public virtual void HandleAuthenticateRequest(object sender, EventArgs args)
{
if (ServiceProviderContext.Settings.AuthenticateRequests)
{
HttpApplication application = (HttpApplication)sender;
// Don't do anything if another authentication module has set the user already
if (application.Context.User != null)
{
return;
}
OAuthRequestContext context = new OAuthRequestContext();
WorkflowHelper.StoreOAuthContext(application.Context, context);
try
{
this.ParseParameters(application, context);
this.SetConsumer(application, context);
this.SetAccessToken(application, context);
context.IsOAuthRequest = true;
}
catch (OAuthRequestException ex)
{
// The request may not be an OAuth request so don't pass the exception to the consumer
context.AddError(ex);
context.IsOAuthRequest = false;
return;
}
try
{
this.SetSigningProvider(application, context);
this.SetRequestId(application, context);
this.SetSignature(application, context);
}
catch (OAuthRequestException ex)
{
context.AddError(ex);
WorkflowHelper.SendBadRequest(application.Context, ex, null);
}
this.UpdateAccessToken(application, context);
this.SetUser(application, context);
}
}
/// <summary>
/// Processes the HTTP web request.
/// </summary>
/// <param name="context">HTTP context</param>
public void ProcessRequest(HttpContext context)
{
OAuthRequestContext requestContext = new OAuthRequestContext(new NameValueCollection());
// Check request parameters
try
{
// TODO: Should we ensure the realm parameter, if present, matches the configured realm?
this.ParseParameters(context, requestContext);
this.SetSigningProvider(context, requestContext);
this.SetConsumer(context, requestContext);
this.SetRequestId(context, requestContext);
this.SetRequestToken(context, requestContext);
this.SetSignature(context, requestContext);
this.CheckVerifier(context, requestContext);
}
catch (OAuthRequestException ex)
{
requestContext.AddError(ex);
WorkflowHelper.SendBadRequest(context, ex, requestContext.ResponseParameters);
return;
}
// Allow the application to decide whether to issue the access token
bool isRequestAllowed = this.AllowRequest(context, requestContext);
if (isRequestAllowed)
{
// Allow the application to add additional response parameters
WorkflowHelper.AddApplicationResponseParameters(
requestContext,
this.GetAdditionalResponseParameters(
context,
requestContext));
// Issue the token
this.IssueAccessToken(context, requestContext);
WorkflowHelper.SendOk(context, requestContext.ResponseParameters);
}
else
{
// Send an unauthorized response
WorkflowHelper.SendUnauthorized(context, requestContext.ResponseParameters);
}
}
private void HandleError(object sender, EventArgs e)
{
if (ServiceProviderContext.Settings.AuthenticateRequests)
{
HttpApplication application = (HttpApplication)sender;
if (application.Context.Error is OAuthRequestException)
{
OAuthRequestException exception = (OAuthRequestException)application.Context.Error;
OAuthRequestContext context = WorkflowHelper.RetrieveOAuthContext(application.Context);
if (context != null)
{
context.AddError(exception);
}
application.Context.ClearError(); // Ensure we clear the exception to avoid ASP.NET handling this
WorkflowHelper.SendBadRequest(application.Context, exception, null);
}
}
}
protected virtual void SetSignature(HttpContext httpContext, OAuthRequestContext requestContext)
{
WorkflowHelper.SetSignature(httpContext, requestContext);
}
protected virtual void SetRequestId(HttpContext httpContext, OAuthRequestContext requestContext)
{
WorkflowHelper.SetRequestId(requestContext);
}
protected virtual void SetSigningProvider(HttpContext httpContext, OAuthRequestContext requestContext)
{
WorkflowHelper.SetSigningProvider(httpContext, requestContext);
}
protected virtual void SetSignature(HttpApplication application, OAuthRequestContext context)
{
WorkflowHelper.SetSignature(application.Context, context);
}
protected virtual void SetRequestId(HttpApplication application, OAuthRequestContext context)
{
WorkflowHelper.SetRequestId(context);
}
