public void GetAccessTokenWithTotallyFakeToken() {
			var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));

			var requestHeaders = new NameValueCollection {
				{ "Authorization", "Bearer foobar" },
			};
			var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
			Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>());
		}
		public void GetAccessTokenWithCorruptedToken() {
			var accessToken = this.ObtainValidAccessToken();

			var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));

			var requestHeaders = new NameValueCollection {
				{ "Authorization", "Bearer " + accessToken.Substring(0, accessToken.Length - 1) + "zzz" },
			};
			var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
			Assert.That(() => resourceServer.GetAccessToken(request), Throws.InstanceOf<ProtocolException>());
		}
		public void GetAccessTokenWithValidToken() {
			var accessToken = this.ObtainValidAccessToken();

			var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));

			var requestHeaders = new NameValueCollection {
				{ "Authorization", "Bearer " + accessToken },
			};
			var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
			var resourceServerDecodedToken = resourceServer.GetAccessToken(request);
			Assert.That(resourceServerDecodedToken, Is.Not.Null);
		}
Exemplo n.º 4
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            bool isAuthorized = false;

            try
            {
                HttpRequestBase request = httpContext.Request;

                if (!string.IsNullOrEmpty(request.Headers["Authorization"]))
                {
                    if (request.Headers["Authorization"].StartsWith("Bearer "))
                    {
                        RSACryptoServiceProvider authorizationServerSigningPublicKey = AuthorizationServerHost.CreateRsaCryptoServiceProvider(AuthorizationServerHost.AuthorizationServerSigningPublicKey);
                        RSACryptoServiceProvider resourceServerEncryptionPrivateKey = AuthorizationServerHost.CreateRsaCryptoServiceProvider(AuthorizationServerHost.ResourceServerEncryptionPrivateKey);

                        StandardAccessTokenAnalyzer tokenAnalyzer = new StandardAccessTokenAnalyzer(authorizationServerSigningPublicKey, resourceServerEncryptionPrivateKey);
                        ResourceServer resourceServer = new ResourceServer(tokenAnalyzer);
                        IPrincipal principal = resourceServer.GetPrincipal(request);

                        if (principal.Identity.IsAuthenticated)
                        {
                            HttpContext.Current.User = principal;
                            Thread.CurrentPrincipal = principal;

                            isAuthorized = true;
                        }

                        var _token = resourceServer.GetAccessToken(request);

                        if (this.RequiredScopes.Any())
                        {
                            var token = resourceServer.GetAccessToken(request, this.RequiredScopes);
                        }
                    }
                }
            }
            catch
            {
                isAuthorized = false;
            }

            return isAuthorized;
        }