public virtual void HandleAuthenticateRequest(object sender, EventArgs args)
        {
            if (ServiceProviderContext.Settings.AuthenticateRequests)
            {
                HttpApplication application = (HttpApplication)sender;

                // Don't do anything if another authentication module has set the user already
                if (application.Context.User != null)
                {
                    return;
                }

                OAuthRequestContext context = new OAuthRequestContext();
                WorkflowHelper.StoreOAuthContext(application.Context, context);

                try
                {
                    this.ParseParameters(application, context);
                    this.SetConsumer(application, context);
                    this.SetAccessToken(application, context);
                    context.IsOAuthRequest = true;
                }
                catch (OAuthRequestException ex)
                {
                    // The request may not be an OAuth request so don't pass the exception to the consumer
                    context.AddError(ex);
                    context.IsOAuthRequest = false;
                    return;
                }

                try
                {
                    this.SetSigningProvider(application, context);
                    this.SetRequestId(application, context);
                    this.SetSignature(application, context);
                }
                catch (OAuthRequestException ex)
                {
                    context.AddError(ex);
                    WorkflowHelper.SendBadRequest(application.Context, ex, null);
                }

                this.UpdateAccessToken(application, context);
                this.SetUser(application, context);
            }
        }
示例#2
0
        /// <summary>
        /// Processes the HTTP web request.
        /// </summary>
        /// <param name="context">HTTP context</param>
        public void ProcessRequest(HttpContext context)
        {
            OAuthRequestContext requestContext = new OAuthRequestContext(new NameValueCollection());

            // Check request parameters
            try
            {
                // TODO: Should we ensure the realm parameter, if present, matches the configured realm?
                this.ParseParameters(context, requestContext);
                this.SetSigningProvider(context, requestContext);
                this.SetConsumer(context, requestContext);
                this.SetRequestId(context, requestContext);
                this.SetRequestToken(context, requestContext);
                this.SetSignature(context, requestContext);
                this.CheckVerifier(context, requestContext);
            }
            catch (OAuthRequestException ex)
            {
                requestContext.AddError(ex);
                WorkflowHelper.SendBadRequest(context, ex, requestContext.ResponseParameters);
                return;
            }

            // Allow the application to decide whether to issue the access token
            bool isRequestAllowed = this.AllowRequest(context, requestContext);

            if (isRequestAllowed)
            {
                // Allow the application to add additional response parameters
                WorkflowHelper.AddApplicationResponseParameters(
                    requestContext,
                    this.GetAdditionalResponseParameters(
                        context,
                        requestContext));

                // Issue the token
                this.IssueAccessToken(context, requestContext);
                WorkflowHelper.SendOk(context, requestContext.ResponseParameters);
            }
            else
            {
                // Send an unauthorized response
                WorkflowHelper.SendUnauthorized(context, requestContext.ResponseParameters);
            }
        }
        private void HandleError(object sender, EventArgs e)
        {
            if (ServiceProviderContext.Settings.AuthenticateRequests)
            {
                HttpApplication application = (HttpApplication)sender;

                if (application.Context.Error is OAuthRequestException)
                {
                    OAuthRequestException exception = (OAuthRequestException)application.Context.Error;

                    OAuthRequestContext context = WorkflowHelper.RetrieveOAuthContext(application.Context);
                    if (context != null)
                    {
                        context.AddError(exception);
                    }

                    application.Context.ClearError(); // Ensure we clear the exception to avoid ASP.NET handling this

                    WorkflowHelper.SendBadRequest(application.Context, exception, null);
                }
            }
        }