protected override bool CheckAccessCore(OperationContext operationContext)
        {
            if (!base.CheckAccessCore(operationContext))
            {
                return false;
            }

            HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
            Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
            Uri httpUriBeforeRewrite = HttpContext.Current.Request.Url;

            if (requestUri.AbsoluteUri!=httpUriBeforeRewrite.AbsoluteUri && httpDetails.Headers["Host"] != null)
            {
                string urlBeforeOverwrite = httpUriBeforeRewrite.AbsoluteUri.Replace(httpUriBeforeRewrite.Authority, httpDetails.Headers["Host"]);
                requestUri = new Uri(urlBeforeOverwrite);
            }

            ServiceProvider sp = Constants.CreateServiceProvider();
            try
            {
                var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
                if (auth != null)
                {
                    var accessToken = OAuthServices.GetAccessToken(auth.AccessToken);//  Global.AuthTokens.Single(token => token.Token == auth.AccessToken);

                    var principal = sp.CreatePrincipal(auth);
                    var policy = new OAuthPrincipalAuthorizationPolicy(principal);
                    var policies = new List<IAuthorizationPolicy> {
                        policy,
                    };

                    var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
                    if (operationContext.IncomingMessageProperties.Security != null)
                    {
                        operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
                    }
                    else
                    {
                        operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty
                        {
                            ServiceSecurityContext = securityContext,
                        };
                    }

                    securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
                        principal.Identity,
                    };

                    // Only allow this method call if the access token scope permits it.
                    string[] scopes = accessToken.Scope.Split('|');

                    //originally this was ment to be used: operationContext.IncomingMessageHeaders.Action
                    //var action = operationContext.Host.BaseAddresses + operationContext.IncomingMessageProperties.Via.AbsolutePath;
                    //var action = "http://" + operationContext.IncomingMessageProperties.Via.Authority + operationContext.IncomingMessageProperties.Via.AbsolutePath;

                    //cut the url to the first "?", after the "?" there is bunch of OAuth stuff
                    //this way we can see whether the scope connected with this token is equal to the demanded service
                    var action = requestUri.AbsoluteUri.Substring(0, requestUri.AbsoluteUri.IndexOf("?"));

                    if (scopes.Contains(action))
                    {
                        return true;
                    }
                }
            }
            catch (ProtocolException ex)
            {
                log.Error(String.Format("Error in the communication protocol. {0}",ex.Message));
            }
            catch (Exception ex)
            {
                log.Error(String.Format("Unexpected error: {0}\n Accesing the url: {1}, which was before server rewrite: {2}",ex.Message,requestUri,httpUriBeforeRewrite));
            }

            return false;
        }
예제 #2
0
        protected override bool CheckAccessCore(OperationContext operationContext)
        {
            if (!base.CheckAccessCore(operationContext))
            {
                return(false);
            }

            HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
            Uri requestUri           = operationContext.RequestContext.RequestMessage.Properties.Via;
            Uri httpUriBeforeRewrite = HttpContext.Current.Request.Url;

            if (requestUri.AbsoluteUri != httpUriBeforeRewrite.AbsoluteUri && httpDetails.Headers["Host"] != null)
            {
                string urlBeforeOverwrite = httpUriBeforeRewrite.AbsoluteUri.Replace(httpUriBeforeRewrite.Authority, httpDetails.Headers["Host"]);
                requestUri = new Uri(urlBeforeOverwrite);
            }

            ServiceProvider sp = Constants.CreateServiceProvider();

            try
            {
                var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
                if (auth != null)
                {
                    var accessToken = OAuthServices.GetAccessToken(auth.AccessToken);//  Global.AuthTokens.Single(token => token.Token == auth.AccessToken);

                    var principal = sp.CreatePrincipal(auth);
                    var policy    = new OAuthPrincipalAuthorizationPolicy(principal);
                    var policies  = new List <IAuthorizationPolicy> {
                        policy,
                    };

                    var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
                    if (operationContext.IncomingMessageProperties.Security != null)
                    {
                        operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
                    }
                    else
                    {
                        operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty
                        {
                            ServiceSecurityContext = securityContext,
                        };
                    }

                    securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
                        principal.Identity,
                    };

                    // Only allow this method call if the access token scope permits it.
                    string[] scopes = accessToken.Scope.Split('|');

                    //originally this was ment to be used: operationContext.IncomingMessageHeaders.Action
                    //var action = operationContext.Host.BaseAddresses + operationContext.IncomingMessageProperties.Via.AbsolutePath;
                    //var action = "http://" + operationContext.IncomingMessageProperties.Via.Authority + operationContext.IncomingMessageProperties.Via.AbsolutePath;


                    //cut the url to the first "?", after the "?" there is bunch of OAuth stuff
                    //this way we can see whether the scope connected with this token is equal to the demanded service
                    var action = requestUri.AbsoluteUri.Substring(0, requestUri.AbsoluteUri.IndexOf("?"));

                    if (scopes.Contains(action))
                    {
                        return(true);
                    }
                }
            }
            catch (ProtocolException ex)
            {
                log.Error(String.Format("Error in the communication protocol. {0}", ex.Message));
            }
            catch (Exception ex)
            {
                log.Error(String.Format("Unexpected error: {0}\n Accesing the url: {1}, which was before server rewrite: {2}", ex.Message, requestUri, httpUriBeforeRewrite));
            }

            return(false);
        }