public override ISecurityToken getSecurityTokenFromRequest(HttpRequest request) { OAuthMessage requestMessage = OAuthServlet.getMessage(request, null); String containerKey = getParameter(requestMessage, OAuth.OAUTH_CONSUMER_KEY); String containerSignature = getParameter(requestMessage, OAuth.OAUTH_SIGNATURE); String userId = request.Params[REQUESTOR_ID_PARAM].Trim(); if (containerKey == null || containerSignature == null || string.IsNullOrEmpty(userId)) { // This isn't a proper OAuth request return(null); } try { if (service.thirdPartyHasAccessToUser(requestMessage, containerKey, userId)) { return(service.getSecurityToken(containerKey, userId)); } throw new InvalidAuthenticationException("Access for app not allowed", null); } catch (OAuthException oae) { throw new InvalidAuthenticationException(oae.Message, oae); } }