protected override bool OnBeforeAction(IEngineContext context, IController controller,
IControllerContext controllerContext)
{
var authService = context.Services.GetService<IOAuthService>();
AccessOutcome outcome = authService.AccessProtectedResource(context.Request);
_threadOutcome = outcome;
if (!outcome.Granted)
{
controllerContext.PropertyBag["outcome"] = outcome;
throw Error.AccessDeniedToProtectedResource(outcome);
}
return true;
}
public AccessOutcome VerifyProtectedResourceRequest(OAuthContext context)
{
var outcome = new AccessOutcome {
Context = context
};
SigningContext signingContext = null;
try
{
signingContext = CreateSignatureContextForAuthContext(context);
}
catch (Exception ex)
{
outcome.AdditionalInfo = "Failed to parse request for context info";
return(outcome);
}
if (!_signer.ValidateSignature(context, signingContext))
{
outcome.AdditionalInfo = "Failed to validate signature";
return(outcome);
}
if (context.Token != "accesskey")
{
outcome.AdditionalInfo = "Invalid access token";
return(outcome);
}
if (context.ConsumerKey != "key")
{
outcome.AdditionalInfo = "Invalid consumer key";
return(outcome);
}
outcome.Granted = true;
outcome.AccessToken = new TokenBase {
ConsumerKey = "key", TokenSecret = "accesssecret", Token = "accesskey"
};
return(outcome);
}
public AccessOutcome VerifyProtectedResourceRequest(OAuthContext context)
{
var outcome = new AccessOutcome {Context = context};
SigningContext signingContext = null;
try
{
signingContext = CreateSignatureContextForAuthContext(context);
}
catch (Exception ex)
{
outcome.AdditionalInfo = "Failed to parse request for context info";
return outcome;
}
if (!_signer.ValidateSignature(context, signingContext))
{
outcome.AdditionalInfo = "Failed to validate signature";
return outcome;
}
if (context.Token != "accesskey")
{
outcome.AdditionalInfo = "Invalid access token";
return outcome;
}
if (context.ConsumerKey != "key")
{
outcome.AdditionalInfo = "Invalid consumer key";
return outcome;
}
outcome.Granted = true;
outcome.AccessToken = new TokenBase {ConsumerKey = "key", TokenSecret = "accesssecret", Token = "accesskey"};
return outcome;
}
public static Exception AccessDeniedToProtectedResource(AccessOutcome outcome)
{
Uri uri = outcome.Context.GenerateUri();
if (string.IsNullOrEmpty(outcome.AdditionalInfo))
{
return new AccessDeniedException(outcome, string.Format("Access to resource \"{0}\" was denied", uri));
}
return new AccessDeniedException(outcome,
string.Format("Access to resource: {0} was denied, additional info: {1}",
uri, outcome.AdditionalInfo));
}
public AccessDeniedException(AccessOutcome outcome)
: this(outcome, null)
{
}
public AccessDeniedException(AccessOutcome outcome, string message) : base(message)
{
_outcome = outcome;
}
protected override void OnAfterRendering(IEngineContext context, IController controller,
IControllerContext controllerContext)
{
_threadOutcome = null;
}