private bool ValidateRequest(HttpRequest request, out OAuthError error)
{
error = null;
string accessToken = OAuthHelper.ExtractAcessTokenFromAuthenticateHeader(request);
if (!string.IsNullOrEmpty(accessToken))
{
string xmlToken = string.Format("<stringToken>{0}</stringToken>", HttpUtility.HtmlEncode(accessToken));
SecurityToken token = null;
using (var stringReader = new StringReader(xmlToken))
{
var reader = XmlReader.Create(stringReader);
if (!this.ServiceConfiguration.SecurityTokenHandlers.CanReadToken(reader))
{
error = new OAuthError
{
Error = OAuthErrorCodes.InvalidRequest,
ErrorDescription = string.Format("Cannot read token. If you are using SWT, make sure to configure SimpleWebTokenHandler. Token: {0}", accessToken)
};
}
token = this.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader);
}
var identities = this.ServiceConfiguration.SecurityTokenHandlers.ValidateToken(token);
IClaimsPrincipal principal = ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(
HttpContext.Current.Request.Url.AbsoluteUri, new ClaimsPrincipal(identities));
HttpContext.Current.User = principal;
Thread.CurrentPrincipal = principal;
bool access = ServiceConfiguration.ClaimsAuthorizationManager.CheckAccess(new AuthorizationContext(Thread.CurrentPrincipal as IClaimsPrincipal, request.Url.AbsoluteUri, request.HttpMethod));
if (!access)
{
error = new OAuthError
{
Error = OAuthErrorCodes.UnauthorizedClient,
ErrorDescription = "Unauthorized"
};
}
return(access);
}
error = new OAuthError
{
Error = OAuthErrorCodes.UnauthorizedClient,
ErrorDescription = "Unauthorized"
};
return(false);
}
