary>
/// <param name="request">The request to apply authentication information to.</param>
protected void ApplyClientCredential(AuthenticatedClientRequestBase request) {
Requires.NotNull(request, "request");
if (this.ClientCredentialApplicator != null) {
this.ClientCredentialApplicator.ApplyClientCredential(this.ClientIdentifier, request);
}
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public virtual void ApplyClientCredential(string clientIdentifier, AuthenticatedClientRequestBase request) {
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public override void ApplyClientCredential(string clientIdentifier, AuthenticatedClientRequestBase request) {
if (clientIdentifier != null) {
request.ClientSecret = this.secret;
}
}
/// <summary>
/// Applies the client identifier and (when applicable) the client authentication to an outbound message.
/// </summary>
/// <param name="clientIdentifier">The identifier by which the authorization server should recognize this client.</param>
/// <param name="request">The outbound message to apply authentication information to.</param>
public override void ApplyClientCredential(string clientIdentifier, AuthenticatedClientRequestBase request) {
// When using network credentials, the client authentication is not done as standard message parts.
request.ClientIdentifier = null;
request.ClientSecret = null;
}
/// <summary> /// Attempts to extract client identification/authentication information from a message. /// </summary> /// <param name="authorizationServerHost">The authorization server host.</param> /// <param name="requestMessage">The incoming message.</param> /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param> /// <returns>The level of the extracted client information.</returns> public abstract ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier);