protected override bool CheckAccessCore(OperationContext operationContext)
        {
            if (!base.CheckAccessCore(operationContext))
            {
                return false;
            }

            HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
            Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
            ServiceProvider sp = OAuthServiceProvider.ServiceProvider;
            try
            {
                var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
                if (auth != null)
                {
                    var accessToken = Database.DataContext.IssuedTokens.OfType<IssuedAccessToken>().First(token => token.Token == auth.AccessToken);

                    var principal = sp.CreatePrincipal(auth);
                    var policy = new OAuthPrincipalAuthorizationPolicy(principal);
                    var policies = new List<IAuthorizationPolicy> {
                        policy,
                    };

                    var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
                    if (operationContext.IncomingMessageProperties.Security != null)
                    {
                        operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
                    }
                    else
                    {
                        operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty
                        {
                            ServiceSecurityContext = securityContext,
                        };
                    }

                    securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
                        principal.Identity,
                    };

                    // Only allow this method call if the access token scope permits it.
                    string[] scopes = accessToken.Scope.Split('|');
                    if (scopes.Contains(operationContext.IncomingMessageHeaders.Action))
                    {
                        return true;
                    }
                }
            }
            catch (ProtocolException /*ex*/)
            {
                ////Logger.Error("Error processing OAuth messages.", ex);
            }

            return false;
        }
예제 #2
0
        protected override bool CheckAccessCore(OperationContext operationContext)
        {
            if (!base.CheckAccessCore(operationContext))
            {
                return(false);
            }

            var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
            var requestUri  = operationContext.RequestContext.RequestMessage.Properties.Via;

            return(Task.Run(
                       async delegate {
                using (var crypto = OAuthResourceServer.CreateRSA()) {
                    var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto);
                    var resourceServer = new ResourceServer(tokenAnalyzer);
                    ProtocolFaultResponseException exception = null;
                    try {
                        IPrincipal principal =
                            await resourceServer.GetPrincipalAsync(httpDetails, requestUri, CancellationToken.None, operationContext.IncomingMessageHeaders.Action);
                        var policy = new OAuthPrincipalAuthorizationPolicy(principal);
                        var policies = new List <IAuthorizationPolicy> {
                            policy,
                        };

                        var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
                        if (operationContext.IncomingMessageProperties.Security != null)
                        {
                            operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
                        }
                        else
                        {
                            operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
                                ServiceSecurityContext = securityContext,
                            };
                        }

                        securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
                            principal.Identity,
                        };

                        return true;
                    } catch (ProtocolFaultResponseException ex) {
                        // Return the appropriate unauthorized response to the client.
                        exception = ex;
                    } catch (DotNetOpenAuth.Messaging.ProtocolException /* ex*/) {
                        ////Logger.Error("Error processing OAuth messages.", ex);
                    }

                    var errorResponse = await exception.CreateErrorResponseAsync(CancellationToken.None);
                    await errorResponse.SendAsync();
                }

                return false;
            }).Result);
        }
        protected override bool CheckAccessCore(OperationContext operationContext)
        {
            if (!base.CheckAccessCore(operationContext))
            {
                return(false);
            }

            HttpRequestMessageProperty httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
            Uri             requestUri             = operationContext.RequestContext.RequestMessage.Properties["OriginalHttpRequestUri"] as Uri;
            ServiceProvider sp = OAuthServiceProvider.ServiceProvider;

            try {
                var auth = sp.ReadProtectedResourceAuthorization(httpDetails, requestUri);
                if (auth != null)
                {
                    var accessToken = Database.DataContext.IssuedTokens.OfType <IssuedAccessToken>().First(token => token.Token == auth.AccessToken);

                    var principal = sp.CreatePrincipal(auth);
                    var policy    = new OAuthPrincipalAuthorizationPolicy(principal);
                    var policies  = new List <IAuthorizationPolicy> {
                        policy,
                    };

                    var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
                    if (operationContext.IncomingMessageProperties.Security != null)
                    {
                        operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
                    }
                    else
                    {
                        operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
                            ServiceSecurityContext = securityContext,
                        };
                    }

                    securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> {
                        principal.Identity,
                    };

                    // Only allow this method call if the access token scope permits it.
                    string[] scopes = accessToken.Scope.Split('|');
                    if (scopes.Contains(operationContext.IncomingMessageHeaders.Action))
                    {
                        return(true);
                    }
                }
            } catch (ProtocolException /*ex*/) {
                ////Logger.Error("Error processing OAuth messages.", ex);
            }

            return(false);
        }
		protected override bool CheckAccessCore(OperationContext operationContext) {
			if (!base.CheckAccessCore(operationContext)) {
				return false;
			}

			var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
			var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;

			return Task.Run(
				async delegate {
					using (var crypto = OAuthResourceServer.CreateRSA()) {
						var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto);
						var resourceServer = new ResourceServer(tokenAnalyzer);
						ProtocolFaultResponseException exception = null;
						try {
							IPrincipal principal =
								await resourceServer.GetPrincipalAsync(httpDetails, requestUri, CancellationToken.None, operationContext.IncomingMessageHeaders.Action);
							var policy = new OAuthPrincipalAuthorizationPolicy(principal);
							var policies = new List<IAuthorizationPolicy> { policy, };

							var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
							if (operationContext.IncomingMessageProperties.Security != null) {
								operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
							} else {
								operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
									ServiceSecurityContext = securityContext,
								};
							}

							securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> { principal.Identity, };

							return true;
						} catch (ProtocolFaultResponseException ex) {
							// Return the appropriate unauthorized response to the client.
							exception = ex;
						} catch (DotNetOpenAuth.Messaging.ProtocolException /* ex*/) {
							////Logger.Error("Error processing OAuth messages.", ex);
						}

						var errorResponse = await exception.CreateErrorResponseAsync(CancellationToken.None);
						await errorResponse.SendAsync();
					}

					return false;
				}).Result;
		}
		protected override bool CheckAccessCore(OperationContext operationContext) {
			if (!base.CheckAccessCore(operationContext)) {
				return false;
			}

			var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty;
			var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;

			using (var crypto = OAuthAuthorizationServer.CreateAsymmetricKeyServiceProvider()) {
				var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto);
				var resourceServer = new ResourceServer(tokenAnalyzer);

				try {
					IPrincipal principal;
					var errorResponse = resourceServer.VerifyAccess(httpDetails, requestUri, out principal);
					if (errorResponse == null) {
						var policy = new OAuthPrincipalAuthorizationPolicy(principal);
						var policies = new List<IAuthorizationPolicy> {
						policy,
					};

						var securityContext = new ServiceSecurityContext(policies.AsReadOnly());
						if (operationContext.IncomingMessageProperties.Security != null) {
							operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext;
						} else {
							operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty {
								ServiceSecurityContext = securityContext,
							};
						}

						securityContext.AuthorizationContext.Properties["Identities"] = new List<IIdentity> {
						principal.Identity,
					};

						// Only allow this method call if the access token scope permits it.
						if (principal.IsInRole(operationContext.IncomingMessageHeaders.Action)) {
							return true;
						}
					}
				} catch (ProtocolException /*ex*/) {
					////Logger.Error("Error processing OAuth messages.", ex);
				}
			}

			return false;
		}