Exemplo n.º 1
0
 public UserVisibleOAuthException(OAuthError oauthErrorCode, String msg)
     : base(Code.INVALID_PARAMETER, msg)
 {
     this.oauthErrorCode = oauthErrorCode;
 }
        private bool ValidateRequest(HttpRequest request, out OAuthError error)
        {
            error = null;
            string accessToken = OAuthHelper.ExtractAcessTokenFromAuthenticateHeader(request);
            if (!string.IsNullOrEmpty(accessToken))
            {
                string xmlToken = string.Format("<stringToken>{0}</stringToken>", HttpUtility.HtmlEncode(accessToken));
                SecurityToken token = null;

                using (var stringReader = new StringReader(xmlToken))
                {
                    var reader = XmlReader.Create(stringReader);
                    if (!this.ServiceConfiguration.SecurityTokenHandlers.CanReadToken(reader))
                    {
                        error = new OAuthError
                        {
                            Error = OAuthErrorCodes.InvalidRequest,
                            ErrorDescription = string.Format(
                            "Cannot read token. If you are using SWT, make sure to configure SimpleWebTokenHandler. Token: {0}", 
                            accessToken)
                        };
                    }

                    token = this.ServiceConfiguration.SecurityTokenHandlers.ReadToken(reader);
                }

                ClaimsIdentityCollection identities = null;
                
                try
                {
                    identities = this.ServiceConfiguration.SecurityTokenHandlers.ValidateToken(token);
                }
                catch (SecurityTokenExpirationException exception)
                {
                    OAuthHelper.SendUnauthorizedResponse(
                        new OAuthError
                        {
                            Error = OAuthErrorCodes.InvalidGrant,
                            ErrorDescription = exception.Message
                        }, 
                        HttpContext.Current);
                }

                IClaimsPrincipal principal = ServiceConfiguration.ClaimsAuthenticationManager.Authenticate(
                                                                    HttpContext.Current.Request.Url.AbsoluteUri, new ClaimsPrincipal(identities));
                HttpContext.Current.User = principal;
                Thread.CurrentPrincipal = principal;

                bool access = ServiceConfiguration.ClaimsAuthorizationManager.CheckAccess(new AuthorizationContext(Thread.CurrentPrincipal as IClaimsPrincipal, request.Url.AbsoluteUri, request.HttpMethod));
                if (!access)
                {
                    error = new OAuthError
                    {
                        Error = OAuthErrorCodes.UnauthorizedClient,
                        ErrorDescription = "Unauthorized"
                    };
                }

                return access;
            }

            error = new OAuthError
            {
                Error = OAuthErrorCodes.UnauthorizedClient,
                ErrorDescription = "Unauthorized"
            };

            return false;
        }
Exemplo n.º 3
0
 public OAuthRequestException oauthRequestException(OAuthError _error, String _errorText,
             Exception cause)
 {
     return oauthRequestException(_error.ToString(), _errorText, cause);
 }
Exemplo n.º 4
0
 public OAuthRequestException oauthRequestException(OAuthError _error, String _errorText,
                                                    Exception cause)
 {
     return(oauthRequestException(_error.ToString(), _errorText, cause));
 }