DotNetOpenAuth ctp 4.0 ResourceServer.VerifyAccess()方法抛出null
本文关键字:方法 null VerifyAccess ctp ResourceServer DotNetOpenAuth | 更新日期: 2023-09-27 18:19:44
我在尝试让DotNetOpenAuth ctp 4.0工作时遇到了困难。情况如下:我有一个与OAuth2示例中的资源服务器类似的资源服务器,但我使用的是WCF Web Api预览6,因此我编写了一个可扩展性点,负责验证向操作发出请求的客户端是否已被授权执行该操作,为了实现这一点,调用了ResourceServer.VerifyAccess方法。这个方法抛出了一个null异常,我还没有找到原因。
这就是我如何编写操作处理程序:
protected override HttpRequestMessage OnHandle(HttpRequestMessage input)
{
var principal = VerifyOAuth2(input);
if(principal == null)
{
throw new HttpResponseException(new HttpResponseMessage
{
StatusCode = HttpStatusCode.Unauthorized,
Content = new StringContent("Invalid Access Token")
});
}
var roles = _authorizationAttribute.Roles.Split(new[] {" "}, StringSplitOptions.RemoveEmptyEntries);
if(!roles.Any(role => principal.IsInRole(role)))
{
throw new HttpResponseException(new HttpResponseMessage
{
StatusCode = HttpStatusCode.Forbidden,
Content = new StringContent("User has not permission to access this resource")
});
}
return input;
}
private static IPrincipal VerifyOAuth2(HttpRequestMessage request)
{
var headers = request.Headers;
var headersCollection = new WebHeaderCollection();
foreach (var header in headers)
{
headersCollection.Add(header.Key, header.Value.ToString());
}
using (var signing = MvcApplication.CreateAuthorizationServerSigningServiceProvider())
{
using (var encrypting = MvcApplication.CreateResourceServerEncryptionServiceProvider())
{
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
IPrincipal result;
var httpRequestInfo = new HttpRequestInfo(request.Method.ToString(), request.RequestUri,
request.RequestUri.AbsoluteUri, headersCollection, request.Content.ReadAsStreamAsync().Result);//Since I dont have an HttpResourceInfo Object I need to build one from my request, using an overloaded method.
var error = resourceServer.VerifyAccess(httpRequestInfo, out result); //here is where the exception is thrown.
// TODO: return the prepared error code.
return error != null ? null : result;
}
}
我不知道这段代码是否有帮助,但如果没有,你能告诉我这个方法什么时候抛出空引用异常吗??也许这会对我有所帮助!提前谢谢。
NullReferenceException
的堆栈跟踪会有所帮助。
除此之外,您是否尝试过从WCF获取HttpRequestMessageProperty
,并像OAuthAuthorizationManager
在示例中那样将其传递给HttpRequestInfo
构造函数?