Well the error happend because I used the idea of specifing exact scope within each token, which says what URL the consumer application has right to access. So to each Access Token a String value representing the scope is added representing the URL which the application has right to access. When the consumer application demands data from certain web service, than the Authorization Manager checks the scope of the access token which was added to the request.
The problem comes when the server which is hosting the OAuth data provider performs some URL rewriting. In that case the URL which is being accessed had changed in the HTTP pipeline and the provider has to take care of that. The URL of each request comming to Azure changes inside.
If you take a look at the Authorization Manager code from the DotNetOpenAuth you will see that it checks the scope of the incoming message.
public class OAuthAuthorizationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{
//check the access token etc...
//scopes containes the scopes added to the access token
if (scopes.Contains(operationContext.IncomingMessageHeaders.Action)) {
return true;
}
}
}
And that is actually the problem, while operationContext.IncomingMessageHeaders.Action contains the URL after rewrite and the consumer application usually specifies the URL which it wants to access in the form before the rewrite.
What I found as a solution to this issue was to use instead this piece of code
Uri requestUri = operationContext.RequestContext.RequestMessage.Properties.Via;
...
...
var action = requestUri.AbsoluteUri.Substring(0, requestUri.AbsoluteUri.IndexOf("?"));
if (scopes.Contains(action))
{
return true;
}
Žádné komentáře:
Okomentovat