/// <summary> /// Verify that the request is valid. /// </summary> /// <param name="httpRequest">The HTTP request base.</param> /// <param name="rawUri">A System.Uri object containing information regarding the URL of the current request.</param> /// <param name="queryString">The collection of HTTP query string variables.</param> /// <param name="form">The collection of form variables.</param> /// <param name="headers">The collection of HTTP headers.</param> /// <param name="requiredScopes">The set of scopes required to approve this request.</param> /// <returns> /// The principal that contains the user and roles that the access token is authorized for; else null. /// </returns> private IPrincipal Verify(HttpRequestBase httpRequest, Uri rawUri, NameValueCollection queryString, NameValueCollection form, NameValueCollection headers, params string[] requiredScopes) { string clientID = null; string nonce = null; string accessToken = null; string tokenNonce = null; string userID = null; try { // Make sure that all the passed parameters are valid. if (httpRequest == null) { throw new ArgumentNullException("httpRequest"); } if (rawUri == null) { throw new ArgumentNullException("rawUri"); } if (queryString == null) { throw new ArgumentNullException("queryString"); } if (form == null) { throw new ArgumentNullException("form"); } if (headers == null) { throw new ArgumentNullException("headers"); } // Attempt to find the 'access_token' parameter in the form. IEnumerable <string> accessTokens = form.AllKeys.Where(u => u.EndsWith("access_token")); if (accessTokens == null || accessTokens.Count() < 1) { // Attempt to find the 'access_token' parameter in the query string. if (queryString != null || queryString.Keys.Count > 0) { if (queryString["access_token"] != null) { accessToken = queryString["access_token"]; } } // Attempt to find the 'access_token' parameter in the headers. if (headers != null || headers.Keys.Count > 0) { if (headers["access_token"] != null) { accessToken = headers["access_token"]; } } } else { accessToken = form["access_token"]; } // Pass a access token if (!String.IsNullOrEmpty(accessToken)) { // Get the nonce data for the code value. nonce = _tokenStore.GetNonceByAccessToken(accessToken); clientID = _consumerStore.GetConsumerIdentifier(nonce); // Make sure that the token is still valid. if (!_consumerStore.IsAuthorizationValid(clientID, nonce)) { return(null); } else { // Get the encryption certificate for the client. // Create a new access token decryption analyser. X509Certificate2 certificate = _consumerStore.GetConsumerCertificate(clientID); StandardAccessTokenAnalyzer accessTokenAnalyzer = new StandardAccessTokenAnalyzer( (RSACryptoServiceProvider)certificate.PrivateKey, (RSACryptoServiceProvider)certificate.PublicKey.Key); // Assign the analyser and get the access token // data from the http request. _resourceServer.AccessTokenAnalyzer = accessTokenAnalyzer; AccessToken token = _resourceServer.GetAccessToken(httpRequest, requiredScopes); // Get the priciple identity of the access token request. IPrincipal principal = _resourceServer.GetPrincipal(token, out userID, out tokenNonce, httpRequest, requiredScopes); return(principal); } } else { return(null); } } catch (Exception ex) { // Get the current token errors. _tokenError = ex.Message; return(null); } }
/// <summary> /// Determines whether a described authorization is (still) valid. /// </summary> /// <param name="authorization">The authorization.</param> /// <returns>True if the original authorization is still valid; otherwise, false</returns> public bool IsAuthorizationValid(Framework.ChannelElements.IAuthorizationDescription authorization) { return(_consumerStore.IsAuthorizationValid(authorization)); }