diff --git a/Packages.props b/Packages.props
index 3806303d..0bda66c0 100644
--- a/Packages.props
+++ b/Packages.props
@@ -6,12 +6,14 @@
+
+
diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/ResourceController.cs b/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/ResourceController.cs
index d1046f16..a284923e 100644
--- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/ResourceController.cs
+++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Controllers/ResourceController.cs
@@ -1,7 +1,9 @@
using System.Collections.Generic;
+using System.Net;
+using System.Net.Http;
+using System.Security.Claims;
using System.Threading.Tasks;
-using System.Web;
-using System.Web.Mvc;
+using System.Web.Http;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin.Security;
using OpenIddict.Validation.Owin;
@@ -9,24 +11,18 @@ using static OpenIddict.Abstractions.OpenIddictConstants;
namespace OpenIddict.Sandbox.AspNet.Server.Controllers
{
- public class ResourceController : Controller
+ [HostAuthentication(OpenIddictValidationOwinDefaults.AuthenticationType)]
+ public class ResourceController : ApiController
{
- [HttpGet, Route("~/api/message")]
- public async Task GetMessage()
+ [Authorize, HttpGet, Route("~/api/message")]
+ public async Task GetMessage()
{
- var context = HttpContext.GetOwinContext();
-
- var result = await context.Authentication.AuthenticateAsync(OpenIddictValidationOwinDefaults.AuthenticationType);
- if (result is null)
- {
- context.Authentication.Challenge(OpenIddictValidationOwinDefaults.AuthenticationType);
- return new EmptyResult();
- }
+ var context = Request.GetOwinContext();
// This demo action requires that the client application be granted the "demo_api" scope.
// If it was not granted, a detailed error is returned to the client application to inform it
// that the authorization process must be restarted with the specified scope to access this API.
- if (!result.Identity.HasClaim(Claims.Private.Scope, "demo_api"))
+ if (!((ClaimsPrincipal) User).HasClaim(Claims.Private.Scope, "demo_api"))
{
context.Authentication.Challenge(
authenticationTypes: OpenIddictValidationOwinDefaults.AuthenticationType,
@@ -37,12 +33,11 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers
[OpenIddictValidationOwinConstants.Properties.ErrorDescription] =
"The 'demo_api' scope is required to perform this action."
}));
- return new EmptyResult();
+ return Unauthorized();
}
- var user = await context.GetUserManager()
- .FindByIdAsync(result.Identity.FindFirst(Claims.Subject).Value);
-
+ var user = await context.GetUserManager().FindByIdAsync(
+ ((ClaimsPrincipal) User).FindFirst(Claims.Subject).Value);
if (user is null)
{
context.Authentication.Challenge(
@@ -53,10 +48,13 @@ namespace OpenIddict.Sandbox.AspNet.Server.Controllers
[OpenIddictValidationOwinConstants.Properties.ErrorDescription] =
"The specified access token is bound to an account that no longer exists."
}));
- return new EmptyResult();
+ return Unauthorized();
}
- return Content($"{user.UserName} has been successfully authenticated.");
+ return ResponseMessage(new HttpResponseMessage(HttpStatusCode.OK)
+ {
+ Content = new StringContent($"{user.UserName} has been successfully authenticated.")
+ });
}
}
}
diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/OpenIddict.Sandbox.AspNet.Server.csproj b/sandbox/OpenIddict.Sandbox.AspNet.Server/OpenIddict.Sandbox.AspNet.Server.csproj
index 634ad720..7366731a 100644
--- a/sandbox/OpenIddict.Sandbox.AspNet.Server/OpenIddict.Sandbox.AspNet.Server.csproj
+++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/OpenIddict.Sandbox.AspNet.Server.csproj
@@ -27,10 +27,12 @@
+
+
diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs b/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs
index f5a473c2..f4e4a88e 100644
--- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs
+++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Startup.cs
@@ -1,9 +1,11 @@
using System;
using System.Threading.Tasks;
+using System.Web.Http;
using System.Web.Mvc;
using Autofac;
using Autofac.Extensions.DependencyInjection;
using Autofac.Integration.Mvc;
+using Autofac.Integration.WebApi;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Owin;
using OpenIddict.Abstractions;
@@ -34,6 +36,19 @@ namespace OpenIddict.Sandbox.AspNet.Server
// Configure ASP.NET MVC 5.2 to use Autofac when activating controller instances.
DependencyResolver.SetResolver(new AutofacDependencyResolver(container));
+ // Configure ASP.NET MVC 5.2 to use Autofac when activating controller instances
+ // and infer the Web API routes using the HTTP attributes used in the controllers.
+ var configuration = new HttpConfiguration
+ {
+ DependencyResolver = new AutofacWebApiDependencyResolver(container)
+ };
+
+ configuration.MapHttpAttributeRoutes();
+
+ // Register the Autofac Web API integration and Web API middleware.
+ app.UseAutofacWebApi(configuration);
+ app.UseWebApi(configuration);
+
// Seed the database with the sample client using the OpenIddict application manager.
// Note: in a real world application, this step should be part of a setup script.
Task.Run(async delegate
@@ -157,6 +172,9 @@ namespace OpenIddict.Sandbox.AspNet.Server
// Register the MVC controllers.
builder.RegisterControllers(typeof(Startup).Assembly);
+ // Register the Web API controllers.
+ builder.RegisterApiControllers(typeof(Startup).Assembly);
+
return builder.Build();
}
}
diff --git a/sandbox/OpenIddict.Sandbox.AspNet.Server/Web.config b/sandbox/OpenIddict.Sandbox.AspNet.Server/Web.config
index 00bc9860..d786831b 100644
--- a/sandbox/OpenIddict.Sandbox.AspNet.Server/Web.config
+++ b/sandbox/OpenIddict.Sandbox.AspNet.Server/Web.config
@@ -130,6 +130,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+