I'm having difficulties trying to get DotNetOpenAuth ctp 4.0 to work. Here's the situation: I have a resource server just like the one on the OAuth2 sample, however I'm using WCF Web Api preview 6, so I wrote an extensibility point in charge of verifiying that the client doing the request to the operation is already authorized to do it, in order to accomplish this, method ResourceServer.VerifyAccess is called. This method is throwing a null exception, and I haven't found out why.
This is how I wrote my operation handler:
protected override HttpRequestMessage OnHandle(HttpRequestMessage input)
{
var principal = VerifyOAuth2(input);
if(principal == null)
{
throw new HttpResponseException(new HttpResponseMessage
{
StatusCode = HttpStatusCode.Unauthorized,
Content = new StringContent("Invalid Access Token")
});
}
var roles = _authorizationAttribute.Roles.Split(new[] {" "}, StringSplitOptions.RemoveEmptyEntries);
if(!roles.Any(role => principal.IsInRole(role)))
{
throw new HttpResponseException(new HttpResponseMessage
{
StatusCode = HttpStatusCode.Forbidden,
Content = new StringContent("User has not permission to access this resource")
});
}
return input;
}
private static IPrincipal VerifyOAuth2(HttpRequestMessage request)
{
var headers = request.Headers;
var headersCollection = new WebHeaderCollection();
foreach (var header in headers)
{
headersCollection.Add(header.Key, header.Value.ToString());
}
using (var signing = MvcApplication.CreateAuthorizationServerSigningServiceProvider())
{
using (var encrypting = MvcApplication.CreateResourceServerEncryptionServiceProvider())
{
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
IPrincipal result;
var httpRequestInfo = new HttpRequestInfo(request.Method.ToString(), request.RequestUri,
request.RequestUri.AbsoluteUri, headersCollection, request.Content.ReadAsStreamAsync().Result);//Since I dont have an HttpResourceInfo Object I need to build one from my request, using an overloaded method.
var error = resourceServer.VerifyAccess(httpRequestInfo, out result); //here is where the exception is thrown.
// TODO: return the prepared error code.
return error != null ? null : result;
}
}
I don't know if this code helps, but in case it doesn't, can you tell me when does this method throws a null reference exception?? maybe that'll help me a bit! thank you in advance.
A stacktrace for the NullReferenceException
would be helpful.
In lieu of that, have you tried obtaining an HttpRequestMessageProperty
from WCF and passing that to the HttpRequestInfo
constructor the way the OAuthAuthorizationManager
does in the sample?